Dec 24, 2018

[linux][namespace] Mount (mnt)

Mount namespaces and shared subtrees
Reference: 
https://lwn.net/Articles/689856/
https://www.kernel.org/doc/Documentation/filesystems/sharedsubtree.txt
https://www.kernel.org/doc/html/v5.0/
http://man7.org/linux/man-pages/man7/mount_namespaces.7.html

  • Each mount namespace has its own list of mount points.
    When the system is first booted, there is a single mount namespace,
    the so-called "initial namespace".
  • New mount namespaces are created by using the CLONE_NEWNS flag
    with either the clone() system call (to create a new child process in the new namespace)
    or the unshare() system call (to move the caller into the new namespace).
  • When a new mount namespace is created, it receives a copy of the mount point list replicated from the namespace of the caller of clone() or unshare().
  • Changes to the mount point list are (by default) visible only to processes in the mount namespace where the process resides;
    the changes are not visible in other mount namespaces.


Shared subtrees:
We do not want to re-mount a DVD-ROM in every mount space.
Each mount point is marked with a "propagation type",
which determines whether mount points created and removed
under this mount point are propagated to other mount points.

 4 shared types:
  • MS_SHARED
    Make this mount point shared.
    Mount and unmount events immediately under this mount point will propagate to the other mount points that are members of this mount's peer group. Propagation here means that the same mount or unmount will automatically occur under all of the other mount points in the peer group.
    Conversely, mount and unmount events that take place under peer mount points will propagate to this mount point.
  • MS_PRIVATE
    Make this mount point private.
    Mount and unmount events do not propagate into or out of this mount point.
  • MS_SLAVE
    If this is a shared mount point that is a member of a peer group that contains other members, convert it to a slave mount.
    If this is a shared mount point that is a member of a peer group that contains no other members, convert it to a private mount. 
    Otherwise, the propagation type of the mount point is left unchanged.
    When a mount point is a slave, mount and unmount events propagate into this mount point from the (master) shared peer group of which it was formerly a member.
    Mount and unmount events under this mount point do not propagate to any peer.
    A mount point can be the slave of another peer group while at the same time sharing mount and unmount events with a peer group of which it is a member.
  • MS_UNBINDABLE
    Make this mount unbindable.
    This is like a private mount, and in addition this mount can't be bind mounted.  When a recursive bind mount (mount() with the MS_BIND and MS_REC flags) is performed on a directory subtree, any unbindable mounts within the subtree are automatically pruned (i.e., not replicated) when replicating that subtree to produce the target subtree.


Peer groups:
A peer group is a set of mount points that propagate mount and unmount events to one another.


Examining propagation types and peer groups via
/proc/PID/mountinfo:
The /proc/PID/mountinfo file (documented in the proc(5) manual page) displays a range of information about the mount points for the mount namespace in which the process PID resides. All processes that reside in the same mount namespace will see the same view in this file.


 List current process's mount information:
$ cat /proc/self/mountinfo | sed 's/ - .*//'
Posted by at
Labels: , , , , ,

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.

Subscribe to: Post Comments (Atom)