Re: [PATCH-RFC] code for raceless /sys/fs/foofs/*

[viro]

On Wed, May 05, 2004 at 01:08:50PM -0400, Trond Myklebust wrote:
> On Wed, 2004-05-05 at 12:36, viro@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
> wrote:
> 
> > We also allow anyone with sysfs mounted to see which filesystems are currently
> > mounted on the box - again, regardless of being able to see them in the
> > chroot jail/restricted namespace/etc.  It can easily become an issue in
> > setups where such information is sensitive.
> 
> ...but are you *really* likely to be mounting sysfs in a chrooted jail
> or restricted namespace?
> 
> ...and if you do, aren't you more likely to simply 'mount --bind' those
> minimal parts of sysfs that you actually need for the given process that
> is gaoled?

With the way things are going on, I suspect that it will be hard to maintain.
For one thing, more and more is put there.  For another, we certainly _do_
need a way to export per-superblock data and "all or nothing" approach will
be more and more painful as new applications of that show up.

Don't get me wrong - I absolutely agree that there is a need of safe way to
export per-fs data in some way; it is true for NFS, it is about the only
sane way to do online defragmentation, etc.

This is going to be used much wider than reiser4 and as soon as mechanism
goes in we'll see a bunch of applications.  The only real question is what
sort of API would be the right one, and that's why I don't like the solutions
along the lines of "you'll never want to use that in restricted setups".
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/