From nobody Mon Dec 15 01:34:25 2025 Received: from mout-p-103.mailbox.org (mout-p-103.mailbox.org [80.241.56.161]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 74AEF2248B3; Fri, 8 Aug 2025 20:40:12 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=80.241.56.161 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1754685614; cv=none; b=TyzrSIGxrMpb3TsmeXu8IMkDJ5nsszCox4MeNNfYranfs4ZF58gI7KVtvmfDJRmc6nUk272NqdT7XJ2lF8ht/FszWIUiHIBiIKrcn+kHUiQGOMQu1WXj4u7TG4EmcTKhBR0DSDagcjfC0HSf3V0vS+7EFk8Zzjms3kzick/1wnQ= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1754685614; c=relaxed/simple; bh=9x2GIlcD3cYf08YHgjOqsR+ppGR5Qw6j8BsDOjGrJJU=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=Xzm7TEwjBvH1B4v3eS+PBWFbHJFe4UxmEmX4sQDn76Oo5N017oUFTJfz7qtKARBjDuB+LqJi0QTNSs8WRpoTY4mMQD0PVknCKG4FHo94cuZkyQfKowhIyRjbpmE+WxUhEB+nz2Dwj65DEIWNIbUPyfs36KqQP5IQvke02l4h6O4= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=cyphar.com; spf=pass smtp.mailfrom=cyphar.com; dkim=pass (2048-bit key) header.d=cyphar.com header.i=@cyphar.com header.b=rGb9F0ex; arc=none smtp.client-ip=80.241.56.161 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=cyphar.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=cyphar.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=cyphar.com header.i=@cyphar.com header.b="rGb9F0ex" Received: from smtp1.mailbox.org (smtp1.mailbox.org [10.196.197.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mout-p-103.mailbox.org (Postfix) with ESMTPS id 4bzGB042N4z9t7d; Fri, 8 Aug 2025 22:40:08 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cyphar.com; s=MBO0001; t=1754685608; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=1l48VI8o0GNZeOO2k04rV2PeunW2FfL5oSOr2P+jRHY=; b=rGb9F0exbTVvk7CQW80/2LPTRslfMH6YeOohp6+2RaD9tVa0OvEsHm9zBeq31A7FDRQqvM Txb5w5k2qfX8YLAnwCgFmOT8NOiORcQM5FWKxiNxInRQGBYaIEbCJ6pqOGLMlkIfXGDfcz iMyoehpVC2OGfhzMYTZTOJzdY1BTdFrwpuwnwSIrIf9rx/phGC51wyiYYOk8veX5n1nCmu fyok+DIrG+C88hzHWmU2onYOWNP+5eJ3UmLqx0vx5IQK4N7Kju4pCZRpMUrahyst4JBB6w XG53mhpbs3Ajc5BUXAGpXn0+F4wF9LnaIHf6nRV2yppm7qOpE6YeJRgq3OZf2w== From: Aleksa Sarai Date: Sat, 09 Aug 2025 06:39:45 +1000 Subject: [PATCH v3 01/12] man/man2/statx.2: correctly document AT_NO_AUTOMOUNT Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20250809-new-mount-api-v3-1-f61405c80f34@cyphar.com> References: <20250809-new-mount-api-v3-0-f61405c80f34@cyphar.com> In-Reply-To: <20250809-new-mount-api-v3-0-f61405c80f34@cyphar.com> To: Alejandro Colomar Cc: "Michael T. Kerrisk" , Alexander Viro , Jan Kara , Askar Safin , "G. Branden Robinson" , linux-man@vger.kernel.org, linux-api@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, David Howells , Christian Brauner , Aleksa Sarai X-Developer-Signature: v=1; a=openpgp-sha256; l=1020; i=cyphar@cyphar.com; h=from:subject:message-id; bh=9x2GIlcD3cYf08YHgjOqsR+ppGR5Qw6j8BsDOjGrJJU=; b=owGbwMvMwCWmMf3Xpe0vXfIZT6slMWRMS5jmyKdgM+eU7FyvzAtdvKXP9mffzNnMK/R3ecvC3 zsrjaQ9OkpZGMS4GGTFFFm2+XmGbpq/+Eryp5VsMHNYmUCGMHBxCsBEzgczMqzXkuEvdmq+bHl3 bU3wXNP9PnL2ctOu/t5hMuMAf4F7qzbDP4vwL98yym5klVU+05rbs8SxX/bcu7PnnGsyHxSd6tK ZxAUA X-Developer-Key: i=cyphar@cyphar.com; a=openpgp; fpr=C9C370B246B09F6DBCFC744C34401015D1D2D386 AT_NO_AUTOMOUNT un-sets FOLLOW_AUTOMOUNT, which blocks the automounting of all automount points encountered during lookup, not just the terminal component. Signed-off-by: Aleksa Sarai --- man/man2/statx.2 | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/man/man2/statx.2 b/man/man2/statx.2 index 07ac60b3c5d61d919fa790fe2d5c2ba33a771f75..0b4175e994f42c7aab6b0bfd507= 39971d4d55a4f 100644 --- a/man/man2/statx.2 +++ b/man/man2/statx.2 @@ -184,9 +184,9 @@ .SS Invoking statx(): the call operates on the current working directory. .TP .B AT_NO_AUTOMOUNT -Don't automount the terminal ("basename") component of -.I path -if it is a directory that is an automount point. +Don't automount any automount points encountered +while resolving +.IR path . This allows the caller to gather attributes of an automount point (rather than the location it would mount). This flag has no effect if the mount point has already been mounted