On Sat, Jun 23, 2007 at 09:52:46AM -0700, Andrew Morton wrote: > Doesn't selinux do some of this? No. > My overall reaction: owch. There's a ton of tricksy code here and great > potential for us to accidentally break it in the future by forgetting a > mnt_may_write() as the kernel evolves. And then there's the added > complexity and the added runtime overhead. Most of the code is not actually implementing per-mountpoint r/o but fixing the way we deal with mount -o remount,ro and the general writeability state of a filesystem. Theres been a huge racy window before which is fixed. And it lays the groundwork for interesting new things like the posibility for the filesystem to revert to r/o after it's not been written to for a while. There's been a plain r/o bindmounts patch from the vserver folks that's a lot smaller because it doesn't fix the problems (and actually widens them a little) > > Balance that against some pretty obscure-looking benefits and I'm > struggling to see how a merge is justifiable? It's a feature people have been asking for a long time, just about a month ago there has been a lenghty thread on the nfs list about the requirement. And it only gets more important (not to say absolutely essential) for full containers support, where you really don't want your untrusted container to able to write into the shared /usr. - To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
