Re: [PATCH review 02/13] mnt: Refactor fs_fully_visible into mount_too_revealing

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Andy Lutomirski <luto@xxxxxxxxxxxxxx> writes:

> On Mon, Jun 20, 2016 at 10:21 AM, Eric W. Biederman
> <ebiederm@xxxxxxxxxxxx> wrote:
>> Replace the call of fs_fully_visible in do_new_mount from before the
>> new superblock is allocated with a call of mount_too_revealing after
>> the superblock is allocated.   This winds up being a much better location
>> for maintainability of the code.
>>
>> The first change this enables is the replacement of FS_USERNS_VISIBLE
>> with SB_I_USERNS_VISIBLE.  Moving the flag from struct filesystem_type
>> to sb_iflags on the superblock.
>
> Why is this useful?

A couple of reasons.
- It helps clean up do_new_mount which is currently so overloaded by
  special cases that it is difficult to see the core logic.

- It makes the check about the actual superblock that is being mounted
  rather than the superblock that might be mounted.

- The practical place where being about the actual superblock that is
  being mounted helps is that in "11/13 mnt: Simplify mount_too_revealing"
  that removes the MNT_LOCK_NOSUID MNT_LOCK_NOEXEC and MNT_LOCK_NODEV
  tests from the code, while verify that those tests are not needed
  because the sb_iflags contains SB_I_NOEXEC and SB_I_NODEV.

- The conceptual change of testing once the superblock has been
  generated makes changes like the one above much more sensible
  and it helps untangle mount namespace versus superblock concerns.

That last is a big part of what this patchset is about.  When do we care
about the superblock and when do we care about the mount namespace.

Eric

--
To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html



[Index of Archives]     [Linux Ext4 Filesystem]     [Union Filesystem]     [Filesystem Testing]     [Ceph Users]     [Ecryptfs]     [AutoFS]     [Kernel Newbies]     [Share Photos]     [Security]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux Cachefs]     [Reiser Filesystem]     [Linux RAID]     [Samba]     [Device Mapper]     [CEPH Development]
  Powered by Linux