over. --=20 2.50.1 From nobody Mon Dec 15 01:34:25 2025 Received: from mout-p-202.mailbox.org (mout-p-202.mailbox.org [80.241.56.172]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 774D5241695; Fri, 8 Aug 2025 20:40:18 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=80.241.56.172 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1754685620; cv=none; b=t6ux0tx7B2WB4N6OuwwCxFEhOt7dDArNwRnNzAEYwy0xhCOn2rJ5RefX4kMc5PkIMbvNlyAZRpKC+Kj6ujrSKS+oIE5hZN32Mm+LKquNjVZNNqhDHciPszJ06EL0Y+TxhZ1qm4z99yu3t8DETCEb/N2WGfVT4M/w4ul9y7i0bSU= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1754685620; c=relaxed/simple; bh=bTGFD2/2bcT9alY7qwJn5EsSznhn0m8yNz6wwuY7Wt0=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=pZkrPT8tdvkt9HjuQg+rAALEcvPydbRxYv/OzZ/TOB8XTfrEc5GalZAUbMMuKdv/7pBBIJFK7rtiA8MiDeAUoMVFZCrzrv0JrC5NkM66Kj6iMZVRHzdMcNOHjZJZWLZb7+quNyjWxdWIoaZw0ZI9b+H5Rbn31OCpTFhNRpuKTkM= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=cyphar.com; spf=pass smtp.mailfrom=cyphar.com; dkim=pass (2048-bit key) header.d=cyphar.com header.i=@cyphar.com header.b=hG9Kz/5y; arc=none smtp.client-ip=80.241.56.172 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=cyphar.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=cyphar.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=cyphar.com header.i=@cyphar.com header.b="hG9Kz/5y" Received: from smtp1.mailbox.org (smtp1.mailbox.org [IPv6:2001:67c:2050:b231:465::1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mout-p-202.mailbox.org (Postfix) with ESMTPS id 4bzGB66Sppz9sWF; Fri, 8 Aug 2025 22:40:14 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cyphar.com; s=MBO0001; t=1754685614; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=MqFHaT9eot7e8JTZuFttQxIxVA/lkTUjjI9C+5YSP+k=; b=hG9Kz/5ygwPKYDnVKf+jdnrbsGhcgaywYwRqx2PXl6XrSYnJMJuH8E6qHeOdtEeczqDNJN 4CfmBFMSQdhmHgdHCn69Bx68YMPb3KsckodqL4WgBRHif6YYwCoRJxp7oS4qqjzTWeu1MA gQrYkmv7o2O8deUzmrpdHoaArRSjXgXrqM+OUTEpv9tjxcU7ADR0sfRIHa7tslBoOYkxPz dbEOA4ey/HfGigOIdUCs8vIfLit7EmOsgfP4QhQ13VQObuTtNapWs5xQkG4WMQ3mtR+zqE +A/QuIlFKXuJ/kQL6lGER17NTxnnUyw3S9Jy/K/TbBCCSniUgR9in7WBrzXejA== Authentication-Results: outgoing_mbo_mout; dkim=none; spf=pass (outgoing_mbo_mout: domain of cyphar@cyphar.com designates 2001:67c:2050:b231:465::1 as permitted sender) smtp.mailfrom=cyphar@cyphar.com From: Aleksa Sarai Date: Sat, 09 Aug 2025 06:39:46 +1000 Subject: [PATCH v3 02/12] man/man2/mount_setattr.2: fix stray quote in SYNOPSIS Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20250809-new-mount-api-v3-2-f61405c80f34@cyphar.com> References: <20250809-new-mount-api-v3-0-f61405c80f34@cyphar.com> In-Reply-To: <20250809-new-mount-api-v3-0-f61405c80f34@cyphar.com> To: Alejandro Colomar Cc: "Michael T. Kerrisk" , Alexander Viro , Jan Kara , Askar Safin , "G. Branden Robinson" , linux-man@vger.kernel.org, linux-api@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, David Howells , Christian Brauner , Aleksa Sarai X-Developer-Signature: v=1; a=openpgp-sha256; l=798; i=cyphar@cyphar.com; h=from:subject:message-id; bh=bTGFD2/2bcT9alY7qwJn5EsSznhn0m8yNz6wwuY7Wt0=; b=owGbwMvMwCWmMf3Xpe0vXfIZT6slMWRMS5i2QizWLzXVQSOs/lRsoG4ou/C3B1qnOw0yJ81ON 5x1R6Kgo5SFQYyLQVZMkWWbn2fopvmLryR/WskGM4eVCWQIAxenAEzEQpeRYelz0Z6F235WcOic 3v89y0bzSXfqR/03ZXNF1ryw7XYt72b4yfhr6bZz8YFLOZ74F994I3FE9v/7AkHlA43H3DZVGlb fYAcA X-Developer-Key: i=cyphar@cyphar.com; a=openpgp; fpr=C9C370B246B09F6DBCFC744C34401015D1D2D386 X-Rspamd-Queue-Id: 4bzGB66Sppz9sWF Fixes: eb0f8239bc35 ("man/man2/mount_setattr.2: Document glibc >=3D 2.36 sy= scall wrappers") Signed-off-by: Aleksa Sarai --- man/man2/mount_setattr.2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/man/man2/mount_setattr.2 b/man/man2/mount_setattr.2 index c96f0657f0468fc4d2bc0132e08d1328570073b1..e1a975dcc8e2b263f68d18dc049= 2e8ecc518459e 100644 --- a/man/man2/mount_setattr.2 +++ b/man/man2/mount_setattr.2 @@ -14,7 +14,7 @@ .SH SYNOPSIS .B #include .P .BI "int mount_setattr(int " dirfd ", const char *" path ", unsigned int "= flags "," -.BI " struct mount_attr *" attr ", size_t " size );" +.BI " struct mount_attr *" attr ", size_t " size ");" .fi .SH DESCRIPTION The --=20 2.50.1 From nobody Mon Dec 15 01:34:25 2025 Received: from mout-p-202.mailbox.org (mout-p-202.mailbox.org [80.241.56.172]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C6A3D238140; Fri, 8 Aug 2025 20:40:24 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=80.241.56.172 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1754685626; cv=none; b=BVwQYT7K1KnUmTrF0a9+zxmbBQSzRmNbKpY3UEDwnlRJgVaD+GMIgsXN+gsHhnah9Ebt6Mi/bOmChIvf9uI10jl3l2EO3uPnygxbADIMNsqDZ7x5hyEfPlBAR/2WApwhdS449SQXPBUzz/jE82OqOz0QdL0otBeAe5jSvxRSdmI= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1754685626; c=relaxed/simple; bh=Z0ahNEqyA/p0KIi1+RUs+g7EmhCzzIhViEgG1bc8zT8=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=ZVImsC0msGlIo/oEl9t+Tx7/7p+aeecuWQM87+s0inkkuJjtip9/IDHYYQnHoO7fCDShJvSc8fg++vwVzfkvzeBsxtkbo9c9uotXnmBxrFhlxMAxiCMWqzeXmNSWwSctZw5hSS/008j3oMVdETj2CBpO1lmRaTcxRXUQ+9+4DoU= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=cyphar.com; spf=pass smtp.mailfrom=cyphar.com; dkim=pass (2048-bit key) header.d=cyphar.com header.i=@cyphar.com header.b=dMb/3ZWo; arc=none smtp.client-ip=80.241.56.172 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=cyphar.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=cyphar.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=cyphar.com header.i=@cyphar.com header.b="dMb/3ZWo" Received: from smtp1.mailbox.org (smtp1.mailbox.org [IPv6:2001:67c:2050:b231:465::1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mout-p-202.mailbox.org (Postfix) with ESMTPS id 4bzGBF27dwz9sWL; Fri, 8 Aug 2025 22:40:21 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cyphar.com; s=MBO0001; t=1754685621; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=3j7YGgwASF38f4KymAjjKnczDrv6XHH/zK1kP19isC8=; b=dMb/3ZWoI9DOft41XlEC6RQd+qSrg8S2lDoDsWvmWPsp6kEpCL07z9cU8L2iYYudrVbROL KONvnYNsvRMOn4TSfx7mmPdv87vTRWHbNpczBYsuKNgQjYPOLi2O29A5PDjQVq3pmYySxc TmScWAi6DWIRbVZmLeeON3smexBQnBvNyHgWCE8R+Vj4iTUTW/0/CUNcWFzAYZA+nldJNs wxGfYpHOYifGOZt73wgTxklDH8zEMSWq/wxaOzAIxS1U5ikKAe3fQ3BTqSF8MhUz67ueCh dj0CwTu8QKhBRV293LZGdkMsKdxF9JFZo8+88E8l8ncCbWzIsKG0Q5gsULRzLg== Authentication-Results: outgoing_mbo_mout; dkim=none; spf=pass (outgoing_mbo_mout: domain of cyphar@cyphar.com designates 2001:67c:2050:b231:465::1 as permitted sender) smtp.mailfrom=cyphar@cyphar.com From: Aleksa Sarai Date: Sat, 09 Aug 2025 06:39:47 +1000 Subject: [PATCH v3 03/12] man/man2/mount_setattr.2: move mount_attr struct to mount_attr(2type) Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20250809-new-mount-api-v3-3-f61405c80f34@cyphar.com> References: <20250809-new-mount-api-v3-0-f61405c80f34@cyphar.com> In-Reply-To: <20250809-new-mount-api-v3-0-f61405c80f34@cyphar.com> To: Alejandro Colomar Cc: "Michael T. Kerrisk" , Alexander Viro , Jan Kara , Askar Safin , "G. Branden Robinson" , linux-man@vger.kernel.org, linux-api@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, David Howells , Christian Brauner , Aleksa Sarai X-Developer-Signature: v=1; a=openpgp-sha256; l=3215; i=cyphar@cyphar.com; h=from:subject:message-id; bh=Z0ahNEqyA/p0KIi1+RUs+g7EmhCzzIhViEgG1bc8zT8=; b=owGbwMvMwCWmMf3Xpe0vXfIZT6slMWRMS5ieJml97u2dkI7ThXlOlVOvrFg155nsGcEFjKZeL Pmci713d5SyMIhxMciKKbJs8/MM3TR/8ZXkTyvZYOawMoEMYeDiFICJ7LVn+Gdxdt0R23zOs/vW JIodiLJ6YJ+numj388UKvyfv0ZPmPijM8D9DbuOl9oWT1Q6nmq5YNPlwtVTH+c+f9kqa3D34bNq fJF5GAA== X-Developer-Key: i=cyphar@cyphar.com; a=openpgp; fpr=C9C370B246B09F6DBCFC744C34401015D1D2D386 X-Rspamd-Queue-Id: 4bzGBF27dwz9sWL As with open_how(2type), it makes sense to move this to a separate man page. In addition, future man pages added in this patchset will want to reference mount_attr(2type). Signed-off-by: Aleksa Sarai --- man/man2/mount_setattr.2 | 17 ++++-------- man/man2type/mount_attr.2type | 61 +++++++++++++++++++++++++++++++++++++++= ++++ 2 files changed, 66 insertions(+), 12 deletions(-) diff --git a/man/man2/mount_setattr.2 b/man/man2/mount_setattr.2 index e1a975dcc8e2b263f68d18dc0492e8ecc518459e..46fcba927dd8c0959c898b9ba79= 0ae298f514398 100644 --- a/man/man2/mount_setattr.2 +++ b/man/man2/mount_setattr.2 @@ -114,18 +114,11 @@ .SH DESCRIPTION .I attr argument of .BR mount_setattr () -is a structure of the following form: -.P -.in +4n -.EX -struct mount_attr { - __u64 attr_set; /* Mount properties to set */ - __u64 attr_clr; /* Mount properties to clear */ - __u64 propagation; /* Mount propagation type */ - __u64 userns_fd; /* User namespace file descriptor */ -}; -.EE -.in +is a pointer to a +.I mount_attr +structure, +described in +.BR mount_attr (2type). .P The .I attr_set diff --git a/man/man2type/mount_attr.2type b/man/man2type/mount_attr.2type new file mode 100644 index 0000000000000000000000000000000000000000..f5c4f48be46ec1e6c0d3a211b67= 24a1e95311a41 --- /dev/null +++ b/man/man2type/mount_attr.2type @@ -0,0 +1,61 @@ +.\" Copyright, the authors of the Linux man-pages project +.\" +.\" SPDX-License-Identifier: Linux-man-pages-copyleft +.\" +.TH mount_attr 2type (date) "Linux man-pages (unreleased)" +.SH NAME +mount_attr \- what mount properties to set and clear +.SH LIBRARY +Linux kernel headers +.SH SYNOPSIS +.EX +.B #include +.P +.B struct mount_attr { +.BR " u64 attr_set;" " /* Mount properties to set */" +.BR " u64 attr_clr;" " /* Mount properties to clear */" +.BR " u64 propagation;" " /* Mount propagation type */" +.BR " u64 userns_fd;" " /* User namespace file descriptor */" + /* ... */ +.B }; +.EE +.SH DESCRIPTION +Specifies which mount properties should be changed with +.BR mount_setattr (2). +.P +The fields are as follows: +.TP +.I .attr_set +This field specifies which +.BI MOUNT_ATTR_ * +attribute flags to set. +.TP +.I .attr_clr +This field specifies which +.BI MOUNT_ATTR_ * +attribute flags to clear. +.TP +.I .propagation +This field specifies what mount propagation will be applied. +The valid values of this field are the same propagation types described in +.BR mount_namespaces (7). +.TP +.I .userns_fd +This field specifies a file descriptor that indicates which user namespace= to +use as a reference for ID-mapped mounts with +.BR MOUNT_ATTR_IDMAP . +.SH STANDARDS +Linux. +.SH HISTORY +Linux 5.12. +.\" commit 2a1867219c7b27f928e2545782b86daaf9ad50bd +glibc 2.36. +.P +Extra fields may be appended to the structure, +with a zero value in a new field resulting in +the kernel behaving as though that extension field was not present. +Therefore, a user +.I must +zero-fill this structure on initialization. +.SH SEE ALSO +.BR mount_setattr (2) --=20 2.50.1 From nobody Mon Dec 15 01:34:25 2025 Received: from mout-p-102.mailbox.org (mout-p-102.mailbox.org [80.241.56.152]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9CD10238140; Fri, 8 Aug 2025 20:40:31 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=80.241.56.152 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1754685634; cv=none; b=ZRPdlEWdvE24omXTaJfJPPwerZ9exOHbiFl/khPKKHEKBtQmDY/fcS03EYN0KKYpg1O+YoW7fJPkjR+et9BvvXuqN64aP8vr6sF1WE7VG+H1um+mBsOHoqbQ5XuYQjY5doZZYa/isyN2SOB/NzoVzstE/CLYiQwyKZhU85A0enQ= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1754685634; c=relaxed/simple; bh=LHMTQIrTGHolykRjCIcV/+I99X+lw6ipdWX5G8wLucY=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=VcPBixwo+rCThVK/v9LpTTH0Dyjg0sFp1WXuJCZyBpKXuyvgWXxiVteyWgQPU6sZzBk70HV4Sk2RHTk+QM5AszZHNNAirtof+oTN6cTToVbCgo9B/QaLdfPmZlV4VMVCri2jBvEPM6J17cowM8sRdB/BSRCWALJnkH7JQw58c2E= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=cyphar.com; spf=pass smtp.mailfrom=cyphar.com; dkim=pass (2048-bit key) header.d=cyphar.com header.i=@cyphar.com header.b=F9tQ/A8h; arc=none smtp.client-ip=80.241.56.152 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=cyphar.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=cyphar.