Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S965173AbWIEGKY (ORCPT ); Tue, 5 Sep 2006 02:10:24 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S965170AbWIEGKY (ORCPT ); Tue, 5 Sep 2006 02:10:24 -0400 Received: from emailer.gwdg.de ([134.76.10.24]:60373 "EHLO emailer.gwdg.de") by vger.kernel.org with ESMTP id S965167AbWIEGKX (ORCPT ); Tue, 5 Sep 2006 02:10:23 -0400 Date: Tue, 5 Sep 2006 08:02:50 +0200 (MEST) From: Jan Engelhardt To: Shaya Potter cc: Pavel Machek , Josef Sipek , linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, hch@infradead.org, akpm@osdl.org, viro@ftp.linux.org.uk Subject: Re: [PATCH 00/22][RFC] Unionfs: Stackable Namespace Unification Filesystem In-Reply-To: <1157406184.4398.24.camel@localhost.localdomain> Message-ID: References: <20060901013512.GA5788@fsl.cs.sunysb.edu> <20060903110507.GD4884@ucw.cz> <1157376506.4398.15.camel@localhost.localdomain> <20060904203346.GA6646@elf.ucw.cz> <1157406184.4398.24.camel@localhost.localdomain> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Spam-Report: Content analysis: 0.0 points, 6.0 required _SUMMARY_ Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1598 Lines: 45 > >I agree that unionfs shouldn't oops, it should handle that situation in >a more graceful manner, but once the "backing store" is modified >underneath it, all bets are off for either unionfs or ext2/3 behaving >"correctly" (where "correctly" doesn't just mean handle the error >gracefully). > >But are you also 100% sure that messing with the underlying backing >store wouldn't be considered an admin bug as opposed to an administrator >bug? I mean there's nothing that we can do to prevent an administrator >from FUBAR'ing their system by > >dd if=/dev/random of=/dev/kmem. > >where does one draw the line? I agree that stackable file systems make >this a more pressing issue, as the "backing store" can be visible within >the file system namespace as a regular file system that people are >generally accustomed to interacting with. So here's an idea. When a branch is added, mount an empty space onto the branch. (From within the kernel, so it appears as a side-effect of mount(2)) mount -t unionfs -o dirs=/a=rw:/b=ro none /union should imply something like mount --bind /var/lib/empty /a mount --bind /var/lib/empty /b Or better, yet, make them read-only: mount --rbind -o ro /a /a mount --rbind -o ro /b /b (hope this works as intended?) So that no one can tinker with /a and /b while the union is mounted. Jan Engelhardt -- - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/