Re: RFC: permit link(2) to work across --bind mounts ?

[dean gaudet]

On Sat, 29 Dec 2007, David Newall wrote:

> dean gaudet wrote:
> > On Wed, 19 Dec 2007, David Newall wrote:
> >   
> > > Mark Lord wrote:
> > >     
> > > > But.. pity there's no mount flag override for smaller systems,
> > > > where bind mounts might be more useful with link(2) actually working.
> > > >       
> > > I don't see it.  You always can make hard link on the underlying
> > > filesystem.
> > > If you need to make it on the bound mount, that is, if you can't locate
> > > the
> > > underlying filesystem to make the hard link, you can use a symbolic link.
> > >     
> > 
> > i run into it on a system where /home is a bind mount of /var/home ... i did
> > this because:
> > 
> > - i prefer /home to be nosuid,nodev (multi-user system)
> >   
> 
> Whatever security /home has, /var/home is the one that restricts because users
> can still access their files that way.

yep.  and /var is nosuid,nodev as well.

> > - i prefer /home to not be on same fs as /
> > - the system has only one raid1 array, and i can't stand having two
> > writable filesystems competing on the same set of spindles (i like to
> >   imagine that one fs competing for the spindles can potentially result
> >   in better seek patterns)
> > ...
> > - i didn't want to try to balance disk space between /var and /home
> > - i didn't want to use a volume mgr just to handle disk space balance...
> >   
> 
> Pffuff.  That's what volume managers are for!  You do have (at least) two
> independent spindles in your RAID1 array, which give you less need to worry
> about head-stack contention.

this system is write intensive and writes go to all spindles, so you're
assertion is wrong.  a quick look at iostat shows the system has averaged
50/50 reads/writes over 34 days.  that means 50% of the IO is going to
both spindles.

Device:         rrqm/s   wrqm/s     r/s     w/s    rkB/s    wkB/s avgrq-sz avgqu-sz   await  svctm  %util
sda               1.96     2.24   33.65   33.16   755.50   465.45    36.55     0.56    8.43   5.98  39.96

> You probably want different mount restrictions
> on /home than /var, so you really must use separate filesystems.

not sure why you think i want different restrictions... i'm running fine
with nosuid,nodev for /var.

the main worry i have is some user maliciously hardlinks everything
under /var/log somewhere else and slowly fills up the file system with
old rotated logs.  the users otherwise have quotas so they can't fill
things up on their own.  i could probably set up XFS quota trees (aka
"projects") but haven't gone to this effort yet.


> LVM is your friend.

i disagree.  but this is getting into personal taste -- i find volume
managers to be an unnecessary layer of complexity.  given i need quotas for
the users anyhow i don't see why i should both manage my disk space via
quotas and via an extra block layer.


> 
> But with regards to bind mounts and hard links:  If you want to be able to
> hard-link /home/me/log to /var/tmp/my-log, then I see nothing to prevent
> hard-linking /var/home/me/log to /var/tmp/my-log.

you probably missed the point where i said that i was surprised i couldn't
hardlink across the bind mount and actually wanted it to work.

-dean
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/