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=cyphar.com header.i=@cyphar.com header.b="F9tQ/A8h" Received: from smtp1.mailbox.org (smtp1.mailbox.org [IPv6:2001:67c:2050:b231:465::1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mout-p-102.mailbox.org (Postfix) with ESMTPS id 4bzGBM44Qhz9t2N; Fri, 8 Aug 2025 22:40:27 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cyphar.com; s=MBO0001; t=1754685627; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=nc3z03nq2WvLlGyix0DzLgbIusFdltkFNCe1GLWTbAQ=; b=F9tQ/A8hU1YX481F9tvRWfH74LIX1gWLqY2UQi3hy2TufYyPPHvp+K12xgCbvMF+BwlfA2 rYHmSZr1YxKmgWpksrAdOQpOPbdig+xxrKw/wcotbBG+jKZoT/Oreb9YSUVgwknJfNNSpH Ds7BZwgnydPPoXO4CM5BxsvqDtq8b2vh8ntrgMz49RyYZq+HfYEwJKwo3Tj3UZ5pb3v0wp 2D+AmiF4NOKvhfr7eHcDmeLFZ4CyjRcjNac7EROGRwmrnLP5ZPaZTwYsBc6QhvcGdmOXg3 NU40P83a2wxhd6FAQTU2rz4LJ5PvBVNkgwaYi6OX/MCmvmfLeNccsJ1NdebC3A== Authentication-Results: outgoing_mbo_mout; dkim=none; spf=pass (outgoing_mbo_mout: domain of cyphar@cyphar.com designates 2001:67c:2050:b231:465::1 as permitted sender) smtp.mailfrom=cyphar@cyphar.com From: Aleksa Sarai Date: Sat, 09 Aug 2025 06:39:48 +1000 Subject: [PATCH v3 04/12] man/man2/fsopen.2: document "new" mount API Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20250809-new-mount-api-v3-4-f61405c80f34@cyphar.com> References: <20250809-new-mount-api-v3-0-f61405c80f34@cyphar.com> In-Reply-To: <20250809-new-mount-api-v3-0-f61405c80f34@cyphar.com> To: Alejandro Colomar Cc: "Michael T. Kerrisk" , Alexander Viro , Jan Kara , Askar Safin , "G. Branden Robinson" , linux-man@vger.kernel.org, linux-api@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, David Howells , Christian Brauner , Aleksa Sarai X-Developer-Signature: v=1; a=openpgp-sha256; l=12329; i=cyphar@cyphar.com; h=from:subject:message-id; bh=LHMTQIrTGHolykRjCIcV/+I99X+lw6ipdWX5G8wLucY=; b=owGbwMvMwCWmMf3Xpe0vXfIZT6slMWRMS5geY+mcVroj9OU8FpOHi6d5Pcv0+Z+2oTbQRkZs6 6Y0nluzOkpZGMS4GGTFFFm2+XmGbpq/+Eryp5VsMHNYmUCGMHBxCsBESh8yMlztKbM9w+qdc9Bs Yl9I5C+u7+cLI66Gv5sl/k/qLO/M1tWMDGtuyq/w7+buDStVlX+tH6xtrbir3GdzuE/DafGSbWk veQE= X-Developer-Key: i=cyphar@cyphar.com; a=openpgp; fpr=C9C370B246B09F6DBCFC744C34401015D1D2D386 X-Rspamd-Queue-Id: 4bzGBM44Qhz9t2N This is loosely based on the original documentation written by David Howells and later maintained by Christian Brauner, but has been rewritten to be more from a user perspective (as well as fixing a few critical mistakes). Co-authored-by: David Howells Signed-off-by: David Howells Co-authored-by: Christian Brauner Signed-off-by: Christian Brauner Signed-off-by: Aleksa Sarai --- man/man2/fsopen.2 | 384 ++++++++++++++++++++++++++++++++++++++++++++++++++= ++++ 1 file changed, 384 insertions(+) diff --git a/man/man2/fsopen.2 b/man/man2/fsopen.2 new file mode 100644 index 0000000000000000000000000000000000000000..cce677f316c67de72c359f94a6b= 415d851a761d6 --- /dev/null +++ b/man/man2/fsopen.2 @@ -0,0 +1,384 @@ +.\" Copyright, the authors of the Linux man-pages project +.\" +.\" SPDX-License-Identifier: Linux-man-pages-copyleft +.\" +.TH fsopen 2 (date) "Linux man-pages (unreleased)" +.SH NAME +fsopen \- create a new filesystem context +.SH LIBRARY +Standard C library +.RI ( libc ,\~ \-lc ) +.SH SYNOPSIS +.nf +.B #include +.P +.BI "int fsopen(const char *" fsname ", unsigned int " flags ");" +.fi +.SH DESCRIPTION +The +.BR fsopen () +system call is part of +the suite of file descriptor based mount facilities in Linux. +.P +.BR fsopen () +creates a blank filesystem configuration context within the kernel +for the filesystem named by +.I fsname +and places it into creation mode. +A new file descriptor +associated with the filesystem configuration context +is then returned. +The calling process must have the +.B \%CAP_SYS_ADMIN +capability in order to create a new filesystem configuration context. +.P +A filesystem configuration context is +an in-kernel representation of a pending transaction, +containing a set of configuration parameters that are to be applied +when creating a new instance of a filesystem +(or modifying the configuration of an existing filesystem instance, +such as when using +.BR fspick (2)). +.P +After obtaining a filesystem configuration context with +.BR fsopen (), +the general workflow for operating on the context looks like the following: +.IP (1) 5 +Pass the filesystem context file descriptor to +.BR fsconfig (2) +to specify any desired filesystem parameters. +This may be done as many times as necessary. +.IP (2) +Pass the same filesystem context file descriptor to +.BR fsconfig (2) +with +.B \%FSCONFIG_CMD_CREATE +to create an instance