aboutsummaryrefslogtreecommitdiffstats
path: root/ipc
diff options
context:
space:
mode:
authorDave Hansen <haveblue@us.ibm.com>2007-10-17 02:31:13 -0400
committerLinus Torvalds <torvalds@woody.linux-foundation.org>2007-10-17 11:43:04 -0400
commitce8d2cdf3d2b73e346c82e6f0a46da331df6364c (patch)
treebf3597f2d4f57d6e30a7703d7fce0dbf8c757962 /ipc
parent348366b963e4e1462c8354827a9cb910aa865bf2 (diff)
r/o bind mounts: filesystem helpers for custom 'struct file's
Why do we need r/o bind mounts? This feature allows a read-only view into a read-write filesystem. In the process of doing that, it also provides infrastructure for keeping track of the number of writers to any given mount. This has a number of uses. It allows chroots to have parts of filesystems writable. It will be useful for containers in the future because users may have root inside a container, but should not be allowed to write to somefilesystems. This also replaces patches that vserver has had out of the tree for several years. It allows security enhancement by making sure that parts of your filesystem read-only (such as when you don't trust your FTP server), when you don't want to have entire new filesystems mounted, or when you want atime selectively updated. I've been using the following script to test that the feature is working as desired. It takes a directory and makes a regular bind and a r/o bind mount of it. It then performs some normal filesystem operations on the three directories, including ones that are expected to fail, like creating a file on the r/o mount. This patch: Some filesystems forego the vfs and may_open() and create their own 'struct file's. This patch creates a couple of helper functions which can be used by these filesystems, and will provide a unified place which the r/o bind mount code may patch. Also, rename an existing, static-scope init_file() to a less generic name. Signed-off-by: Dave Hansen <haveblue@us.ibm.com> Cc: Christoph Hellwig <hch@lst.de> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'ipc')
-rw-r--r--ipc/shm.c13
1 files changed, 5 insertions, 8 deletions
diff --git a/ipc/shm.c b/ipc/shm.c
index b8884c288ec..5fc5cf50cf1 100644
--- a/ipc/shm.c
+++ b/ipc/shm.c
@@ -907,7 +907,7 @@ long do_shmat(int shmid, char __user *shmaddr, int shmflg, ulong *raddr)
907 goto out_unlock; 907 goto out_unlock;
908 908
909 path.dentry = dget(shp->shm_file->f_path.dentry); 909 path.dentry = dget(shp->shm_file->f_path.dentry);
910 path.mnt = mntget(shp->shm_file->f_path.mnt); 910 path.mnt = shp->shm_file->f_path.mnt;
911 shp->shm_nattch++; 911 shp->shm_nattch++;
912 size = i_size_read(path.dentry->d_inode); 912 size = i_size_read(path.dentry->d_inode);
913 shm_unlock(shp); 913 shm_unlock(shp);
@@ -915,18 +915,16 @@ long do_shmat(int shmid, char __user *shmaddr, int shmflg, ulong *raddr)
915 err = -ENOMEM; 915 err = -ENOMEM;
916 sfd = kzalloc(sizeof(*sfd), GFP_KERNEL); 916 sfd = kzalloc(sizeof(*sfd), GFP_KERNEL);
917 if (!sfd) 917 if (!sfd)
918 goto out_put_path; 918 goto out_put_dentry;
919 919
920 err = -ENOMEM; 920 err = -ENOMEM;
921 file = get_empty_filp(); 921
922 file = alloc_file(path.mnt, path.dentry, f_mode, &shm_file_operations);
922 if (!file) 923 if (!file)
923 goto out_free; 924 goto out_free;
924 925
925 file->f_op = &shm_file_operations;
926 file->private_data = sfd; 926 file->private_data = sfd;
927 file->f_path = path;
928 file->f_mapping = shp->shm_file->f_mapping; 927 file->f_mapping = shp->shm_file->f_mapping;
929 file->f_mode = f_mode;
930 sfd->id = shp->id; 928 sfd->id = shp->id;
931 sfd->ns = get_ipc_ns(ns); 929 sfd->ns = get_ipc_ns(ns);
932 sfd->file = shp->shm_file; 930 sfd->file = shp->shm_file;
@@ -977,9 +975,8 @@ out_unlock:
977 975
978out_free: 976out_free:
979 kfree(sfd); 977 kfree(sfd);
980out_put_path: 978out_put_dentry:
981 dput(path.dentry); 979 dput(path.dentry);
982 mntput(path.mnt);
983 goto out_nattch; 980 goto out_nattch;
984} 981}
985 982