Andy Lutomirski <luto@xxxxxxxxxxxxxx> writes: > On Mon, Jun 20, 2016 at 10:21 AM, Eric W. Biederman > <ebiederm@xxxxxxxxxxxx> wrote: >> Replace the call of fs_fully_visible in do_new_mount from before the >> new superblock is allocated with a call of mount_too_revealing after >> the superblock is allocated. This winds up being a much better location >> for maintainability of the code. >> >> The first change this enables is the replacement of FS_USERNS_VISIBLE >> with SB_I_USERNS_VISIBLE. Moving the flag from struct filesystem_type >> to sb_iflags on the superblock. > > Why is this useful? A couple of reasons. - It helps clean up do_new_mount which is currently so overloaded by special cases that it is difficult to see the core logic. - It makes the check about the actual superblock that is being mounted rather than the superblock that might be mounted. - The practical place where being about the actual superblock that is being mounted helps is that in "11/13 mnt: Simplify mount_too_revealing" that removes the MNT_LOCK_NOSUID MNT_LOCK_NOEXEC and MNT_LOCK_NODEV tests from the code, while verify that those tests are not needed because the sb_iflags contains SB_I_NOEXEC and SB_I_NODEV. - The conceptual change of testing once the superblock has been generated makes changes like the one above much more sensible and it helps untangle mount namespace versus superblock concerns. That last is a big part of what this patchset is about. When do we care about the superblock and when do we care about the mount namespace. Eric -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
