On Fri, May 23, 2025 at 10:41:14AM +0200, Christian Brauner wrote: > On Fri, May 23, 2025 at 07:32:38AM +0100, Al Viro wrote: > > On Thu, May 15, 2025 at 01:25:27PM +0200, Christian Brauner wrote: > > > > > Al, I want to kill this again and restore the pre v6.15 behavior. > > > Allowing mount propagation for detached trees was a crazy > > > idea on my part. It's a pain and it regresses userspace. If composefs is > > > broken by this then systemd will absolutely get broken by my change as > > > well. > > > > > > Something like this will allow to restore the status-quo: > > > > > -#define IS_MNT_NEW(m) (!(m)->mnt_ns) > > > +#define IS_MNT_NEW(m) (!(m)->mnt_ns || is_anon_ns((m)->mnt_ns)) > > > > FWIW, I'm not sure that ever had been quite correct, no matter how you > > call the macro. I'm not up to building a counterexample right now, > > will do in the morning... > > The point is that we can't do mount propagation with detached trees > without regressing userspace. And we didn't do it before. I don't > specifically care how we block this but it needs to go out again. > Otherwise we release a kernel with the new semantics that regress > userspace. The problem is not in propagation *into* detached trees. All you need is A -> B -> C (all in your normal namespace, nothing detached, etc.) followed by make-private on B. C should (and does) keep getting events from A. Now, have open_tree() create a detached clone of B. Shouldn't affect anything between A, B and C, right? With your patch doing open_tree before make-private B ends up with no propagation from A to C... until the detached tree is closed. See the problem? You have nodes on detached trees still in propagation graph. And your variant _stops_ propagation at nodes in anon namespaces, not just skips such nodes themselves. This is bogus, IMO. I'm perfectly fine with propagate_one() returning 0 on anon_ns(m->mnt); that would refuse to propagate into *any* anon ns, but won't screw the propagation between the mounts that are in normal, non-anon namespaces.
