Lines Matching +full:- +full:a +full:-
1 .. SPDX-License-Identifier: GPL-2.0
11 4) Use-case
19 -----------
23 A process wants to clone its own namespace, but still wants to access the CD
27 It provides the necessary building blocks for features like per-user-namespace
31 -----------
36 a. shared mount
42 2a) A shared mount can be replicated to as many mountpoints and all the
47 Let's say /mnt has a mount that is shared::
49 mount --make-shared /mnt
51 Note: mount(8) command now supports the --make-shared flag,
57 # mount --bind /mnt /tmp
65 a b c
68 a b c
70 Now let's say we mount a device at /tmp/a::
72 # mount /dev/sd0 /tmp/a
74 #ls /tmp/a
77 #ls /mnt/a
82 And the same is true even when /dev/sd0 is mounted on /mnt/a. The
83 contents will be visible under /tmp/a too.
86 2b) A slave mount is like a shared mount except that mount and umount events
89 All slave mounts have a master mount which is a shared.
93 Let's say /mnt has a mount which is shared.
94 # mount --make-shared /mnt
97 # mount --bind /mnt /tmp
99 the new mount at /tmp becomes a shared mount and it is a replica of
102 Now let's make the mount at /tmp; a slave of /mnt
103 # mount --make-slave /tmp
105 let's mount /dev/sd0 on /mnt/a
106 # mount /dev/sd0 /mnt/a
108 #ls /mnt/a
111 #ls /tmp/a
129 2c) A private mount does not forward or receive propagation.
134 2d) A unbindable mount is a unbindable private mount
136 let's say we have a mount at /mnt and we make it unbindable::
138 # mount --make-unbindable /mnt
142 # mount --bind /mnt /tmp
146 Binding a unbindable mount is a invalid operation.
150 -----------------------
152 The mount command (util-linux package) can be used to set mount
155 mount --make-shared mountpoint
156 mount --make-slave mountpoint
157 mount --make-private mountpoint
158 mount --make-unbindable mountpoint
162 ------------
164 A) A process wants to clone its own namespace, but still wants to
171 mount --bind /cdrom /cdrom
172 mount --make-shared /cdrom
174 Now any process that clones off a new namespace will have a
175 mount at /cdrom which is a replica of the same mount in the
178 So when a CD is inserted and mounted at /cdrom that mount gets
182 B) A process wants its mounts invisible to any other process, but
190 mount --make-rshared /
192 A new process can clone off a new namespace. And mark some part
195 mount --make-rslave /myprivatetree
206 C) Per-user namespace
208 The above semantics allows a way to share mounts across
211 associate/disassociate a namespace with userid, then each user
224 mount --make-shared /
225 mount --rbind / /view/v1
226 mount --rbind / /view/v2
227 mount --rbind / /view/v3
228 mount --rbind / /view/v4
230 and if /usr has a versioning filesystem mounted, then that
234 A user can request v3 version of the file /usr/fs/namespace.c
241 ---------------------
243 bind, rbind, move, mount, umount and clone-namespace operations.
248 5a) Mount states
250 A given mount can be in one of the following states
258 A 'propagation event' is defined as event generated on a vfsmount
261 A 'peer group' is defined as a group of vfsmounts that propagate
266 A 'shared mount' is defined as a vfsmount that belongs to a
271 mount --make-shared /mnt
272 mount --bind /mnt /tmp
282 A 'slave mount' is defined as a vfsmount that receives
285 A slave mount as the name implies has a master mount from which
287 the slave mount to the master. Only a shared mount can be made
288 a slave by executing the following command::
290 mount --make-slave mount
292 A shared mount that is made as a slave is no more shared unless
297 A vfsmount can be both shared as well as slave. This state
298 indicates that the mount is a slave of some vfsmount, and
304 peer group, and this peer-group is a slave of some other
307 Only a slave vfsmount can be made as 'shared and slave' by
310 mount --make-shared mount
312 or by moving the slave vfsmount under a shared vfsmount.
316 A 'private mount' is defined as vfsmount that does not
321 A 'unbindable mount' is defined as vfsmount that does not
328 The state diagram below explains the state transition of a mount,
331 -----------------------------------------------------------------------
332 | |make-shared | make-slave | make-private |make-unbindab|
333 --------------|------------|--------------|--------------|-------------|
336 |-------------|------------|--------------|--------------|-------------|
339 |-------------|------------|--------------|--------------|-------------|
342 |-------------|------------|--------------|--------------|-------------|
344 |-------------|------------|--------------|--------------|-------------|
346 ------------------------------------------------------------------------
352 ** slaving a non-shared mount has no effect on the mount.
