Re: [PATCH v2 05/11] fsconfig.2: document 'new' mount api

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 2025-08-08, Askar Safin <safinaskar@xxxxxxxxxxxx> wrote:
> Let's consider this example:
> 
>            int fsfd, mntfd, nsfd, nsdirfd;
> 
>            nsfd = open("/proc/self/ns/pid", O_PATH);
>            nsdirfd = open("/proc/1/ns", O_DIRECTORY);
> 
>            fsfd = fsopen("proc", FSOPEN_CLOEXEC);
>            /* "pidns" changes the value each time. */
>            fsconfig(fsfd, FSCONFIG_SET_PATH, "pidns", "/proc/self/ns/pid", AT_FDCWD);
>            fsconfig(fsfd, FSCONFIG_SET_PATH, "pidns", "pid", NULL, nsdirfd);
>            fsconfig(fsfd, FSCONFIG_SET_PATH_EMPTY, "pidns", "", nsfd);
>            fsconfig(fsfd, FSCONFIG_SET_FD, "pidns", NULL, nsfd);
>            fsconfig(fsfd, FSCONFIG_CMD_CREATE, NULL, NULL, 0);
>            mntfd = fsmount(fsfd, FSMOUNT_CLOEXEC, 0);
>            move_mount(mntfd, "", AT_FDCWD, "/proc", MOVE_MOUNT_F_EMPTY_PATH);
> 
> I don't like it. /proc/self/ns/pid is our namespace, which is default anyway.
> I. e. setting pidns to /proc/self/ns/pid is no-op (assuming that "pidns" option is implemented in our kernel, of course).
> Moreover, if /proc is mounted properly, then /proc/1/ns/pid refers to our namespace, too!
> Thus, *all* these fsconfig(FSCONFIG_SET_...) calls are no-op.
> Thus it is bad example.
> 
> I suggest using, say, /proc/2/ns/pid . It has actual chance to refer to some other namespace.
> 
> Also, sentence '"pidns" changes the value each time' is a lie: as I explained, all these calls are no-ops,
> they don't really change anything.

Right, I see your point.

One other problem with this example is that there is no
currently-existing parameter which accepts all of FSCONFIG_SET_PATH,
FSCONFIG_SET_PATH_EMPTY, FSCONFIG_SET_FD, and FSCONFIG_SET_STRING so
this example is by necessity a little contrived. I suspect that it'd be
better to remove this and re-add it once we actually something that
works this way...

You've replied to the pidns parameter patchset so I shouldn't repeat
myself here too much, but supporting this completely is my plan for the
next version I send. It's just not a thing that exists today (ditto for
overlayfs).

-- 
Aleksa Sarai
Senior Software Engineer (Containers)
SUSE Linux GmbH
https://www.cyphar.com/

Attachment: signature.asc
Description: PGP signature

[Index of Archives]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux