Received: by 2002:ac0:a5a7:0:0:0:0:0 with SMTP id m36-v6csp351241imm; Tue, 14 Aug 2018 21:04:33 -0700 (PDT) X-Google-Smtp-Source: AA+uWPzzZp7MUAxi+gGe2reUBUvcvfOjgPaeO5ETIwtqS5VwmL/S4NUS0fCtqVtkPX/QcB3Ahe/S X-Received: by 2002:a62:3703:: with SMTP id e3-v6mr26175738pfa.117.1534305873682; Tue, 14 Aug 2018 21:04:33 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1534305873; cv=none; d=google.com; s=arc-20160816; b=0BAcURDGgg2kVnsk1JDDk5UpQl7Q1clye4t+sH5EMAu/vuxUrCZMP+tiBOYIpKX5Ov wTan4oumHrifQAMxQu5OqWnCTMkfv95kr/jUKYhdHd6tE+q31nZWc4k9MUpHZrMXtwWA RNnBVe64NIKsdYwVkO3dG6XgG6y9lomDNkj01nIN+cqcxQc5Gtq/gLybpMnH+Eqzc+Jb fzf7PE4fiifxL6uKDRyL2J3gaLg89Pam4Nl6FJruZljk36jdOAb0uw7rf902DknOhWKg 8We4EhuM0CPJjzMrOw96z60LZyXJ/0FEcQnQj1LKmpQPngpdvZF762H51zSmLxOzuS/2 1oRQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:subject:mime-version:user-agent :message-id:in-reply-to:date:references:cc:to:from :arc-authentication-results; bh=hQpqyoLfQgFClB0eximerg4qOI1l7xXdu/gJgtAWELE=; b=LiVMjGNO7VNQfTJp1APW80b/HuwXWep5rB9xpCWO5WTmNX09N6DWM5BP24OR5aOBMm lVaEW/cIBUuRz3Q+99pYM/8Gc0y+aghY2FVS/hY7EkRxpKYdS2vYZCegQfWljEU3tnJ3 7E4DfxhLQRyP18aHQm5CiLvXPgFlW9Sudewsm4u/tAww6H+V/RnMUNl07aJqB0boYwcH hyYnbW4GHKvWWaMRZH+Oo2XtDcdPriQa8IJqqw9atXOE8prirtP+svfk/yFVhE+MmU7K ddMlsqREIUtj4ySX+fPlUc5b6t0H68Kc63c6Oea4+BLIZLm+rHH6sUQ5CSiESVgGGQie MT5Q== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id x12-v6si20920334pgj.175.2018.08.14.21.04.18; Tue, 14 Aug 2018 21:04:33 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728741AbeHOGxt (ORCPT + 99 others); Wed, 15 Aug 2018 02:53:49 -0400 Received: from out01.mta.xmission.com ([166.70.13.231]:49234 "EHLO out01.mta.xmission.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728480AbeHOGxt (ORCPT ); Wed, 15 Aug 2018 02:53:49 -0400 Received: from in02.mta.xmission.com ([166.70.13.52]) by out01.mta.xmission.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.87) (envelope-from ) id 1fpn1n-0000Gx-MC; Tue, 14 Aug 2018 22:03:23 -0600 Received: from [97.119.167.31] (helo=x220.xmission.com) by in02.mta.xmission.com with esmtpsa (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.87) (envelope-from ) id 1fpn1n-00007B-3m; Tue, 14 Aug 2018 22:03:23 -0600 From: ebiederm@xmission.com (Eric W. Biederman) To: Casey Schaufler Cc: "Theodore Y. Ts'o" , Al Viro , David Howells , John Johansen , Tejun Heo , selinux@tycho.nsa.gov, Paul Moore , Li Zefan , linux-api@vger.kernel.org, apparmor@lists.ubuntu.com, fenghua.yu@intel.com, Greg Kroah-Hartman , Eric Biggers , linux-security-module@vger.kernel.org, Tetsuo Handa , Johannes Weiner , Stephen Smalley , tomoyo-dev-en@lists.sourceforge.jp, cgroups@vger.kernel.org, torvalds@linux-foundation.org, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, Miklos Szeredi References: <153313703562.13253.5766498657900728120.stgit@warthog.procyon.org.uk> <87d0uqpba5.fsf@xmission.com> <20180810151606.GA6515@ZenIV.linux.org.uk> <87pnypiufr.fsf@xmission.com> <20180811014619.GA14368@thunk.org> <8736vlo6ef.fsf@xmission.com> <001a1608-d0fa-84c1-9c54-ae36df95fd89@schaufler-ca.com> Date: Tue, 14 Aug 2018 23:03:17 -0500 In-Reply-To: <001a1608-d0fa-84c1-9c54-ae36df95fd89@schaufler-ca.com> (Casey Schaufler's message of "Sat, 11 Aug 2018 10:47:50 -0700") Message-ID: <87d0ukjmyi.fsf@xmission.com> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.1 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-XM-SPF: eid=1fpn1n-00007B-3m;;;mid=<87d0ukjmyi.fsf@xmission.com>;;;hst=in02.mta.xmission.com;;;ip=97.119.167.31;;;frm=ebiederm@xmission.com;;;spf=neutral