Received: by 2002:ac0:a5a7:0:0:0:0:0 with SMTP id m36-v6csp571948imm; Fri, 10 Aug 2018 17:30:21 -0700 (PDT) X-Google-Smtp-Source: AA+uWPxot9pODS+CW6NtHxf1PDO2ikOG3n28Y3SbTYwLo9EMiw38TRsSnVW6b1zeGbP8dwSFKJaR X-Received: by 2002:a62:198e:: with SMTP id 136-v6mr9231391pfz.103.1533947421338; Fri, 10 Aug 2018 17:30:21 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1533947421; cv=none; d=google.com; s=arc-20160816; b=rWVeI7MtUGdU1KRdEVkGrPBTHarDJVt2EZf5sKoRDqXp/ljnF6jhDf3rnocAbS54Pi 9cHadDS1ygJz1EHXZnTtRF2t3utOANIiryQ9J/MeYO41H4eXs4puSQMWI5vWndWSFfdY ybRbNHp1vPgSqIj6MD6REMXXgFBDZDDUGFSdAqf7TDaYqU7xK6UcceloRJrpr48xBu/+ 0xDbJEP2AF1m8+JYomkIBJxMUXXS73ZZE7CK7zFGOQPRsFjhCtSf7VUo3njyFojs97g1 vJ/ZHYPyjyCXp1cIeOI8RXxCyGQQj+CGVAGXWObVqsYuFFmQuOcYOFDUhzZVZ0sOqyUm itzw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:subject:mime-version:user-agent :message-id:in-reply-to:date:references:cc:to:from :arc-authentication-results; bh=13aPTZzxJv7+tYWIBKH1hvm1GHG3cli7gTZUh4cv/a8=; b=pMB5jH1mtPO6mxeXVT5vW5qPGz/bhaC5b8TeaRlg6PSfGRHvk7oZc+Us+4zgSAJgIm pmDuI+nCbIPCE56aEVGPcabSI1zxltyIcVk1xBI0+/qcw1GEQi75OJAklVd0cAYDaPOD o3hpOuf5qcNvrD7k//zwxXtB60QUSSc/DpnMqL40ya4otqh00BiI8pFVmu+pTE7E9EZ3 2TqiFljzpjL/aI6saL5X4N6FUEHlUafk0zhw0bjxh8b91iJSlemmdd3ZN6qUuEgLdW8X r+6STuAk2yskCYU93je9ahskz34AFmcPhqHohPJhdCa51HqL49Enl7kr4d5NN+BGoPl7 sTJg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id a8-v6si9352357plm.75.2018.08.10.17.29.53; Fri, 10 Aug 2018 17:30:21 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727235AbeHKDAl (ORCPT + 99 others); Fri, 10 Aug 2018 23:00:41 -0400 Received: from out03.mta.xmission.com ([166.70.13.233]:43344 "EHLO out03.mta.xmission.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727138AbeHKDAl (ORCPT ); Fri, 10 Aug 2018 23:00:41 -0400 Received: from in02.mta.xmission.com ([166.70.13.52]) by out03.mta.xmission.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.87) (envelope-from ) id 1foHlR-0005cO-Au; Fri, 10 Aug 2018 18:28:17 -0600 Received: from [97.119.167.31] (helo=x220.xmission.com) by in02.mta.xmission.com with esmtpsa (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.87) (envelope-from ) id 1foHlQ-0001fM-Dt; Fri, 10 Aug 2018 18:28:17 -0600 From: ebiederm@xmission.com (Eric W. Biederman) To: "Theodore Y. Ts'o" Cc: David Howells , viro@zeniv.linux.org.uk, John Johansen , Tejun Heo , selinux@tycho.nsa.gov, Paul Moore , Li Zefan , linux-api@vger.kernel.org, apparmor@lists.ubuntu.com, Casey Schaufler , fenghua.yu@intel.com, Greg Kroah-Hartman , Eric Biggers , linux-security-module@vger.kernel.org, Tetsuo Handa , Johannes Weiner , Stephen Smalley , tomoyo-dev-en@lists.sourceforge.jp, cgroups@vger.kernel.org, torvalds@linux-foundation.org, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, Miklos Szeredi References: <20180810153902.GH21087@thunk.org> <87d0uqpba5.fsf@xmission.com> <153313703562.13253.5766498657900728120.stgit@warthog.procyon.org.uk> <22361.1533913891@warthog.procyon.org.uk> <28045.1533916438@warthog.procyon.org.uk> <20180810161400.GA627@thunk.org> Date: Fri, 10 Aug 2018 19:28:00 -0500 In-Reply-To: <20180810161400.GA627@thunk.org> (Theodore Y. Ts'o's message of "Fri, 10 Aug 2018 12:14:00 -0400") Message-ID: <87bma9oigf.fsf@xmission.com> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.1 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-XM-SPF: