Re: [RFC PATCH] Revert "btrfs: allow mounting btrfs subvolumes with different ro/rw options"

Thu, 03 Jul 2014 10:34:26 -0700 

On 07/03/2014 02:28 AM, Qu Wenruo wrote:
> 
> -------- Original Message --------
> Subject: Re: [RFC PATCH] Revert "btrfs: allow mounting btrfs subvolumes with 
> different ro/rw options"
> From: Goffredo Baroncelli <kreij...@libero.it>
> To: Qu Wenruo <quwen...@cn.fujitsu.com>, linux-btrfs@vger.kernel.org
> Date: 2014年07月03日 01:48
>> On 07/01/2014 11:30 AM, Qu Wenruo wrote:
>>> This commit has the following problem:
>>> 1) Break the ro mount rule.
>>> When users mount the whole btrfs ro, it is still possible to mount
>>> subvol rw and change the contents. Which make the whole fs ro mount
>>> non-sense.
>> Where is the problem ? I see an use case when I want a conservative default: 
>> mount all ro except some subvolumes.
>>
>> In any case it is not a security problem because if the user has the 
>> capability to mount a subvolume, also he has the capability to remount,rw 
>> the whole filesystem.
>>
>>
>>
> Not security problem but behavior not consistent.
> If user mount the whole disk ro, he or she want the fs read only and nothing 
> will change in it.
> If you mount a subvol rw, then the whole disk ro expectation is broken. 
> Things will change even the whole
> disk is readonly.

Sorry for bother you again, but there is a thing not clear to me:

If

    # mount -o subvolid=5,ro /dev/sda1 /mnt/root
    # mount -o subvol=subvolname,rw /dev/sda1 /mnt/subvolname

I suppose that 

    # touch /mnt/root/touch-test                # 1

fails, and

    # touch /mnt/subvolname/touch-test          # 2

succeeded. I understood correctly ? If so this behaviour seems to me correctly.
Different is after mounting the subvolume "subvolumename", also the whole 
filesystem results rw (eg: #1 succeeded).

G.Baroncelli





> 
> The problem also happens when a parent subvol is mounted rw but child subvol 
> is mounted ro.
> User can still modify the child subvol through parent subvol, still broke the 
> readonly rule.
> 
> Thanks,
> Qu
> 


-- 
gpg @keyserver.linux.it: Goffredo Baroncelli (kreijackATinwind.it>
Key fingerprint BBF5 1610 0B64 DAC6 5F7D  17B2 0EDA 9B37 8B82 E0B5
--
To unsubscribe from this list: send the line "unsubscribe linux-btrfs" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Reply via email to