Re: [PATCH] block: Add config option to not allow writing to mounted devices

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: Christian Brauner <brauner@xxxxxxxxxx>
Subject: Re: [PATCH] block: Add config option to not allow writing to mounted devices
From: Christoph Hellwig <hch@xxxxxxxxxxxxx>
Date: Wed, 14 Jun 2023 00:07:26 -0700
Cc: Jan Kara <jack@xxxxxxx>, Colin Walters <walters@xxxxxxxxxx>, Bart Van Assche <bvanassche@xxxxxxx>, Jens Axboe <axboe@xxxxxxxxx>, linux-block@xxxxxxxxxxxxxxx, Christoph Hellwig <hch@xxxxxxxxxxxxx>, Dmitry Vyukov <dvyukov@xxxxxxxxxx>, "Theodore Ts'o" <tytso@xxxxxxx>, yebin <yebin@xxxxxxxxxxxxxxx>, linux-fsdevel@xxxxxxxxxxxxxxx
In-reply-to: <20230614-talent-davor-e447eb7bcd93@brauner>

On Wed, Jun 14, 2023 at 09:05:41AM +0200, Christian Brauner wrote:
> > I kind of like the flexibility of device cgroups but it does not seem to
> 
> Let's not bring in device cgroups here just yet. They're an optional LSM
> security measure while your change is more fundamental which is the
> right thing to do imho.

Yes.  That last thing we need is hiding fundamentally security tradeoffs
in weird optional corners of the kernel.

References:
- [PATCH] block: Add config option to not allow writing to mounted devices
  - From: Jan Kara
- Re: [PATCH] block: Add config option to not allow writing to mounted devices
  - From: Jan Kara
- Re: [PATCH] block: Add config option to not allow writing to mounted devices
  - From: Bart Van Assche
- Re: [PATCH] block: Add config option to not allow writing to mounted devices
  - From: Colin Walters
- Re: [PATCH] block: Add config option to not allow writing to mounted devices
  - From: Jan Kara
- Re: [PATCH] block: Add config option to not allow writing to mounted devices
  - From: Christian Brauner

Prev by Date: Re: [PATCH] block: Add config option to not allow writing to mounted devices
Next by Date: [PATCH v2] poll: Fix use-after-free in poll_freewait()
Previous by thread: Re: [PATCH] block: Add config option to not allow writing to mounted devices
Next by thread: Re: [PATCH] block: Add config option to not allow writing to mounted devices
Index(es):
- Date
- Thread

[Index of Archives] [Linux Ext4 Filesystem] [Union Filesystem] [Filesystem Testing] [Ceph Users] [Ecryptfs] [NTFS 3] [AutoFS] [Kernel Newbies] [Share Photos] [Security] [Netfilter] [Bugtraq] [Yosemite News] [MIPS Linux] [ARM Linux] [Linux Security] [Linux Cachefs] [Reiser Filesystem] [Linux RAID] [NTFS 3] [Samba] [Device Mapper] [CEPH Development]