Re: [PATCH] private mounts

From: Ram
Date: Wed Apr 27 2005 - 14:42:04 EST

On Wed, 2005-04-27 at 11:09, Miklos Szeredi wrote:
> > eg:
> >
> > user 1 does a invisible mount on /mnt/mnt1
> > root does a visible mount on /mnt/mnt1
> >
> > user 1 will no longer be able to access his /mnt/mnt1
> >
> > in fact even if root mounts something on /mnt, the problem still exists.
> This is not something specific to FUSE. Root can overmount any of
> your directories after which you won't be able to access it (unless
> some of your processes have a CWD there).

sorry, I think I have not raised by concern clearly.

I am mostly talking about the semantics of 'invisible/private mount' not
FUSE in particular, since the kernel patch brings in new feature
to VFS.

My understanding of private mount is:
1. The contents of the private mount is visible only to the
mount owner.
2. The vfsmount of the private mount is only accessible to
the mount owner, and only the mount owner can mount anything
on top of it.

But I dont see (2) is being checked for.

I can overmount something on top of a private mount owned by someother
user. I verified that with your patch.

1. do a invisible mount as user 'x' on /mnt
2. do a visible mount as root on /mnt and it *succeeds* and also masks
the earlier mount to the user 'x'.

I am not concerned about the masking effect so much. But I am concerned
that the private vfsmount at /mnt is accessible to someother user
to mount something else on top of it. **The dentry on top of which the
new vfsmount is done belongs to the private vfsmount**.

Am I making sense? If I do make sense, than all we need is a patch on
top of your patch which disallows non-owner to mount something on top of
a private/invisible vfsmount owned by some owner.

If I am not making sense, I keep quite :)

> Miklos

To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at
Please read the FAQ at