eid=1foHlQ-0001fM-Dt;;;mid=<87bma9oigf.fsf@xmission.com>;;;hst=in02.mta.xmission.com;;;ip=97.119.167.31;;;frm=ebiederm@xmission.com;;;spf=neutral X-XM-AID: U2FsdGVkX1+Yp1iyvwgqhEviaB7XCawr7/9SZazFcvo= X-SA-Exim-Connect-IP: 97.119.167.31 X-SA-Exim-Mail-From: ebiederm@xmission.com X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on sa01.xmission.com X-Spam-Level: X-Spam-Status: No, score=-0.2 required=8.0 tests=ALL_TRUSTED,BAYES_50, DCC_CHECK_NEGATIVE,T_TM2_M_HEADER_IN_MSG autolearn=disabled version=3.4.0 X-Spam-Report: * -1.0 ALL_TRUSTED Passed through trusted hosts only via SMTP * 0.0 T_TM2_M_HEADER_IN_MSG BODY: No description available. * 0.8 BAYES_50 BODY: Bayes spam probability is 40 to 60% * [score: 0.4999] * -0.0 DCC_CHECK_NEGATIVE Not listed in DCC * [sa01 1397; Body=1 Fuz1=1 Fuz2=1] X-Spam-DCC: XMission; sa01 1397; Body=1 Fuz1=1 Fuz2=1 X-Spam-Combo: ;"Theodore Y. Ts'o" X-Spam-Relay-Country: X-Spam-Timing: total 550 ms - load_scoreonly_sql: 0.05 (0.0%), signal_user_changed: 3.6 (0.6%), b_tie_ro: 2.5 (0.5%), parse: 1.27 (0.2%), extract_message_metadata: 4.9 (0.9%), get_uri_detail_list: 2.3 (0.4%), tests_pri_-1000: 8 (1.5%), tests_pri_-950: 2.1 (0.4%), tests_pri_-900: 1.76 (0.3%), tests_pri_-400: 39 (7.1%), check_bayes: 37 (6.8%), b_tokenize: 16 (2.8%), b_tok_get_all: 9 (1.6%), b_comp_prob: 5 (0.9%), b_tok_touch_all: 3.8 (0.7%), b_finish: 0.76 (0.1%), tests_pri_0: 457 (83.2%), check_dkim_signature: 0.91 (0.2%), check_dkim_adsp: 4.4 (0.8%), tests_pri_500: 10 (1.8%), rewrite_mail: 0.00 (0.0%) Subject: Re: BUG: Mount ignores mount options X-Spam-Flag: No X-SA-Exim-Version: 4.2.1 (built Thu, 05 May 2016 13:38:54 -0600) X-SA-Exim-Scanned: Yes (on in02.mta.xmission.com) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org "Theodore Y. Ts'o" writes: > On Fri, Aug 10, 2018 at 04:53:58PM +0100, David Howells wrote: >> Theodore Y. Ts'o wrote: >> >> > Even *with* file system support, there's no way today for the VFS to >> > keep track of whether a pathname resolution came through one >> > mountpoint or another, so I can't do something like this: >> >> However, the case folding stuff - is that a superblockism of a mountpointism? > > It's a superblock-ism. As far as I know the *only* thing that we can > support as a mount-pointism is the ro flag, and that's handled as a > special case, and only if the original superblock was mounted > read/write. ey That was my point; aside from the ro flag, we can't > support any other mount options as a per-mount point thing, so the > only thing we can do is to fail the mount if there are conflicting > mount options. And I'm not really sure it helps the container use > case, since the whole point is they want their "guest" to be able to > blithely run "mount /dev/sda1 -o noxattr /mnt" and not worry about the > fact that in some other container, someone had run "mount /dev/sda1 -o > xattr /mnt". But having the second mount fail because of conflicting > mount option breaks the illusion that containers are functionally as > rich as VM's. Ted this isn't about some container case. It about the fact that practically every filesystem in the kernel has the behavior I have described and it means that if root is not super careful root will shoot himself in the foot with the shotgun we have pointed there. It really is about loosing acls or some other filesystem option. Eric