Read-only `slaves` with shared subtrees?

From: Dawid Ciezarkiewicz
Date: Fri Sep 15 2017 - 13:57:58 EST


Hi,

(Please keep me in CC me when responding.)

I have an use-case for shared subtrees that is not covered by:

https://www.kernel.org/doc/Documentation/filesystems/sharedsubtree.txt

and I wasn't able to figure out any working solution - it might not be possible
ATM.

Long story short:
I'd like the `slave` mount (service in a container) to mount propagated events
as RO, no matter how did `master` (host) mount them. Host might need that data
RW, but slave must have it RO only.

I'm using Linux containers to isolate processes. I need the container
to follow part of the host system mount tree, but not have a write-access to it
(for security reasons). It's a trivial setup as long
as everything is static, but as soon as a part of what the container needs
to access is mounted/unmounted at runtime (and thus shared subtrees
are involved),
there seems to be no way to control the flags of the propagated mount events.

I might be able to write a patch implementing this, but before attempting that,
I'd like to confirm:

* Is it even a good idea?
* Is it maybe already possible by some other means?
* Is it an use-case that might potentially be worth supporting in the mainline?
If so: any hints/ideas about the design and API?

Best Regards,
--
Dawid Ciezarkiewicz
Software Engineer at Rubrik