On Sun, Oct 8, 2017 at 5:15 PM, Ram Pai <linuxram@xxxxxxxxxx> wrote: >> >> One thing that I don't plan to use, but might be worth thinking about is >> `slave + RW + STICKY` combination. If `master` mounts something RO, >> and `slave` >> is `RW + STICKY`, should the mount appear RW inside the slave? I don't >> find it particularly useful, >> but still... > > As per the implemented semantics it will become "RW". Should it be "RO" > aswell? Will that open up security holes? It is a mechanism that could be used to potentially increase the scope of privileges, which is a fertile ground for security issues. There is some room for using it to circumvent mechanisms that were unaware of this new feature. I guess for this reason alone, it might be worth limiting to RO only.l >> >> Another thing that popped into my head: Is it worth considering any >> dynamic changes to `slave`'s >> RO status? It complicates everything a lot (it seems to me), since it >> adds a retroactive >> dynamic propagation. I don't currently have any plans to use it, but I >> could imagine scenarios >> in which a slave mount with all it's sub-mounts is remounted from RO >> to RW, in response to >> some external authorization trigger. > > The sematics should be something like this. Check if it makes sense. > > a) anything mounted under stick-mount will be a sticky-mount and will > inherit the mount's access-attribute;i.e RO RW attribute. > b) a mount when made sticky will propagate its sticky attribute > as well as its access-attribute recursively to its children > c) anything mounted under non-sticky mount will not inherit the > mount's access-attribute and will be non-sticky aswell. > d) a mount when made non-sticky will just change itself to non-sticky. > (will NOT propagate its non-sticky attribute and its > access-attribue recursively to its children.) a), b) and c), seem uncontroversial. d) seems OK, but I'm unsure as it is asymmetrical to b). Both recursive and non-recursive D seem to make sense. I'm just unsure if any is more useful than the other. What happens when a sticky RO slave mount is remounted as RW? Does it loose stickiness? Does this change propagate to its children? Another angle, that just appeared to me: If we have a double link A (master) -> (slave) B (master) -> (slave) C If A is RW and B is RO + sticky, does mount propagated to C will also be RO? It seems to me it should. Regards, Dawid
