Received: by 2002:ac0:a5b6:0:0:0:0:0 with SMTP id m51-v6csp1865285imm; Sat, 2 Jun 2018 10:50:45 -0700 (PDT) X-Google-Smtp-Source: ADUXVKI0tio7ACcBHsPG4SMccIopzigegD2QlYNzAQ/xovLmx9zCZYYdr+y2RJW1sA7L6/d2izsU X-Received: by 2002:a17:902:d24:: with SMTP id 33-v6mr15421359plu.22.1527961845235; Sat, 02 Jun 2018 10:50:45 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1527961845; cv=none; d=google.com; s=arc-20160816; b=mdDzVxeGykukA+AyDtsJGYrpVPrumklb8OKbES9GF7a8EJi357MALoo7ugZpaQqPJX nOwkyY0+W115UIfwiN6qoVYev1Y9FmdXUI7+g8GPDLK6+Cn0P0Qd64b2EJKomxNIXsDv J3NFZ7iFPPT8vbwuOT7SJddz7d4prJTeS15Cl+EnLSvyUvyk8SdxzcpwybZm1L8OXPzD rmhx76vgVF4KlsOVz9/uprxrzIkm8r7ivTlQ6qcm5legD+iwwPadBOCuqD+1g2Vo4aJD yfx02Jq653ioUrBjIUh1p/f2+C3OsmimBKrKXz1O7sA9LID8WwUsejVQNcsd0BonF3f6 Lh2w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:arc-authentication-results; bh=/uY8WaerW9it6yklGFOQgn4Njs5oQE5MUZtZeb9Nzkk=; b=utMRdIkRqAjhHvQhrp0HBivAp89wIffOKrO0Nxc5igg78nS387SDY+TtJSeDsbkygO LQl5JL+pzNdfCLENV0vpVZRibjaJOgC0t+7aArdh1ZPnEggyZ6gpTFoKJonBpmETQOSD bxuXHqcpg7pPMR2slwgHx3Y9qOy4hsAdt/CgJAC4z8KMNSVZP6Nw+Aof1OzmN1dm+gzN ey7TwDk8SkMgIMfR0MWpOeft0g4zSBX8DScLBC4jYjuDpPm5gEXzheoQfjjxX1Hizrth 1VIoalOwG8WbZJSri49XCCQgEvcBqgqViDPSlcXUjse7cwyifpeeJ+ED08spBlBOOHwI tUhA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id t29-v6si15055889pfg.114.2018.06.02.10.50.29; Sat, 02 Jun 2018 10:50:45 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751718AbeFBRuE (ORCPT + 99 others); Sat, 2 Jun 2018 13:50:04 -0400 Received: from zeniv.linux.org.uk ([195.92.253.2]:46792 "EHLO ZenIV.linux.org.uk" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750740AbeFBRuC (ORCPT ); Sat, 2 Jun 2018 13:50:02 -0400 Received: from viro by ZenIV.linux.org.uk with local (Exim 4.87 #1 (Red Hat Linux)) id 1fPAf8-0002yP-3D; Sat, 02 Jun 2018 17:49:58 +0000 Date: Sat, 2 Jun 2018 18:49:58 +0100 From: Al Viro To: David Howells Cc: Christoph Hellwig , linux-fsdevel@vger.kernel.org, linux-afs@lists.infradead.org, linux-kernel@vger.kernel.org, linux-api@vger.kernel.org Subject: Re: [PATCH 30/32] vfs: Allow cloning of a mount tree with open(O_PATH|O_CLONE_MOUNT) [ver #8] Message-ID: <20180602174957.GX30522@ZenIV.linux.org.uk> References: <20180602040434.GW30522@ZenIV.linux.org.uk> <20180601063928.GS30522@ZenIV.linux.org.uk> <152720672288.9073.9868393448836301272.stgit@warthog.procyon.org.uk> <152720691829.9073.10564431140980997005.stgit@warthog.procyon.org.uk> <20180601062654.GA32397@infradead.org> <7067.1527841663@warthog.procyon.org.uk> <20180602030913.GU30522@ZenIV.linux.org.uk> <20180602034255.GV30522@ZenIV.linux.org.uk> <21804.1527954321@warthog.procyon.org.uk> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <21804.1527954321@warthog.procyon.org.uk> User-Agent: Mutt/1.9.1 (2017-09-22) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sat, Jun 02, 2018 at 04:45:21PM +0100, David Howells wrote: > Al Viro wrote: > > > TBH, I would probably prefer separate mount_setattr(2) for that kind > > of work, with something like > > int mount_setattr(int dirfd, const char *path, int flags, int attr) > > *not* opening any files. > > flags: > > AT_EMPTY_PATH, AT_NO_AUTOMOUNT, AT_RECURSIVE > > I would call these MOUNT_SETATTR_* rather than AT_*. Why? AT_EMPTY_PATH/AT_NO_AUTOMOUNT are common with other ...at() syscalls; AT_RECURSIVE - maybe, but it's still more like AT_... namespace