On Tue, Feb 25, 2020 at 4:29 PM James Bottomley <James.Bottomley@xxxxxxxxxxxxxxxxxxxxx> wrote: > The other thing a file descriptor does that sysfs doesn't is that it > solves the information leak: if I'm in a mount namespace that has no > access to certain mounts, I can't fspick them and thus I can't see the > information. By default, with sysfs I can. That's true, but procfs/sysfs has to deal with various namespacing issues anyway. If this is just about hiding a number of entries, then I don't think that's going to be a big deal. The syscall API is efficient: single syscall per query instead of several, no parsing necessary. However, it is difficult to extend, because the ABI must be updated, possibly libc and util-linux also, so that scripts can also consume the new parameter. With the sysfs approach only the kernel needs to be updated, and possibly only the filesystem code, not even the VFS. So I think the question comes down to: do we need a highly efficient way to query the superblock parameters all at once, or not? Thanks, Miklos