| 1 |
Greetings, |
| 2 |
|
| 3 |
Currently, none of the Linux kernels available for Gentoo honor some of the mount options (e.g. read-only), when using bind-type mounts (e.g. "mount --bind .."). Instead, these options are silently ignored (e.g. granting write access when read-only was requested). |
| 4 |
|
| 5 |
May I recommend this important patch for consideration in hardened-*sources? |
| 6 |
|
| 7 |
Herbert Poetzl's patch offers: |
| 8 |
o readonly bind mounts |
| 9 |
o ro truncate handling for (f)chown, (f)chmod handling |
| 10 |
o ro utime(s) handling |
| 11 |
o ro access and *_ioctl |
| 12 |
o added noatime and nodiratime |
| 13 |
o made autofs4 update_atime uncond |
| 14 |
|
| 15 |
Cheers, |
| 16 |
Gavin |
| 17 |
|
| 18 |
----- Original Message ----- |
| 19 |
From: "Herbert Poetzl" <herbert@×××××××××.at> |
| 20 |
To: <linux-kernel@×××××××××××.org> |
| 21 |
Sent: Wednesday, August 18, 2004 5:51 AM |
| 22 |
Subject: [PATCH] Bind Mount Extensions 0.05 |
| 23 |
|
| 24 |
|
| 25 |
> |
| 26 |
> Greetings! |
| 27 |
> |
| 28 |
> The following patch extends the 'noatime', 'nodiratime' and |
| 29 |
> last but not least the 'ro' (read only) mount option to the |
| 30 |
> vfs --bind mounts, allowing them to behave like any other |
| 31 |
> mount, by honoring those mount flags (which are silently |
| 32 |
> ignored by the current implementation in 2.4.x and 2.6.x) |
| 33 |
> |
| 34 |
> I don't want to pollute your mailbox with useless patches, |
| 35 |
> so for those who are interested in this stuff, get them |
| 36 |
> here (for 2.4.27 and 2.6.8.1) |
| 37 |
> |
| 38 |
> http://www.13thfloor.at/patches/ |
| 39 |
> |
| 40 |
> many thanks to Willy Tarreau for spotting the bug in the |
| 41 |
> previous bme0.04 for linux 2.4.x. |
| 42 |
> |
| 43 |
> enjoy, |
| 44 |
> Herbert |
| 45 |
> |
| 46 |
|
| 47 |
-- |
| 48 |
gentoo-hardened@g.o mailing list |
Archives