fodder, IMO. > > attr: > > MOUNT_SETATTR_DEV (1<<0) > > MOUNT_SETATTR_NODEV (1<<0)|(1<<1) > > MOUNT_SETATTR_EXEC (1<<2) > > MOUNT_SETATTR_NOEXEC (1<<2)|(1<<3) > > MOUNT_SETATTR_SUID (1<<4) > > MOUNT_SETATTR_NOSUID (1<<4)|(1<<5) > > MOUNT_SETATTR_RW (1<<6) > > MOUNT_SETATTR_RO (1<<6)|(1<<7) > > MOUNT_SETATTR_RELATIME (1<<8) > > MOUNT_SETATTR_NOATIME (1<<8)|(1<<9) > > MOUNT_SETATTR_NODIRATIME (1<<8)|(2<<9) > > MOUNT_SETATTR_STRICTATIME (1<<8)|(3<<9) > > MOUNT_SETATTR_PRIVATE (1<<11) > > MOUNT_SETATTR_SHARED (1<<11)|(1<<12) > > MOUNT_SETATTR_SLAVE (1<<11)|(2<<12) > > MOUNT_SETATTR_UNBINDABLE (1<<11)|(3<<12) > > So, I like this generally, some notes though: > > I wonder if this should be two separate parameters, a mask and the settings? > I'm not sure that's worth it since some of the mask bits would cover multiple > settings. Nah, better put those bits in the same word, as in above. Here bits 0, 2, 4, 6, 8 and 11 tell which attributes are to be modified, with values to set living in bits 1, 3, 5, 7, 9--10 and 12--13. Look at the constants above.. > Also, should NODIRATIME be separate from the other *ATIME flags? I do also > like treating some of these settings as enumerations rather than a set of > bits. Huh? That's precisely what I'm doing there: bit 8 is "want to change atime settings", bits 9 and 10 hold a 4-element enumeration (rel/no/nodir/strict). Similar for propagation settings (bit 11 indicates that we want to set those, bits 12 and 13 - 4-element enum)... > I would make the prototype: > > int mount_setattr(int dirfd, const char *path, > unsigned int flags, unsigned int attr, > void *reserved5); > > Further, do we want to say you can either change the propagation type *or* > reconfigure the mountpoint restrictions, but not both at the same time? Why? MOUNT_SETATTR_PRIVATE | MOUNT_NOATIME | MOUNT_SUID, i.e. 00101100010000, i.e. 0xb10 for "turn nosuid off, switch atime polcy to noatime, change propagation to private, leave everything else as-is"... And for fsck sake, what's that "void *reserved5" for? > > With either openat() used as in this series, or explicit > > int open_tree(int dirfd, const char *path, int flags) > > Maybe open_mount(), grab_mount() or pick_mount()? > > I wonder if fsopen()/fspick() should be create_fs()/open_fs()... > > > returning a descriptor, with flags being > > AT_EMPTY_PATH, AT_NO_AUTOMOUNT, AT_RECURSIVE, AT_CLONE > > with AT_RECURSIVE without AT_CLONE being an error. > > You also need an O_CLOEXEC equivalent. Point. > I would make it: > > OPEN_TREE_CLOEXEC 0x00000001 Why not O_CLOEXEC, as with epoll_create()/timerfd_create()/etc.? > OPEN_TREE_EMPTY_PATH 0x00000002 > OPEN_TREE_FOLLOW_SYMLINK 0x00000004 > OPEN_TREE_NO_AUTOMOUNT 0x00000008 Why? How are those different from normal AT_EMPTY_PATH/AT_NO_AUTOMOUNT? > OPEN_TREE_CLONE 0x00000010 > OPEN_TREE_RECURSIVE 0x00000020 > > adding the follow-symlinks so that you don't grab a symlink target by > accident. (Can you actually mount on top of a symlink?) You can't - mount(2) uses LOOKUP_FOLLOW for mountpoint (well, user_path(), actually). > > Hell, might even add AT_UMOUNT for "open root and detach, to be dissolved on > > close", incompatible with AT_CLONE. > > Cute. Guess you could do: > > fd = open_mount(..., OPEN_TREE_DETACH); > mount_setattr(fd, "", > MOUNT_SETATTR_EMPTY_PATH, > MOUNT_SETATTR_NOSUID, NULL); > move_mount(fd, "", ...);