Chapter 8: The Virtual Filesystem
Another issue arises when all container users are supposed to see devices mounted on/media,for
instance, a USB stick in/media/usbstick. This clearly works if/mediais shared between the containers,
but has one drawback: Any container user will see the media mounted by any other container. Turning
/mediainto a slave mount keeps the desired features (mount events propagating from/), but isolates the
containers from each other. As the bottom-right part of Figure 8-7 shows, the camera mounted by user
A cannot be seen in any other container, while the USB stick mount point propagates downward into all
subdirectories of/virtual.
Recall that the data structures that are the basis for shared subtrees were described in Section 8.4.1. Let us
thus now turn our attention to the required extensions of the mount implementation. If one of the flags
MS_SHARED,MS_PRIVATE,MS_SLAVE,orMS_UNBINDABLEis passed to themountsystem call, thendo_mount
callsdo_change_typeto change the type of a given mount. The function is essentially implemented as
follows:
fs/namespace.c
static int do_change_type(struct nameidata *nd, int flag)
{
struct vfsmount *m, *mnt = nd->mnt;
int recurse = flag & MS_REC;
int type = flag & ~MS_REC;
...
for (m = mnt; m; m = (recurse? next_mnt(m, mnt) : NULL))
change_mnt_propagation(m, type);
return 0;
}
The mount type for the path given inndis changed usingchange_mnt_propagation;iftheMS_RECflag is
set, the mount types of all submounts are changed recursively.next_mntprovides an iterator that allows
for traversing all submounts of a given mount.
change_mnt_propagationis responsible to set the appropriate propagation flag for an instance ofstruct
vfsmount.
fs/pnode.c
void change_mnt_propagation(struct vfsmount *mnt, int type)
{
if (type == MS_SHARED) {
set_mnt_shared(mnt);
return;
}
do_make_slave(mnt);
if (type != MS_SLAVE) {
list_del_init(&mnt->mnt_slave);
mnt->mnt_master = NULL;
if (type == MS_UNBINDABLE)
mnt->mnt_flags |= MNT_UNBINDABLE;
}
}
This is simple for shared mounts: It suffices to set the flagMNT_SHAREDwith the auxiliary function
set_mnt_shared.
