[pve-devel] [PATCH v2 container 1/2] fix #1451: add mountoptions to container config

Thomas Lamprecht t.lamprecht at proxmox.com
Tue May 21 20:53:16 CEST 2019


On 5/21/19 8:49 PM, Fabian Grünbichler wrote:
> On Tue, May 21, 2019 at 12:50:20PM +0200, Oguz Bektas wrote:
>>> and we're sure about allowing all?? also there's no option
>>> on any FS supported option which can include ';' ? 
>>
>> as discussed offline, i'm sending a proposed whitelist for the options
>> that we might allow in the backend.
>>
>> i stick to the fs-independent mountoptions for now. will try to handle
>> conflicts in the backend, since the default behaviour in mountoptions
>> is the last one wins in case of conflict.
>>
>> - noatime
>> - nodiratime
>> - relatime
>> - strictatime
>> - lazytime (?) (not quite sure, idk how much performance this'd bring)
>> - nodev
>> - noexec
>> - nosuid
> 
> the above are probably okay and serve some use cases
> 
>> - owner (?) (implies nosuid + nodev but idk if there's any point)
>> - noauto
> 
> these seem less useful to me..
> 
>> - noiversion (?) (same with lazytime)
> 
> probably leave it out for now to make the whole affair less cluttered?
> 
>> - context, fscontext, defcontext, rootcontext (????)
> 
> these don't make any sense - we are using AppArmor after all (and LSM
> stacking is not yet real ;))

Some think otherwise: https://bugzilla.proxmox.com/show_bug.cgi?id=2215
;) (just as a side note, really not arguing for including above)

> 
> when in doubt, I'd err on the side of "include less" - adding new ones
> if there is demand and a convincing argument should be straight-forward
> once the basic mechanism is there (both on the backend and on the GUI).
> 

as already said off-line: big +1 for this one





More information about the pve-devel mailing list