Re: RFC: permit link(2) to work across --bind mounts ?

[Mark Lord]

Al Viro wrote:
> On Tue, Dec 18, 2007 at 11:00:16PM +0000, Al Viro wrote:
> > On Tue, Dec 18, 2007 at 05:46:21PM -0500, Mark Lord wrote:
> > > Why does link(2) not support hard-linking across bind mount points
> > > of the same underlying filesystem ?
> > Because it gives you a security boundary around a subtree.
>
> PS: that had been discussed quite a few times, but to avoid searches:
> consider e.g. mount --bind /tmp /tmp; now you've got a situation when
> users can't create links to elsewhere no root fs, even though they
> have /tmp writable to them.  Similar technics works for other isolation
> needs - basically, you can confine rename/link to given subtree.  IOW,
> it's a deliberate feature.  Note that you can bind a bunch of trees
> into chroot and get predictable restrictions regardless of how the
> stuff might get rearranged a year later in the main tree, etc.
..

Thanks, Al.  That makes sense for a multi-user system, so I'm happy.

But.. pity there's no mount flag override for smaller systems,
where bind mounts might be more useful with link(2) actually working.

The patch is simple enough when needed, though.

Cheers

--- old/fs/namei.c	2007-12-15 12:33:13.000000000 -0500
+++ linux/fs/namei.c	2007-12-18 22:41:19.000000000 -0500
@@ -2398,7 +2398,7 @@
	if (error)
		goto out;
	error = -EXDEV;
-	if (old_nd.mnt != nd.mnt)
+	if (old_nd.mnt->mnt_sb != nd.mnt->mnt_sb)
		goto out_release;
	new_dentry = lookup_create(&nd, 0);
	error = PTR_ERR(new_dentry);
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/