Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S934219AbcCIVSk (ORCPT ); Wed, 9 Mar 2016 16:18:40 -0500 Received: from youngberry.canonical.com ([91.189.89.112]:38843 "EHLO youngberry.canonical.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S934101AbcCIVSY (ORCPT ); Wed, 9 Mar 2016 16:18:24 -0500 Date: Wed, 9 Mar 2016 21:18:20 +0000 From: Serge Hallyn To: "Eric W. Biederman" Cc: Seth Forshee , linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH 0/2] Fix debugfs bind mount regression Message-ID: <20160309211820.GA29848@ubuntumail> References: <1457536687-32794-1-git-send-email-seth.forshee@canonical.com> <87oaanz7w4.fsf@x220.int.ebiederm.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <87oaanz7w4.fsf@x220.int.ebiederm.org> User-Agent: Mutt/1.5.21 (2010-09-15) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1751 Lines: 33 Quoting Eric W. Biederman (ebiederm@xmission.com): > Seth Forshee writes: > > > Some full-OS container software bind mounts debugfs into containers to > > satisfy the assumptions of older userspaces which expect to be able to > > mount debugfs. This regressed in 4.1 due to the addition of tracefs, > > which gets automounted in the tracing subdirectory of debugfs. In a > > cloned mount namespace the bind mount now fails because the tracefs > > mount is a locked child of the debugfs mount. > > > > For new mounts we already make an exception to the "locked child mount" > > rule. Directories in psuedo filesystems created for the sole purpose of > > being mountpoints are created as permanently empty directories which can > > never contain any entries, therefore the kernel can know than any mounts > > on these directories are not for security purposes. These mounts are > > then excluded from locked mount tests in some circumstances. > > > > The same logic clearly applies to directories created in > > debugfs_create_automount(). The following patches update this function > > to create permanently empty directories for mountpoints and adds an > > exclusion to the tests for bind mounts to exclude child mounts on > > permanently empty directories. > > So I don't know that this approach is bad. However in reading through > your patch descriptions I do not see any consideration of using > "mount --rbind" instead of "mount --bind". AKA adding the MS_REC flag > to your bind mount. > > I would think simply using MS_REC would solve this problem, without > needing any additional kernel support. Am I missing something? That's what we're doing to work around it fwiw, but it would be nice to not have to.