[List CCd. I hate Gmail.] Noob alert.
On 3 July 2014 02:28, Qu Wenruo <[email protected]> wrote: > Subject: Re: [RFC PATCH] Revert "btrfs: allow mounting btrfs subvolumes w= ith > different ro/rw options" > From: Goffredo Baroncelli <[email protected]> > To: Qu Wenruo <[email protected]>, [email protected] > Date: 2014=E5=B9=B407=E6=9C=8803=E6=97=A5 01:48 >> >> On 07/01/2014 11:30 AM, Qu Wenruo wrote: >>> >>> This commit has the following problem: >>> 1) Break the ro mount rule. >>> When users mount the whole btrfs ro, it is still possible to mount >>> subvol rw and change the contents. Which make the whole fs ro mount >>> non-sense. >> >> Where is the problem ? I see an use case when I want a conservative >> default: mount all ro except some subvolumes. >> >> In any case it is not a security problem because if the user has the >> capability to mount a subvolume, also he has the capability to remount,r= w >> the whole filesystem. >> >> >> > Not security problem but behavior not consistent. > If user mount the whole disk ro, he or she want the fs read only and noth= ing > will change in it. > If you mount a subvol rw, then the whole disk ro expectation is broken. > Things will change even the whole > disk is readonly. This assumption seems wrong and untenable if considered from a different angle: one doesn't mount the "whole disk" ro, merely the default subvolume. # mount -o ro /dev/sda1 /mnt is merely convenient short-hand for # mount -o ro,subvol=3D@ [or whatever] /dev/sda1 /mnt and anyone who expects this to magically protect the whole disk is, frankly, confused. Substituting partitions for subvolumes: mounting /dev/sda2 read-only should have no effect on /dev/sda3. Even if you went a bit batty and decided to make /dev/sda2 the "default partition": # ln -sf /dev/sda2 /dev/sda # mount -o ro /dev/sda /mnt/this/is/silly syntactic sugar doesn't change anything. Subvolumes are logically discrete entities, the fact that they share trees on-disk is merely a (very nice) implementation detail. It is impossible to mount a "whole disk" under btrfs. Tobias > The problem also happens when a parent subvol is mounted rw but child sub= vol > is mounted ro. > User can still modify the child subvol through parent subvol, still broke > the readonly rule. This makes sense, though. -- To unsubscribe from this list: send the line "unsubscribe linux-btrfs" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html
