On Wed, Jul 15, 2020 at 04:56:45PM +0300, Amir Goldstein wrote: > > > TBH I never really understood the thread that led to redirect_dir=nofollow. > > > I don't think anyone has presented a proper use case that can be discussed, > > > > IIUC, idea was that automated mounting can mount a handcrafted upper on > > usb hence allow access to directories on host which are otherwise > > inaccessible. > > > > That is an *idea* described by hand waving. > That is not a threat I can seriously comment on. > How exactly is that USB auto mounted? where to? > How is that related to overlay? > > > > so I just treat this config option as "paranoia" or "don't give me anything that > > > very old overlay did not give me". > > > Therefore I suggested piggybacking on it. > > > > Even if it is paranoia, put more unrelated checks under this option does > > not make much sense to me. It will make things just more confusing. > > > > Anyway, redirect_dir=nofollow is a thing of past. Now if you want to > > not follow origin, then we first need to have a genuine explanation > > of why to do that (and not be driven by just paranoia). > > > > > Of course if we do, we will need to document that. > > > > redirect_dir=nofollow resulting in origin not being followed is plain > > unintuitive to me. Why not introduce another option if not following > > origin is so important. > > > > Because cluttering the user with more and more config options for > minor and mostly unimportant behaviors is not ideal either. > See what Kconfig help has to say about the config option: > > config OVERLAY_FS_REDIRECT_ALWAYS_FOLLOW > bool "Overlayfs: follow redirects even if redirects are turned off" > default y > > Disable this to get a possibly more secure configuration, but that > might not be backward compatible with previous kernels. > > That is a VERY generic description that fits not following origin very > well IMO, and not following unverified dir origin as well for that matter. > Nobody outside overlayfs developers knows what "redirects" means > anyway. To me, following non-dir origin sounds exactly the same > as following non-dir metacopy redirect or dir redirect. It's just the > implementation details that differ. > > So my claim is that we *can* piggyback on it because I really > don't believe anybody is using this config out there for anything > other than "to be on the safe side". On one hand you are saying redirect=nofollow is paranoia, most people don't understand it and don't use it. And on top of that you want to add more to it. Adding more to something which nobody does not understand and uses, sounds like more trouble to me. Anyway, before we go further into this, what's the use case. Why do you want to provide option to disable following origin for non-dir? Thanks Vivek > > But I do not make the calls here and it doesn't look like I managed > to convince you to take my side of the argument :-) > > Thanks, > Amir. >