[pve-devel] [PATCH v2 container 1/2] fix #1451: add mountoptions to container config
Fabian Grünbichler
f.gruenbichler at proxmox.com
Tue May 21 20:49:12 CEST 2019
On Tue, May 21, 2019 at 12:50:20PM +0200, Oguz Bektas wrote:
> hi!
>
> >
> > and we're sure about allowing all?? also there's no option
> > on any FS supported option which can include ';' ?
>
> as discussed offline, i'm sending a proposed whitelist for the options
> that we might allow in the backend.
>
> i stick to the fs-independent mountoptions for now. will try to handle
> conflicts in the backend, since the default behaviour in mountoptions
> is the last one wins in case of conflict.
>
> - noatime
> - nodiratime
> - relatime
> - strictatime
> - lazytime (?) (not quite sure, idk how much performance this'd bring)
> - nodev
> - noexec
> - nosuid
the above are probably okay and serve some use cases
> - owner (?) (implies nosuid + nodev but idk if there's any point)
> - noauto
these seem less useful to me..
> - noiversion (?) (same with lazytime)
probably leave it out for now to make the whole affair less cluttered?
> - context, fscontext, defcontext, rootcontext (????)
these don't make any sense - we are using AppArmor after all (and LSM
stacking is not yet real ;))
when in doubt, I'd err on the side of "include less" - adding new ones
if there is demand and a convincing argument should be straight-forward
once the basic mechanism is there (both on the backend and on the GUI).
More information about the pve-devel
mailing list