default. The unshare supports persistent namespaces too (no process has to run
to keep namespace in existence).
+The command mount(8) supports read-only binds in one step by the options
+"bind,ro" (command line or fstab). This feature is implemented by additional
+remount mount(2) syscall and it is not atomic.
+
The commands fdisk and sfdisk can be compiled with GNU readline support to
improve their line-editing functionality.
return 0;
}
+/*
+ * add additional mount(2) syscall requests when necessary to set propagation flags
+ * after regular mount(2).
+ */
static int init_propagation(struct libmnt_context *cxt)
{
char *name;
return 0;
}
+/*
+ * add additional mount(2) syscall request to implement "ro,bind", the first regular
+ * mount(2) is the "bind" operation, the second is "remount,ro,bind" call.
+ *
+ * Note that we don't remove "ro" from the first syscall (kernel silently
+ * ignores this flags for bind operation) -- maybe one day kernel will support
+ * read-only binds in one step and then all will be done by the firts mount(2) and the
+ * second remount will be noop...
+ */
+static int init_robind(struct libmnt_context *cxt)
+{
+ struct libmnt_addmount *ad;
+ int rc;
+
+ assert(cxt);
+ assert(cxt->mountflags & MS_BIND);
+ assert(cxt->mountflags & MS_RDONLY);
+ assert(!(cxt->mountflags & MS_REMOUNT));
+
+ DBG(CXT, ul_debugobj(cxt, "mount: initialize additional ro,bind mount"));
+
+ ad = mnt_new_addmount();
+ if (!ad)
+ return -ENOMEM;
+
+ ad->mountflags = MS_REMOUNT | MS_BIND | MS_RDONLY;
+ if (cxt->mountflags & MS_REC)
+ ad->mountflags |= MS_REC;
+ rc = mnt_context_append_additional_mount(cxt, ad);
+ if (rc)
+ return rc;
+
+ return 0;
+}
+
#if defined(HAVE_LIBSELINUX) || defined(HAVE_SMACK)
struct libmnt_optname {
const char *name;
if (rc)
return rc;
}
+ if ((cxt->mountflags & MS_BIND)
+ && (cxt->mountflags & MS_RDONLY)
+ && !(cxt->mountflags & MS_REMOUNT)) {
+ rc = init_robind(cxt);
+ if (rc)
+ return rc;
+ }
next = fs->fs_optstr;
-cxt->syscall_status));
return -cxt->syscall_status;
}
- DBG(CXT, ul_debugobj(cxt, "mount(2) success"));
+ DBG(CXT, ul_debugobj(cxt, " success"));
cxt->syscall_status = 0;
/*
.RE
Note that the filesystem mount options will remain the same as those
-on the original mount point, and cannot be changed by passing the
+on the original mount point.
+
+.BR mount(8)
+since v2.27 allow to change the options by passing the
.B \-o
option along with
-.BR \-\-bind / \-\-rbind .
-The mount options can be
-changed by a separate remount command, for example:
+.BR \-\-bind
+for example:
.RS
.br
-.B mount \-\-bind
-.I olddir newdir
-.br
-.B mount \-o remount,ro
-.I newdir
+.B mount \-\-bind,ro foo foo
.RE
-Note that the behavior of the remount operation depends on the /etc/mtab file.
-The first command stores the 'bind' flag in the /etc/mtab file and the second
-command reads the flag from the file. If you have a system without the
-/etc/mtab file or if you explicitly define source and target for the remount
-command (then \fBmount\fR(8) does not read /etc/mtab), then you have to use
-the bind flag (or option) for the remount command too. For example:
+This feature is not supported by Linux kernel and it is implemented in userspace
+by additional remount mount(2) syscall. This solution is not atomic.
+
+The alternative (classic) way to create a read-only bind mount is to use remount
+operation, for example:
.RS
.br
.I olddir newdir
.RE
-Note that
-.B remount,ro,bind
-will create a read-only mountpoint (VFS entry), but the original filesystem
-superblock will still be writable, meaning that the
+Note that read-only bind will create a read-only mountpoint (VFS entry), but the
+original filesystem superblock will still be writable, meaning that the
.I olddir
will be writable, but the
.I newdir
will be read-only.
+
+It's impossible to change mount options recursively (for example b \fB -o rbind,ro\fR).
.RE
.B The move operation.
projects / thirdparty / util-linux.git / commitdiff
