Linux Kernel Architecture

Chapter 8: The Virtual Filesystem

❑ Unbindable Mounts— Cannot be cloned through a bind operation.

❑ Private Mounts— essentially a new name for the classical mount type known fromUnix:They

can be mounted on multiple places across the filesystem, but mounts propagate neither to nor

from them.

usr media virtual

usbstick

usbstick camera

abc

usr media virtual

usbstick floppy

usr media virtual

usr media virtual

abc

usr media virtual virtual

1 2

3 4

usr media virtual

usbstick

media

a

acb

bc

usr virtual

usr media virtual

usbstick

media

usbstick

media

usbstick

abc

usr virtual

acb

Figure 8-7: Illustration of some features provided by shared subtrees.

Consider a filesystem that is mounted on multiple places across the filesystem. This is a standard feature
ofUnixand Linux and can be achieved with the old framework discussed so far. Imagine the situation
depicted in the top-left part of Figure 8-7: The directory/virtualcontains three identical bind mounts
of the root filesystem in/virtual/a,/virtual/b,and/virtual/c. However, it could be desirable that
any medium mounted in/mediawill also be visible in/virtual/user/media,evenifthemediumwas
added after the mount structure has been established. The solution is to replace the bind mounts by
shared mounts: In this case, any filesystem mounted in/mediain any of the peers (/,/file/virtual/a/,
/file/virtual/b/, and /file/virtual/c/) will be visible in all of them. The top-right part of Figure 8-7
shows the directory tree in this situation.

If the filesystem structure presented above is used as a basis for containers, each user of a container
can see all other containers by looking at the contents of/virtual/name/virtual! Usually, this is not
desired.^16 A remedy to the problem is provided by turning/virtualinto an unbindable subtree: Its
contents can then not be seen anymore in bind mounts, and the users trapped in the containers will not
see anything that lives outside their world. The bottom-left part of Figure 8-7 illustrates the situation.

(^16) Note that many of the problems presented here can also be solved to some extent by using more refined variants of binding
mounts or proper access control, but usually, some drawbacks or limitations will come along with these solutions. The possibilities
offered by shared subtrees are usually more powerful.