| Summary: | change/regression in mount(8) usage of MS_BIND | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Eric Paris <eparis> |
| Component: | util-linux | Assignee: | Karel Zak <kzak> |
| Status: | CLOSED UPSTREAM | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 15 | CC: | jonathan, kzak, sdsmall |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2012-02-21 17:03:47 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
apparently this is a result of the switch from mtab to /proc/mounts so mount doesn't know it is a bind.... dooh Yes, this is known issue which is documented in the mount man page. Maybe we need something like mount --ro-bind /mountpoint to provide more user-friendly command line interface for the crazy MS_RDONLY|MS_REMOUNT|MS_BIND semantic. Note that I have added this to the upstream TODO file. We need this for all propagation flags (MS_SHARE, MS_PRIVATE, ...). |
When setting up a chroot the selinux community will sometimes use the following set of steps. mount --bind /selinux /var/chroot/selinux mount -o remount,ro /var/chroot/selinux Under F14 util-linux-ng-2.18-4.8.fc14.x86_64 the remount command results in: mount("/selinux", "/var/chroot/selinux", 0x7ff5f154ea69, MS_MGC_VAL|MS_RDONLY|MS_REMOUNT|MS_BIND, NULL) = 0 Which clearly includes MS_BIND Under F15 util-linux-2.19.1-1.4.fc15.x86_64 the remount command results in: mount("selinuxfs", "/var/chroot/selinux", 0x7ffc9dd917b0, MS_REMOUNT|MS_RELATIME, NULL) = 0 Which does NOT include the MS_BIND option. This means that in F14 we got /selinux RW and /var/chroot/selinux RO but in F15 BOTH /selinux and /var/chroot/selinux are RO. I can work around this by using the command: mount -o remount,ro,bind /var/chroot/selinux in F15, but mount broke code that was already working and I don't understand why.....