Lines Matching +full:j +full:- +full:to +full:- +full:k
1 .. SPDX-License-Identifier: GPL-2.0
11 4) Use-case
19 -----------
23 A process wants to clone its own namespace, but still wants to access the CD
25 mechanism to accomplish the above.
27 It provides the necessary building blocks for features like per-user-namespace
31 -----------
33 Shared subtree provides four different flavors of mounts; struct vfsmount to be
42 2a) A shared mount can be replicated to as many mountpoints and all the
43 replicas continue to be exactly same.
49 mount --make-shared /mnt
51 Note: mount(8) command now supports the --make-shared flag,
57 # mount --bind /mnt /tmp
59 The above command replicates the mount at /mnt to the mountpoint /tmp
80 Note that the mount has propagated to the mount at /mnt as well.
94 # mount --make-shared /mnt
96 Let's bind mount /mnt to /tmp
97 # mount --bind /mnt /tmp
103 # mount --make-slave /tmp
114 Note the mount event has propagated to the mount at /tmp
125 Note how the mount event has not propagated to the mount at
138 # mount --make-unbindable /mnt
140 Let's try to bind mount this mount somewhere else::
142 # mount --bind /mnt /tmp
150 -----------------------
152 The mount command (util-linux package) can be used to set mount
155 mount --make-shared mountpoint
156 mount --make-slave mountpoint
157 mount --make-private mountpoint
158 mount --make-unbindable mountpoint
162 ------------
164 A) A process wants to clone its own namespace, but still wants to
171 mount --bind /cdrom /cdrom
172 mount --make-shared /cdrom
179 propagated to the other mount at /cdrom in all the other clone
182 B) A process wants its mounts invisible to any other process, but
183 still be able to see the other system mounts.
187 To begin with, the administrator can mark the entire mount tree
190 mount --make-rshared /
195 mount --make-rslave /myprivatetree
204 building blocks to solve the following problems:
206 C) Per-user namespace
208 The above semantics allows a way to share mounts across
210 namespaces are made first class objects with user API to
212 could have his/her own namespace and tailor it to his/her
213 requirements. This needs to be supported in PAM.
219 versions of the file depending on the path used to access that
224 mount --make-shared /
225 mount --rbind / /view/v1
226 mount --rbind / /view/v2
227 mount --rbind / /view/v3
228 mount --rbind / /view/v4
241 ---------------------
243 bind, rbind, move, mount, umount and clone-namespace operations.
246 to mean the same thing, throughout this document.
259 that leads to mount or unmount actions in other vfsmounts.
262 events to each other.
266 A 'shared mount' is defined as a vfsmount that belongs to a
271 mount --make-shared /mnt
272 mount --bind /mnt /tmp
275 to the same peer group. Anything mounted or unmounted under
287 the slave mount to the master. Only a shared mount can be made
290 mount --make-slave mount
293 modified to become shared.
301 events to its 'peer group' and to its slave vfsmounts.
304 peer group, and this peer-group is a slave of some other
310 mount --make-shared mount
329 in response to various commands::
331 -----------------------------------------------------------------------
332 | |make-shared | make-slave | make-private |make-unbindab|
333 --------------|------------|--------------|--------------|-------------|
336 |-------------|------------|--------------|--------------|-------------|
339 |-------------|------------|--------------|--------------|-------------|
342 |-------------|------------|--------------|--------------|-------------|
344 |-------------|------------|--------------|--------------|-------------|
346 ------------------------------------------------------------------------
349 slave, makes it private automatically. Note that there is no master to
350 which it can be slaved to.
352 ** slaving a non-shared mount has no effect on the mount.
362 mount --bind A/a B/b
370 --------------------------------------------------------------------------
373 |source(A)->| shared | private | slave | unbindable |
380 |non-shared| shared | private | slave | invalid |
389 propagates to. A new propagation tree containing 'C1',..,'Cn' is
390 created. This propagation tree is identical to the propagation tree of
391 'B'. And finally the peer-group of 'C' is merged with the peer group
398 propagates to. A new propagation tree is set containing all new mounts
406 'B' propagates to. A new propagation tree containing the new mounts
407 'C','C1',.. 'Cn' is created. This propagation tree is identical to the
415 5. 'A' is a private mount and 'B' is a non-shared(private or slave or
419 6. 'A' is a shared mount and 'B' is a non-shared mount. A new mount 'C'
422 peer-group of 'A'.
424 7. 'A' is a slave mount of mount 'Z' and 'B' is a non-shared mount. A
428 'Z'. All mount/unmount events on 'Z' propagates to 'A' and 'C'. But
432 8. 'A' is a unbindable mount and 'B' is a non-shared mount. This is a
438 replicates all the mounts in the tree belonging to the specified mount.
439 Rbind mount is bind mount applied to all the mounts in the tree.
458 If this tree is rbound to say Z
476 mount --move A B/b
484 ---------------------------------------------------------------------------
487 | source(A)->| shared | private | slave | unbindable |
494 |non-shared| shared | private | slave | unbindable |
507 propagation tree is appended to the already existing propagation tree
514 propagation tree is created which is identical to that of
524 propagation tree is appended to the already existing propagation tree of
525 'A'. Mount 'A' continues to be the slave mount of 'Z' but it also
532 it to mount at other mountpoints is not possible.
534 5. 'A' is a private mount and 'B' is a non-shared(private or slave or
537 6. 'A' is a shared mount and 'B' is a non-shared mount. The mount 'A'
538 is mounted on mount 'B' at dentry 'b'. Mount 'A' continues to be a
541 7. 'A' is a slave mount of mount 'Z' and 'B' is a non-shared mount.
543 continues to be a slave mount of mount 'Z'.