of the configured filesystem. +.IP (3) +Pass the same filesystem context file descriptor to +.BR fsmount (2) +to create a new detached mount object for +the root of the filesystem instance, +which is then attached to a new file descriptor. +(This also places the filesystem context file descriptor into +reconfiguration mode, +similar to the mode produced by +.BR fspick (2).) +Once a mount object has been created with +.BR fsmount (2), +the filesystem context file descriptor can be safely closed. +.IP (4) +Now that a mount object has been created, +you may +.RS +.IP (4.1) 7 +use the detached mount object file descriptor as a +.I dirfd +argument to "*at()" system calls; and/or +.IP (4.2) 7 +attach the mount object to a mount point +by passing the mount object file descriptor to +.BR move_mount (2). +This will also prevent the mount object from +being unmounted and destroyed when +the mount object file descriptor is closed. +.RE +.IP +The mount object file descriptor will +remain associated with the mount object +even after doing the above operations, +so you may repeatedly use the mount object file descriptor with +.BR move_mount (2) +and/or "*at()" system calls +as many times as necessary. +.P +A filesystem context will move between different modes +throughout its lifecycle +(such as the creation phase +when created with +.BR fsopen (), +the reconfiguration phase +when an existing filesystem instance is selected with +.BR fspick (2), +and the intermediate "awaiting-mount" phase +.\" FS_CONTEXT_AWAITING_MOUNT is the term the kernel uses for this. +between +.BR \%FSCONFIG_CMD_CREATE +and +.BR fsmount (2)), +which has an impact on +what operations are permitted on the filesystem context. +.P +The file descriptor returned by +.BR fsopen () +also acts as a channel for filesystem drivers to +provide more comprehensive diagnostic information +than is normally provided through the standard +.BR errno (3) +interface for system calls. +If an error occurs at any time during the workflow mentioned above, +calling +.BR read (2) +on the filesystem context file descriptor +will retrieve any ancillary information about the encountered errors. +(See the "Message retrieval interface" section +for more details on the message format.) +.P +.I flags +can be used to control aspects of +the creation of the filesystem configuration context file descriptor. +A value for +.I flags +is constructed by bitwise ORing +zero or more of the following constants: +.RS +.TP +.B FSOPEN_CLOEXEC +Set the close-on-exec +.RB ( FD_CLOEXEC ) +flag on the new file descriptor. +See the description of the +.B O_CLOEXEC +flag in +.BR open (2) +for reasons why this may be useful. +.RE +.P +A list of filesystems supported by the running kernel +(and thus a list of valid values for +.IR fsname ) +can be obtained from +.IR /proc/filesystems . +(See also +.BR proc_filesystems (5).) +.SS Message retrieval interface +When doing operations on a filesystem configuration context, +the filesystem driver may choose to provide +ancillary information to userspace +in the form of message strings. +.P +The filesystem context file descriptors returned by +.BR fsopen () +and +.BR fspick (2) +may be queried for message strings at any time by calling +.BR read (2) +on the file descriptor. +Each call to +.BR read (2) +will return a single message, +prefixed to indicate its class: +.RS +.TP +\fBe\fP <\fImessage\fP> +An error message was logged. +This is usually associated with an error being returned +from the corresponding system call which triggered this message. +.TP +\fBw\fP <\fImessage\fP> +A warning message was logged. +.TP +\fBi\fP <\fImessage\fP> +An informational message was logged. +.RE +.P +Messages are removed from the queue as they are read. +Note that the message queue has limited depth, +so it is possible for messages to get lost. +If there are no messages in the message queue, +.B read(2) +will return \-1 and +.I errno +will be set to +.BR \%ENODATA . +If the +.I buf +argument to +.BR read (2) +is not large enough to contain the entire message, +.BR read (2) +will return \-1 and +.I errno +will be set to +.BR \%EMSGSIZE . +(See BUGS.) +.P +If there are multiple filesystem contexts +referencing the same filesystem instance +(such as if you call +.BR fspick (2) +multiple times for the same mount), +each one gets its own independent message queue. +This does not apply to multiple file descriptors that are +tied to the same underlying open file description +(such as those created with +.BR dup (2)). +.P +Message strings will usually be prefixed by +the name of the filesystem or kernel subsystem +that logged the message, +though this may not always be the case. +See the Linux kernel source code for details. +.SH RETURN VALUE +On success, a new file descriptor is returned. +On error, \-1 is returned, and +.I errno +is set to indicate the error. +.SH ERRORS +.TP +.B EFAULT +.I fsname +is NULL +or a pointer to a location +outside the calling process's accessible address space. +.TP +.B EINVAL +.I flags +had an invalid flag set. +.TP +.B EMFILE +The calling process has too many open files to create more. +.TP +.B ENFILE +The system has too many open files to create more. +.TP +.B ENODEV +The filesystem named by +.I fsname +is not supported by the kernel. +.TP +.B ENOMEM +The kernel could not allocate sufficient memory to complete the operation. +.TP +.B EPERM +The calling process does not have the required +.B \%CAP_SYS_ADMIN +capability. +.SH STANDARDS +Linux. +.SH HISTORY +Linux 5.2. +.\" commit 24dcb3d90a1f67fe08c68a004af37df059d74005 +.\" commit 400913252d09f9cfb8cce33daee43167921fc343 +glibc 2.36. +.SH BUGS +.SS Message retrieval interface and \fB\%EMSGSIZE\fP +As described in the "Message retrieval interface" subsection above, +calling +.BR read (2) +with too small a buffer to contain +the next pending message in the message queue +for the filesystem configuration context +will cause +.BR read (2) +to return \-1 and set +.BR errno (3) +to +.BR \%EMSGSIZE . +.P +However, +this failed operation still +consumes the message from the message queue. +This effectively discards the message silently, +as no data is copied into the +.BR read (2) +buffer. +.P +Programs should take care to ensure that +their buffers are sufficiently large +to contain any reasonable message string, +in order to avoid silently losing valuable diagnostic information. +.\" Aleksa Sarai +.\" This unfortunate behaviour has existed since this feature was merged= , but +.\" I have sent a patchset which will finally fix it. +.\" +.SH EXAMPLES +To illustrate the workflow for creating a new mount, +the following is an example of how to mount an +.BR ext4 (5) +filesystem stored on +.I /dev/sdb1 +onto +.IR /mnt . +.P +.in +4n +.EX +int fsfd, mntfd; +\& +fsfd =3D fsopen("ext4", FSOPEN_CLOEXEC); +fsconfig(fsfd, FSCONFIG_SET_FLAG, "ro", NULL, 0); +fsconfig(fsfd, FSCONFIG_SET_PATH, "source", "/dev/sdb1", AT_FDCWD); +fsconfig(fsfd, FSCONFIG_SET_FLAG, "noatime", NULL, 0); +fsconfig(fsfd, FSCONFIG_SET_FLAG, "acl", NULL, 0); +fsconfig(fsfd, FSCONFIG_SET_FLAG, "user_xattr", NULL, 0); +fsconfig(fsfd, FSCONFIG_SET_FLAG, "iversion", NULL, 0) +fsconfig(fsfd, FSCONFIG_CMD_CREATE, NULL, NULL, 0); +mntfd =3D fsmount(fsfd, FSMOUNT_CLOEXEC, MOUNT_ATTR_RELATIME); +move_mount(mntfd, "", AT_FDCWD, "/mnt", MOVE_MOUNT_F_EMPTY_PATH); +.EE +.in +.P +First, +an ext4 configuration context is created and attached to the file descript= or +.IR fsfd . +Then, a series of parameters +(such as the source of the filesystem) +are provided using +.BR fsconfig (2), +followed by the filesystem instance being created with +.BR \%FSCONFIG_CMD_CREATE . +.BR fsmount (2) +is then used to create a new mount object attached to the file descriptor +.IR mntfd , +which is then attached to the intended mount point using +.BR move_mount (2). +.P +The above procedure is functionally equivalent to +the following mount operation using +.BR mount (2): +.P +.in +4n +.EX +mount("/dev/sdb1", "/mnt", "ext4", MS_RELATIME, + "ro,noatime,acl,user_xattr,iversion"); +.EE +.in +.P +And here's an example of creating a mount object +of an NFS server share +and setting a Smack security module label. +However, instead of attaching