1
linux/mm
Dave Hansen ce8d2cdf3d r/o bind mounts: filesystem helpers for custom 'struct file's
Why do we need r/o bind mounts?

This feature allows a read-only view into a read-write filesystem.  In the
process of doing that, it also provides infrastructure for keeping track of
the number of writers to any given mount.

This has a number of uses.  It allows chroots to have parts of filesystems
writable.  It will be useful for containers in the future because users may
have root inside a container, but should not be allowed to write to
somefilesystems.  This also replaces patches that vserver has had out of the
tree for several years.

It allows security enhancement by making sure that parts of your filesystem
read-only (such as when you don't trust your FTP server), when you don't want
to have entire new filesystems mounted, or when you want atime selectively
updated.  I've been using the following script to test that the feature is
working as desired.  It takes a directory and makes a regular bind and a r/o
bind mount of it.  It then performs some normal filesystem operations on the
three directories, including ones that are expected to fail, like creating a
file on the r/o mount.

This patch:

Some filesystems forego the vfs and may_open() and create their own 'struct
file's.

This patch creates a couple of helper functions which can be used by these
filesystems, and will provide a unified place which the r/o bind mount code
may patch.

Also, rename an existing, static-scope init_file() to a less generic name.

Signed-off-by: Dave Hansen <haveblue@us.ibm.com>
Cc: Christoph Hellwig <hch@lst.de>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-10-17 08:43:04 -07:00
..
allocpercpu.c Slab allocators: Replace explicit zeroing with __GFP_ZERO 2007-07-17 10:23:02 -07:00
backing-dev.c mm: per device dirty threshold 2007-10-17 08:42:45 -07:00
bootmem.c
bounce.c block: Initial support for data-less (or empty) barrier support 2007-10-16 11:03:56 +02:00
fadvise.c
filemap_xip.c mm: write iovec cleanup 2007-10-16 09:42:54 -07:00
filemap.c mm: document tree_lock->zone.lock lockorder 2007-10-17 08:42:46 -07:00
fremap.c Drop some headers from mm.h 2007-10-17 08:42:55 -07:00
highmem.c Create the ZONE_MOVABLE zone 2007-07-17 10:22:59 -07:00
hugetlb.c hugetlb: fix dynamic pool resize failure case 2007-10-16 09:43:03 -07:00
internal.h Breakout page_order() to internal.h to avoid special knowledge of the buddy allocator 2007-10-16 09:43:01 -07:00
Kconfig memory unplug: page offline 2007-10-16 09:43:02 -07:00
madvise.c speed up madvise_need_mmap_write() usage 2007-07-16 09:05:36 -07:00
Makefile memory unplug: page isolation 2007-10-16 09:43:02 -07:00
memory_hotplug.c fix memory hot remove not configured case. 2007-10-16 09:43:02 -07:00
memory.c flush icache before set_pte() on ia64: flush icache at set_pte 2007-10-16 09:42:59 -07:00
mempolicy.c mm/mempolicy.c: cleanups 2007-10-16 09:43:03 -07:00
mempool.c Slab allocators: Replace explicit zeroing with __GFP_ZERO 2007-07-17 10:23:02 -07:00
migrate.c flush icache before set_pte() on ia64: flush icache at set_pte 2007-10-16 09:42:59 -07:00
mincore.c
mlock.c do not limit locked memory when RLIMIT_MEMLOCK is RLIM_INFINITY 2007-07-16 09:05:37 -07:00
mmap.c Drop some headers from mm.h 2007-10-17 08:42:55 -07:00
mmzone.c
mprotect.c flush icache before set_pte() on ia64: flush icache at set_pte 2007-10-16 09:42:59 -07:00
mremap.c mm: variable length argument support 2007-07-19 10:04:45 -07:00
msync.c Detach sched.h from mm.h 2007-05-21 09:18:19 -07:00
nommu.c fix NULL pointer dereference in __vm_enough_memory() 2007-08-22 19:52:45 -07:00
oom_kill.c oom: convert zone_scan_lock from mutex to spinlock 2007-10-17 08:42:46 -07:00
page_alloc.c oom: serialize out of memory calls 2007-10-17 08:42:45 -07:00
page_io.c Drop 'size' argument from bio_endio and bi_end_io 2007-10-10 09:25:57 +02:00
page_isolation.c memory unplug: page isolation 2007-10-16 09:43:02 -07:00
page-writeback.c writeback: remove unnecessary wait in throttle_vm_writeout() 2007-10-17 08:43:02 -07:00
pdflush.c Freezer: make kernel threads nonfreezable by default 2007-07-17 10:23:02 -07:00
prio_tree.c
quicklist.c
readahead.c mm: bdi init hooks 2007-10-17 08:42:45 -07:00
rmap.c mm: document tree_lock->zone.lock lockorder 2007-10-17 08:42:46 -07:00
shmem_acl.c
shmem.c r/o bind mounts: filesystem helpers for custom 'struct file's 2007-10-17 08:43:04 -07:00
slab.c Delete gcc-2.95 compatible structure definition. 2007-10-17 08:42:58 -07:00
slob.c Slab API: remove useless ctor parameter and reorder parameters 2007-10-17 08:42:45 -07:00
slub.c Slab API: remove useless ctor parameter and reorder parameters 2007-10-17 08:42:45 -07:00
sparse-vmemmap.c memory hotplug: Hot-add with sparsemem-vmemmap 2007-10-16 09:43:02 -07:00
sparse.c memory hotplug: Hot-add with sparsemem-vmemmap 2007-10-16 09:43:02 -07:00
swap_state.c mm: clarify __add_to_swap_cache locking 2007-10-16 09:42:53 -07:00
swap.c mm: bdi init hooks 2007-10-17 08:42:45 -07:00
swapfile.c Replace CONFIG_SOFTWARE_SUSPEND with CONFIG_HIBERNATION 2007-07-29 16:45:38 -07:00
thrash.c
tiny-shmem.c r/o bind mounts: filesystem helpers for custom 'struct file's 2007-10-17 08:43:04 -07:00
truncate.c Drop some headers from mm.h 2007-10-17 08:42:55 -07:00
util.c Slab allocators: fail if ksize is called with a NULL parameter 2007-10-16 09:42:53 -07:00
vmalloc.c Categorize GFP flags 2007-10-16 09:42:59 -07:00
vmscan.c mm: test and set zone reclaim lock before starting reclaim 2007-10-17 08:42:46 -07:00
vmstat.c oom: change all_unreclaimable zone member to flags 2007-10-17 08:42:45 -07:00