Bug 164879 - read-only mount --bind isn't read-only
read-only mount --bind isn't read-only
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: kernel (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Stephen Tweedie
Brian Brock
: FutureFeature, Reopened
Depends On:
  Show dependency treegraph
Reported: 2005-08-02 05:18 EDT by John Haxby
Modified: 2012-06-20 12:17 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2012-06-20 12:17:34 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description John Haxby 2005-08-02 05:18:28 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-GB; rv:1.7.10) Gecko/20050719 Red Hat/1.0.6-1.4.1 Firefox/1.0.6

Description of problem:
I wanted to bind-mount a directory read-only so that I could safely make it visible through ftp, but, alas, it isn't read-only -- it looks as though the read-only flag is ignored even though it appears in the output of "mount".

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. mkdir /tmp/xxx /tmp/yyy
2. mount -o ro,bind /tmp/xxx /tmp/yyy
3. touch /tmp/yyy/this-should-not-work

Actual Results:  The "touch" command succeeded.

Expected Results:  The "touch" command should have reported a read-only filesystem error.

Additional info:

The entry in /etc/mtab reflects the mount command I used (/tmp/xxx /tmp/yyy none ro,bind 0 0) but the entry in /proc/mounts doesn't (/dev/root /tmp/yyy ext3 rw 0 0).

It has been argued in the past (bug 77962) that this is a problem with mount and that it shouldn't allow the "ro" option for mount.   That's a bit of a cop-out, even though the mount(2) man page says that the mount flags are ignored (that's a paradox; MS_BIND is a mount flag and if it's not ignored then it's ignored).

There is a long-standing patch at http://www.13thfloor.at/patches/ which allows read-only bind mounts and I know that this has surfaced in the kernel mailing lists several times.   Notwithstanding the efforts in the man page to turn this bug into a feature, the read-only bind is very useful for exporting for ftp without running the risk of inadvertantly making it writable.
Comment 1 Bill Rugolsky, Jr. 2005-08-10 11:55:38 EDT
In 2003, Al Viro posted a long description of what was required to do
per-mountpoint readonly correctly:


IIRC, Herbert Poetzl's Bind Mount Extensions patch only addresses some of Al's
Comment 2 Stephen Tweedie 2005-08-10 12:33:29 EDT
The patches change VFS semantics in a way that will break existing binary kernel
filesystem modules.  That alone pretty much rules it out for a RHEL-4 update.
Even without that, we'd need complelling justification for such a feature
extension in an update release; this sort of functionality really needs sorted
out upstream and merged there to be picked up in a future RHEL version.
Comment 3 John Haxby 2005-08-10 12:41:22 EDT
I don't mind this being changed to an enhancement request and I don't mind it
being slated for a future version (eg RHEL5) but why have you closed it WONTFIX.
 Doesn't that mean it's dead and buried?

If that's not the case, please feel free to close it again.  If not, I'd like to
put this in as an enhancement request somewhere -- just don't know where to do it.
Comment 4 Red Hat Bugzilla 2007-02-05 14:28:42 EST
REOPENED status has been deprecated. ASSIGNED with keyword of Reopened is preferred.
Comment 5 Jiri Pallich 2012-06-20 12:17:34 EDT
Thank you for submitting this issue for consideration in Red Hat Enterprise Linux. The release for which you requested us to review is now End of Life. 
Please See https://access.redhat.com/support/policy/updates/errata/

If you would like Red Hat to re-consider your feature request for an active release, please re-open the request via appropriate support channels and provide additional supporting details about the importance of this issue.

Note You need to log in before you can comment on or make changes to this bug.