355 the state of a mount depending on type of the destination mount. Its
362 mount --bind A/a B/b
364 where 'A' is the source mount, 'a' is the dentry in the mount 'A', 'B'
367 The outcome depends on the type of mount of 'A' and 'B'. The table
370 --------------------------------------------------------------------------
373 |source(A)->| shared | private | slave | unbindable |
380 |non-shared| shared | private | slave | invalid |
385 1. 'A' is a shared mount and 'B' is a shared mount. A new mount 'C'
386 which is clone of 'A', is created. Its root dentry is 'a' . 'C' is
389 propagates to. A new propagation tree containing 'C1',..,'Cn' is
391 'B'. And finally the peer-group of 'C' is merged with the peer group
392 of 'A'.
394 2. 'A' is a private mount and 'B' is a shared mount. A new mount 'C'
395 which is clone of 'A', is created. Its root dentry is 'a'. 'C' is
398 propagates to. A new propagation tree is set containing all new mounts
402 3. 'A' is a slave mount of mount 'Z' and 'B' is a shared mount. A new
403 mount 'C' which is clone of 'A', is created. Its root dentry is 'a' .
406 'B' propagates to. A new propagation tree containing the new mounts
412 4. 'A' is a unbindable mount and 'B' is a shared mount. This is a
415 5. 'A' is a private mount and 'B' is a non-shared(private or slave or
416 unbindable) mount. A new mount 'C' which is clone of 'A', is created.
417 Its root dentry is 'a'. 'C' is mounted on mount 'B' at dentry 'b'.
419 6. 'A' is a shared mount and 'B' is a non-shared mount. A new mount 'C'
420 which is a clone of 'A' is created. Its root dentry is 'a'. 'C' is
421 mounted on mount 'B' at dentry 'b'. 'C' is made a member of the
422 peer-group of 'A'.
424 7. 'A' is a slave mount of mount 'Z' and 'B' is a non-shared mount. A
425 new mount 'C' which is a clone of 'A' is created. Its root dentry is
426 'a'. 'C' is mounted on mount 'B' at dentry 'b'. Also 'C' is set as a
427 slave mount of 'Z'. In other words 'A' and 'C' are both slave mounts of
428 'Z'. All mount/unmount events on 'Z' propagates to 'A' and 'C'. But
429 mount/unmount on 'A' do not propagate anywhere else. Similarly
432 8. 'A' is a unbindable mount and 'B' is a non-shared mount. This is a
433 invalid operation. A unbindable mount cannot be bind mounted.
449 A
456 of a type other than unbindable.
464 A'
476 mount --move A B/b
478 where 'A' is the source mount, 'B' is the destination mount and 'b' is
481 The outcome depends on the type of the mount of 'A' and 'B'. The table
482 below is a quick reference::
484 ---------------------------------------------------------------------------
487 | source(A)->| shared | private | slave | unbindable |
494 |non-shared| shared | private | slave | unbindable |
497 .. Note:: moving a mount residing under a shared mount is invalid.
501 1. 'A' is a shared mount and 'B' is a shared mount. The mount 'A' is
504 propagation from mount 'B'. A new propagation tree is created in the
508 of 'A'.
510 2. 'A' is a private mount and 'B' is a shared mount. The mount 'A' is
513 propagation from mount 'B'. The mount 'A' becomes a shared mount and a
518 3. 'A' is a slave mount of mount 'Z' and 'B' is a shared mount. The
519 mount 'A' is mounted on mount 'B' at dentry 'b'. Also new mounts 'A1',
521 receive propagation from mount 'B'. A new propagation tree is created
525 'A'. Mount 'A' continues to be the slave mount of 'Z' but it also
528 4. 'A' is a unbindable mount and 'B' is a shared mount. The operation
531 propagation from 'B'. And since the mount 'A' is unbindable, cloning
534 5. 'A' is a private mount and 'B' is a non-shared(private or slave or
535 unbindable) mount. The mount 'A' is mounted on mount 'B' at dentry 'b'.
537 6. 'A' is a shared mount and 'B' is a non-shared mount. The mount 'A'
538 is mounted on mount 'B' at dentry 'b'. Mount 'A' continues to be a
541 7. 'A' is a slave mount of mount 'Z' and 'B' is a non-shared mount.
542 The mount 'A' is mounted on mount 'B' at dentry 'b'. Mount 'A'
543 continues to be a slave mount of mount 'Z'.
545 8. 'A' is a unbindable mount and 'B' is a non-shared mount. The mount
546 'A' is mounted on mount 'B' at dentry 'b'. Mount 'A' continues to be a
559 that the source mount is always a private mount.
566 umount A
568 where 'A' is a mount mounted on mount 'B' at dentry 'b'.
570 If mount 'B' is shared, then all most-recently-mounted mounts at dentry
572 sub-mounts within them are unmounted.
583 if 'C1' is unmounted, all the mounts that are most-recently-mounted on
584 'B1' and on the mounts that 'B1' propagates-to are unmounted.