X-XM-AID: U2FsdGVkX1/6JXSadUqNHy+yUkMND0RDRAYIEtspPLg= X-SA-Exim-Connect-IP: 97.119.167.31 X-SA-Exim-Mail-From: ebiederm@xmission.com X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on sa07.xmission.com X-Spam-Level: X-Spam-Status: No, score=-0.2 required=8.0 tests=ALL_TRUSTED,BAYES_50, DCC_CHECK_NEGATIVE,T_TM2_M_HEADER_IN_MSG autolearn=disabled version=3.4.1 X-Spam-Report: * -1.0 ALL_TRUSTED Passed through trusted hosts only via SMTP * 0.0 T_TM2_M_HEADER_IN_MSG BODY: No description available. * 0.8 BAYES_50 BODY: Bayes spam probability is 40 to 60% * [score: 0.5000] * -0.0 DCC_CHECK_NEGATIVE Not listed in DCC * [sa07 1397; Body=1 Fuz1=1 Fuz2=1] X-Spam-DCC: XMission; sa07 1397; Body=1 Fuz1=1 Fuz2=1 X-Spam-Combo: ;Casey Schaufler X-Spam-Relay-Country: X-Spam-Timing: total 234 ms - load_scoreonly_sql: 0.04 (0.0%), signal_user_changed: 2.8 (1.2%), b_tie_ro: 1.92 (0.8%), parse: 0.76 (0.3%), extract_message_metadata: 10 (4.2%), get_uri_detail_list: 1.25 (0.5%), tests_pri_-1000: 6 (2.4%), tests_pri_-950: 1.12 (0.5%), tests_pri_-900: 1.01 (0.4%), tests_pri_-400: 25 (10.7%), check_bayes: 24 (10.2%), b_tokenize: 8 (3.4%), b_tok_get_all: 8 (3.3%), b_comp_prob: 2.5 (1.1%), b_tok_touch_all: 3.6 (1.5%), b_finish: 0.55 (0.2%), tests_pri_0: 179 (76.7%), check_dkim_signature: 0.47 (0.2%), check_dkim_adsp: 3.4 (1.5%), tests_pri_500: 6 (2.4%), rewrite_mail: 0.00 (0.0%) Subject: Re: BUG: Mount ignores mount options X-Spam-Flag: No X-SA-Exim-Version: 4.2.1 (built Thu, 05 May 2016 13:38:54 -0600) X-SA-Exim-Scanned: Yes (on in02.mta.xmission.com) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Casey Schaufler writes: > Don't blame the filesystems for behaving as documented. No. This behavior is not documented. At least I certainly don't see a word about this in any of the man pages. Where does it say mounting a filesystem will not honor it's mount options? It is also rare enough in practice it is something it is reasonable to expect people to be surprised by. > The problem is not in the mount mechanism, it's in the way you want to > abuse it. I am not asking for this behavior. I am pointing out this behavior exists. I am pointing out this behavior is harmful. I am asking we stop doing this harmful thing in the new API where we don't have a chance of breaking anything. The place where this has bitten the hardest is someone wrote a script to do something for Xen in a chroot. That script involved a chroot that mounted devpts and in doing so happend to change the options of the main /dev/pts. Which resulted in ptys created with /dev/ptmx outside the chroot with the wrong permissions. That in turn caused several distros to retain the ancient suid pt_chown binary from libc that the devpts filesystem was built to make obsolete. As the world turned that pt_chown binary could be confused into chowning the wrong pty if a pty from a container was used. The fix was to mount a new instance of devpts every time mount of devpts is called. That simplified the code, and allowed pt_chown to be removed permanently. The tricky bit was figuring out how keep /dev/ptmx working. I wound up testing on every distribution I could think of to ensure no one would notice the slightly changed behavior of the devpts filesystem. The behavior in other filesystems of ignoring the options instead of changing them on the filesystem isn't quite as bad. But it still has the potential for a lot of mischief. Eric