On 11/1/23 11:43 AM, Jan Kara wrote: > Hello! > > This is the third version of the patches to add config option to not allow > writing to mounted block devices. The new API for block device opening has been > merged so hopefully this patchset can progress towards being merged. We face > some issues with necessary btrfs changes (review bandwidth) so this series is > modified to enable restricting of writes for all other filesystems. Once btrfs > can merge necessary device scanning changes, enabling the support for > restricting writes for it is trivial. > > For motivation why restricting writes to mounted block devices is interesting > see patch 3/7. I've been testing the patches more extensively and I've found > couple of things that get broken by disallowing writes to mounted block > devices: > > 1) "mount -o loop" gets broken because util-linux keeps the loop device open > read-write when attempting to mount it. Hopefully fixable within util-linux. > 2) resize2fs online resizing gets broken because it tries to open the block > device read-write only to call resizing ioctl. Trivial to fix within > e2fsprogs. > 3) Online e2label will break because it directly writes to the ext2/3/4 > superblock while the FS is mounted to set the new label. Ext4 driver > will have to implement the SETFSLABEL ioctl() and e2label will have > to use it, matching what happens for online labelling of btrfs and > xfs. > > Likely there will be other breakage I didn't find yet but overall the breakage > looks minor enough that the option might be useful. Definitely good enough > for syzbot fuzzing and likely good enough for hardening of systems with > more tightened security. For the series: Reviewed-by: Jens Axboe <axboe@xxxxxxxxx> -- Jens Axboe
