Re: [PATCH 00/32] VFS: Introduce filesystem context [ver #9]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, Jul 10, 2018 at 3:41 PM David Howells <dhowells@xxxxxxxxxx> wrote:
>
> Here are a set of patches to create a filesystem context prior to setting
> up a new mount, populating it with the parsed options/binary data, creating
> the superblock and then effecting the mount.  This is also used for remount
> since much of the parsing stuff is common in many filesystems.
>
> This allows namespaces and other information to be conveyed through the
> mount procedure.
>
> This also allows Miklós Szeredi's idea of doing:
>
>         fd = fsopen("nfs");
>         write(fd, "option=val", ...);
>         mfd = fsmount(fd, MS_NODEV);
>         move_mount(mfd, "", AT_FDCWD, "/mnt", MOVE_MOUNT_F_EMPTY_PATH);
>
> that he presented at LSF-2017 to be implemented (see the relevant patches
> in the series).

All your documentation (both commit logs, man-pages and in-kernel
actual docs you add) only talk about "what".

They don't talk about _why_.

I can imagine why's. But I think that the "why" is actually way mnore
important than the what. At no point did I see a "this is the current
interface, and it doesn't work for xyz, so here's the new interface
that allows us to do stuff".

When you have a diffstat like this:

 171 files changed, 7147 insertions(+), 1805 deletions(-)

I sure want to see an explanation for *WHY* it adds 5000+ lines of core code.

Also, I want to hear about sane security models. One of the things
people really want to do is have users do their own mounts. We've had
security issues in that area. Why does this improve on it, or make it
even worse?

And by "secuyrity models" I absolutely do not mean "here's how you can
do complex smack rules for it".

                 Linus




[Index of Archives]     [Linux Ext4 Filesystem]     [Union Filesystem]     [Filesystem Testing]     [Ceph Users]     [Ecryptfs]     [AutoFS]     [Kernel Newbies]     [Share Photos]     [Security]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux Cachefs]     [Reiser Filesystem]     [Linux RAID]     [Samba]     [Device Mapper]     [CEPH Development]

  Powered by Linux