Andy Lutomirski <luto@xxxxxxxxxxxxxx> wrote:
> fsconfigure(contextfd, ADD_BLOCKDEV, dfd, path, flags);
>
> fsconfigure(contextfd, ADD_OPTION, 0, “foo=bar”, flags);
That seems okayish. I'm not sure we need the flags, but I do want to allow
for binary data in an option. So perhaps something like:
int fsconfig(int fd, unsigned int type,
const char *key, const void *val, size_t val_len);
for example:
fd = fsopen("ext4", FSOPEN_CLOEXEC);
fsconfig(fd, fsconfig_blockdev, "dev.data", "/dev/sda1", ...);
fsconfig(fd, fsconfig_blockdev, "dev.journal", "/dev/sda2", ...);
fsconfig(fd, fsconfig_option, "user_xattr", NULL, ...);
fsconfig(fd, fsconfig_option, "errors", "continue", ...);
fsconfig(fd, fsconfig_option, "data", "journal", ...);
fsconfig(fd, fsconfig_security, "selinux.context", "unconfined_u:...");
fsconfig(fd, fsconfig_create, NULL, NULL, 0);
mfd = fsmount(fd, FSMOUNT_CLOEXEC, MS_NOEXEC);
or:
fd = fsopen("nfs", FSOPEN_CLOEXEC);
fsconfig(fd, fsconfig_namespace, "user", "<usernsfd>", ...);
fsconfig(fd, fsconfig_namespace, "net", "<netnsfd>", ...);
fsconfig(fd, fsconfig_option, "server", "foo.com", ...);
fsconfig(fd, fsconfig_option, "root", "/bar", ...);
fsconfig(fd, fsconfig_option, "soft", NULL, ...);
fsconfig(fd, fsconfig_option, "retry", "3", ...);
fsconfig(fd, fsconfig_option, "wsize", "4096", ...);
fsconfig(fd, fsconfig_uidmap, "dhowells", "1234", ...);
fsconfig(fd, fsconfig_security, "selinux.context", "unconfined_u:...");
fsconfig(fd, fsconfig_create, NULL, NULL, 0);
mfd = fsmount(fd, FSMOUNT_CLOEXEC, MS_NOEXEC);
This does mean that userspace has to work harder, though, but it would
simplify the LSM interface internally.
Al Viro <viro@xxxxxxxxxxxxxxxx>
> First of all, block device *IS* a fucking option.
Whilst that is true, I still need to be able to separate it out for
unconverted filesystems.
David