545 8. 'A' is a unbindable mount and 'B' is a non-shared mount. The mount
546 'A' is mounted on mount 'B' at dentry 'b'. Mount 'A' continues to be a
570 If mount 'B' is shared, then all most-recently-mounted mounts at dentry
572 sub-mounts within them are unmounted.
574 Example: Let's say 'B1', 'B2', 'B3' are shared mounts that propagate to
583 if 'C1' is unmounted, all the mounts that are most-recently-mounted on
584 'B1' and on the mounts that 'B1' propagates-to are unmounted.
586 'B1' propagates to 'B2' and 'B3'. And the most recently mounted mount
593 to be unmounted and 'C1' has some sub-mounts, the umount operation is
604 If 'A' is shared, then 'B' is also shared and 'A' and 'B' propagate to
616 -------
622 mount --bind /mnt /mnt
623 mount --make-shared /mnt
624 mount --bind /mnt /tmp
625 mount --move /tmp /mnt/1
636 mount --make-rshared /
637 mkdir -p /v/1
638 mount --rbind / /v/1
647 mount --bind /mnt /mnt
648 mount --make-shared /mnt
649 mkdir -p /mnt/1/2/3 /mnt/1/test
650 mount --bind /mnt/1 /tmp
651 mount --make-slave /mnt
652 mount --make-shared /mnt
653 mount --bind /mnt/1/2 /tmp1
654 mount --make-slave /mnt
664 A -> B -> C
668 mount --bind /bin /tmp/test
672 will the mount propagate to 'B' and 'C' ?
678 ------
682 unmounted or moved. Bind mounts continue to exist even if the
688 shared subtree can do. I cannot imagine a way to implement the
693 Let's say we want to replicate the mount tree at multiple
709 And we want to replicate the tree at multiple
716 mount --make-shared /root
718 mkdir -p /tmp/m1
720 mount --rbind /root /tmp/m1
739 mkdir -p /tmp/m2
740 mount --rbind /root /tmp/m2
766 mkdir -p /tmp/m3
767 mount --rbind /root /tmp/m3
772 at step i the number of vfsmounts is V[i] = i*V[i-1].
776 One could use a series of umount at each step to prune
795 mount --bind /root/tmp /root/tmp
797 mount --make-rshared /root
798 mount --make-unbindable /root/tmp
800 mkdir -p /tmp/m1
802 mount --rbind /root /tmp/m1
817 mkdir -p /tmp/m2
818 mount --rbind /root /tmp/m2
833 mkdir -p /tmp/m3
834 mount --rbind /root /tmp/m3
847 -----------------
851 4 new fields are introduced to struct vfsmount:
853 * ->mnt_share
854 * ->mnt_slave_list
855 * ->mnt_slave
856 * ->mnt_master
858 ->mnt_share
859 links together all the mount to/from which this vfsmount
862 ->mnt_slave_list
863 links all the mounts to which this vfsmount propagates
864 to.
866 ->mnt_slave
868 propagates to.
870 ->mnt_master
871 points to the master vfsmount from which this vfsmount
874 ->mnt_flags
875 takes two more flags to indicate the propagation status of
881 ->mnt_share.
883 All vfsmounts with the same ->mnt_master form on a cyclic list anchored
884 in ->mnt_master->mnt_slave_list and going through ->mnt_slave.
886 ->mnt_master can point to arbitrary (and possibly different) members
887 of master peer group. To find all immediate slaves of a peer group
888 you need to go through _all_ ->mnt_slave_list of its members.
889 Conceptually it's just a single set - distribution among the
893 All vfsmounts in a peer group have the same ->mnt_master. If it is
894 non-NULL, they form a contiguous (ordered) segment of slave list.
901 A <--> B <--> C <---> D
903 / F G J K H I
905 E<-->K
909 In the above figure A,B,C and D all are shared and propagate to each
911 mounts 'J' and 'K' and 'D' has got two slave mounts 'H' and 'I'.
912 'E' is also shared with 'K' and they propagate to each other. And
913 'K' has 3 slaves 'M', 'L' and 'N'
915 A's ->mnt_share links with the ->mnt_share of 'B' 'C' and 'D'
917 A's ->mnt_slave_list links with ->mnt_slave of 'E', 'K', 'F' and 'G'
919 E's ->mnt_share links with ->mnt_share of K
921 'E', 'K', 'F', 'G' have their ->mnt_master point to struct vfsmount of 'A'
923 'M', 'L', 'N' have their ->mnt_master point to struct vfsmount of 'K'
925 K's ->mnt_slave_list links with ->mnt_slave of 'M', 'L' and 'N'
927 C's ->mnt_slave_list links with ->mnt_slave of 'J' and 'K'
929 J and K's ->mnt_master points to struct vfsmount of C
931 and finally D's ->mnt_slave_list links with ->mnt_slave of 'H' and 'I'
933 'H' and 'I' have their ->mnt_master pointing to struct vfsmount of 'D'.
936 NOTE: The propagation tree is orthogonal to the mount tree.
940 ->mnt_share, ->mnt_slave, ->mnt_slave_list, ->mnt_master are protected
943 Normally we have ->mnt_flags modifications serialized by vfsmount_lock.
947 The latter holds namespace_sem and the only references to vfsmount
965 a) Create the necessary number of mount trees to
966 be attached to each of the mounts that receive
968 b) Do not attach any of the trees to its destination.
969 However note down its ->mnt_parent and ->mnt_mountpoint
970 c) Link all the new mounts to form a propagation tree that
971 is identical to the propagation tree of the destination
976 source tree. Go to the commit phase
979 the number of mounts to which the destination mount
980 propagates to.
982 if any memory allocations fail, go to the abort phase.
985 attach each of the mount trees to their corresponding
995 ------------------------------------------------------------------------