593 to be unmounted and 'C1' has some sub-mounts, the umount operation is
598 A cloned namespace contains all the mounts as that of the parent
601 Let's say 'A' and 'B' are the corresponding mounts in the parent and the
604 If 'A' is shared, then 'B' is also shared and 'A' and 'B' propagate to
607 If 'A' is a slave mount of 'Z', then 'B' is also the slave mount of
610 If 'A' is a private mount, then 'B' is a private mount too.
612 If 'A' is unbindable mount, then 'B' is a unbindable mount too.
616 -------
618 A. What is the result of the following command sequence?
622 mount --bind /mnt /mnt
623 mount --make-shared /mnt
624 mount --bind /mnt /tmp
625 mount --move /tmp /mnt/1
636 mount --make-rshared /
637 mkdir -p /v/1
638 mount --rbind / /v/1
647 mount --bind /mnt /mnt
648 mount --make-shared /mnt
649 mkdir -p /mnt/1/2/3 /mnt/1/test
650 mount --bind /mnt/1 /tmp
651 mount --make-slave /mnt
652 mount --make-shared /mnt
653 mount --bind /mnt/1/2 /tmp1
654 mount --make-slave /mnt
657 its root dentry is 1. Let's call this mount 'A'
658 And then we have a second mount at /tmp1 with root
660 Next we have a third mount at /mnt with root dentry
663 'B' is the slave of 'A' and 'C' is a slave of 'B'
664 A -> B -> C
668 mount --bind /bin /tmp/test
670 The mount is attempted on 'A'
678 ------
687 exportfs is a heavyweight way of accomplishing part of what
688 shared subtree can do. I cannot imagine a way to implement the
696 if one rbind mounts a tree within the same subtree 'n' times
716 mount --make-shared /root
718 mkdir -p /tmp/m1
720 mount --rbind /root /tmp/m1
739 mkdir -p /tmp/m2
740 mount --rbind /root /tmp/m2
766 mkdir -p /tmp/m3
767 mount --rbind /root /tmp/m3
772 at step i the number of vfsmounts is V[i] = i*V[i-1].
776 One could use a series of umount at each step to prune
777 out the unneeded mounts. But there is a better solution.
795 mount --bind /root/tmp /root/tmp
797 mount --make-rshared /root
798 mount --make-unbindable /root/tmp
800 mkdir -p /tmp/m1
802 mount --rbind /root /tmp/m1
817 mkdir -p /tmp/m2
818 mount --rbind /root /tmp/m2
833 mkdir -p /tmp/m3
834 mount --rbind /root /tmp/m3
847 -----------------
849 8A) Datastructure
853 * ->mnt_share
854 * ->mnt_slave_list
855 * ->mnt_slave
856 * ->mnt_master
858 ->mnt_share
862 ->mnt_slave_list
866 ->mnt_slave
870 ->mnt_master
874 ->mnt_flags
876 the vfsmount. MNT_SHARE indicates that the vfsmount is a shared
880 All the shared vfsmounts in a peer group form a cyclic list through
881 ->mnt_share.
883 All vfsmounts with the same ->mnt_master form on a cyclic list anchored
884 in ->mnt_master->mnt_slave_list and going through ->mnt_slave.
886 ->mnt_master can point to arbitrary (and possibly different) members
887 of master peer group. To find all immediate slaves of a peer group
888 you need to go through _all_ ->mnt_slave_list of its members.
889 Conceptually it's just a single set - distribution among the
893 All vfsmounts in a peer group have the same ->mnt_master. If it is
894 non-NULL, they form a contiguous (ordered) segment of slave list.
896 A example propagation tree looks as shown in the figure below.
897 [ NOTE: Though it looks like a forest, if we consider all the shared
898 mounts as a conceptual entity called 'pnode', it becomes a tree]::
901 A <--> B <--> C <---> D
905 E<-->K
909 In the above figure A,B,C and D all are shared and propagate to each
910 other. 'A' has got 3 slave mounts 'E' 'F' and 'G' 'C' has got 2 slave
915 A's ->mnt_share links with the ->mnt_share of 'B' 'C' and 'D'
917 A's ->mnt_slave_list links with ->mnt_slave of 'E', 'K', 'F' and 'G'
919 E's ->mnt_share links with ->mnt_share of K
921 'E', 'K', 'F', 'G' have their ->mnt_master point to struct vfsmount of 'A'
923 'M', 'L', 'N' have their ->mnt_master point to struct vfsmount of 'K'
925 K's ->mnt_slave_list links with ->mnt_slave of 'M', 'L' and 'N'
927 C's ->mnt_slave_list links with ->mnt_slave of 'J' and 'K'
929 J and K's ->mnt_master points to struct vfsmount of C
931 and finally D's ->mnt_slave_list links with ->mnt_slave of 'H' and 'I'
933 'H' and 'I' have their ->mnt_master pointing to struct vfsmount of 'D'.
940 ->mnt_share, ->mnt_slave, ->mnt_slave_list, ->mnt_master are protected
943 Normally we have ->mnt_flags modifications serialized by vfsmount_lock.
945 The former modifies a vfsmount that has not been visible in any shared
965 a) Create the necessary number of mount trees to
969 However note down its ->mnt_parent and ->mnt_mountpoint
970 c) Link all the new mounts to form a propagation tree that
995 ------------------------------------------------------------------------