| 1 |
I investigated this patch and read through the code. First of all, I like |
| 2 |
the patch and the way it's implemented. Also, it appears that Herbet has |
| 3 |
taken this patch through many iterations with much interaction from Linux |
| 4 |
Kernel developers, including Andrew Morten. You can verify this by |
| 5 |
searching the Linux Kernel mailing list. I wouldn't be surprised if this |
| 6 |
eventually gets merged with the source. |
| 7 |
|
| 8 |
I'd certainly like to know where albiero's patch came from; it may end up |
| 9 |
being an earlier version of this one. Otherwise, I am in favor of |
| 10 |
including this in hardened-sources, or perhaps even gentoo-sources base |
| 11 |
patches. |
| 12 |
|
| 13 |
-Cory |
| 14 |
|
| 15 |
On Wed, Aug 18, 2004 at 01:33:28PM -0400, Joshua Brindle wrote: |
| 16 |
> AFAIK we had this at one time (at least read only binds which was made |
| 17 |
> by albiero) whatever happened to that? |
| 18 |
> |
| 19 |
> Joshua Brindle |
| 20 |
> |
| 21 |
> |
| 22 |
> Gavin wrote: |
| 23 |
> |
| 24 |
> > Greetings, |
| 25 |
> > |
| 26 |
> > Currently, none of the Linux kernels available for Gentoo honor some of the mount options (e.g. read-only), when using bind-type mounts (e.g. "mount --bind .."). Instead, these options are silently ignored (e.g. granting write access when read-only was requested). |
| 27 |
> > |
| 28 |
> > May I recommend this important patch for consideration in hardened-*sources? |
| 29 |
> > |
| 30 |
> > Herbert Poetzl's patch offers: |
| 31 |
> > o readonly bind mounts |
| 32 |
> > o ro truncate handling for (f)chown, (f)chmod handling |
| 33 |
> > o ro utime(s) handling |
| 34 |
> > o ro access and *_ioctl |
| 35 |
> > o added noatime and nodiratime |
| 36 |
> > o made autofs4 update_atime uncond |
| 37 |
> > |
| 38 |
> > Cheers, |
| 39 |
> > Gavin |
| 40 |
> > |
| 41 |
> > ----- Original Message ----- |
| 42 |
> > From: "Herbert Poetzl" <herbert@×××××××××.at> |
| 43 |
> > To: <linux-kernel@×××××××××××.org> |
| 44 |
> > Sent: Wednesday, August 18, 2004 5:51 AM |
| 45 |
> > Subject: [PATCH] Bind Mount Extensions 0.05 |
| 46 |
> > |
| 47 |
> > |
| 48 |
> > |
| 49 |
> >>Greetings! |
| 50 |
> >> |
| 51 |
> >>The following patch extends the 'noatime', 'nodiratime' and |
| 52 |
> >>last but not least the 'ro' (read only) mount option to the |
| 53 |
> >>vfs --bind mounts, allowing them to behave like any other |
| 54 |
> >>mount, by honoring those mount flags (which are silently |
| 55 |
> >>ignored by the current implementation in 2.4.x and 2.6.x) |
| 56 |
> >> |
| 57 |
> >>I don't want to pollute your mailbox with useless patches, |
| 58 |
> >>so for those who are interested in this stuff, get them |
| 59 |
> >>here (for 2.4.27 and 2.6.8.1) |
| 60 |
> >> |
| 61 |
> >> http://www.13thfloor.at/patches/ |
| 62 |
> >> |
| 63 |
> >>many thanks to Willy Tarreau for spotting the bug in the |
| 64 |
> >>previous bme0.04 for linux 2.4.x. |
| 65 |
> >> |
| 66 |
> >>enjoy, |
| 67 |
> >>Herbert |
| 68 |
|
| 69 |
-- |
| 70 |
gentoo-hardened@g.o mailing list |
Archives