it to a mount point, +the program uses the mount object directly +to open a file from the NFS share. +.P +.in +4n +.EX +int fsfd, mntfd, fd; +\& +fsfd =3D fsopen("nfs", 0); +fsconfig(fsfd, FSCONFIG_SET_STRING, "source", "example.com/pub/linux", 0); +fsconfig(fsfd, FSCONFIG_SET_STRING, "nfsvers", "3", 0); +fsconfig(fsfd, FSCONFIG_SET_STRING, "rsize", "65536", 0); +fsconfig(fsfd, FSCONFIG_SET_STRING, "wsize", "65536", 0); +fsconfig(fsfd, FSCONFIG_SET_STRING, "smackfsdef", "foolabel", 0); +fsconfig(fsfd, FSCONFIG_SET_FLAG, "rdma", NULL, 0); +fsconfig(fsfd, FSCONFIG_CMD_CREATE, NULL, NULL, 0); +mntfd =3D fsmount(fsfd, 0, MOUNT_ATTR_NODEV); +fd =3D openat(mntfd, "src/linux-5.2.tar.xz", O_RDONLY); +.EE +.in +.P +Unlike the previous example, +this operation has no trivial equivalent with +.BR mount (2), +as it was not previously possible to create a mount object +that is not attached to any mount point. +.SH SEE ALSO +.BR fsconfig (2), +.BR fsmount (2), +.BR fspick (2), +.BR mount (2), +.BR mount_setattr (2), +.BR move_mount (2), +.BR open_tree (2), +.BR mount_namespaces (7) --=20 2.50.1 From nobody Mon Dec 15 01:34:25 2025 Received: from mout-p-103.mailbox.org (mout-p-103.mailbox.org [80.241.56.161]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8BD0F28751B; Fri, 8 Aug 2025 20:40:37 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=80.241.56.161 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1754685640; cv=none; b=DQZBJadSN4Nf58b3NMdJGS5L2xHRdVFdWYQ+ES267xuucfjUSVRkSE/V2b3ow7PVArfLhVzOQ5Y4nk3NBUYuNSLpn8Euykar6HkYUEoGoMuDYvYTXBReB4hIeIIvuYXhWBXForsquOJ7adtBSfJ1dSrX8SuZU//6ZGa98Ia/Mhc= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1754685640; c=relaxed/simple; bh=9b/pduv9nYBK3wjqwxPdRAtFQJEnTIMXbQD0p1cG/wM=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=FT1+AZv+RopdhEN246gUO1nIyjpOauZJq1kRmY9kxKX35hbkS7zO17SdtfxVbIH+g8KTQA32lEEydWMQycgfR3Yl8u8ojoV/rsym36M6ow+srVIFF7CSy5GNPmyexpCJSf/DRgKb/8Gz5+qwJ+X7FmTRm6b1lo31+XgZT6KGcNw= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=cyphar.com; spf=pass smtp.mailfrom=cyphar.com; dkim=pass (2048-bit key) header.d=cyphar.com header.i=@cyphar.com header.b=Xe7X8zzL; arc=none smtp.client-ip=80.241.56.161 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=cyphar.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=cyphar.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=cyphar.com header.i=@cyphar.com header.b="Xe7X8zzL" Received: from smtp1.mailbox.org (smtp1.mailbox.org [10.196.197.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mout-p-103.mailbox.org (Postfix) with ESMTPS id 4bzGBV08Zbz9sWX; Fri, 8 Aug 2025 22:40:34 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cyphar.com; s=MBO0001; t=1754685634; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=wnr/lVwZlrJZtdS8AnL+SyzHqc3VrO0aqcOpy1FsQjU=; b=Xe7X8zzLYfm+JVpu5KEwwcCwYqDe+QwyuPeyuR1kQBY8aBu51PjY2lF5ZenjJiGVRWQRXH NkXsrnw2x+1hhDEOXPE5X8X5/0T9xlJTH7H+0aSbAu1qPbCCxfG+PjGbRyyfhxIvsXIK58 CcHQ9fl3ZSOXQDnCcvqFb+DOw2rpZDIeu+o3L3kPhQeRbaugeje9qpZYm4GMM87mwgnOhI IzTV+0Ft8SEZuMT8cNRoC42IOArmtSwcSvJ09JtJvqsGchlJ4qIiGraWFbtvzUZObJvYVB HPVwtbyQc60jpkCQJUVKJemp9bKzUGRMrwm3MSUY7vzgrClTiD/o9O1cbehqPw== From: Aleksa Sarai Date: Sat, 09 Aug 2025 06:39:49 +1000 Subject: [PATCH v3 05/12] man/man2/fspick.2: document "new" mount API Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20250809-new-mount-api-v3-5-f61405c80f34@cyphar.com> References: <20250809-new-mount-api-v3-0-f61405c80f34@cyphar.com> In-Reply-To: <20250809-new-mount-api-v3-0-f61405c80f34@cyphar.com> To: Alejandro Colomar Cc: "Michael T. Kerrisk" , Alexander Viro , Jan Kara , Askar Safin , "G. Branden Robinson" , linux-man@vger.kernel.org, linux-api@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, David Howells , Christian Brauner , Aleksa Sarai X-Developer-Signature: v=1; a=openpgp-sha256; l=7784; i=cyphar@cyphar.com; h=from:subject:message-id; bh=9b/pduv9nYBK3wjqwxPdRAtFQJEnTIMXbQD0p1cG/wM=; b=owGbwMvMwCWmMf3Xpe0vXfIZT6slMWRMS5huunyaxHnfB8GnpdLn172akaY348TGE0nnVty3T p8bf0dEpKOUhUGMi0FWTJFlm59n6Kb5i68kf1rJBjOHlQlkCAMXpwBMpEKHkeHffZ9wpvrPb0o7 tNZoRbq3FojMfz7tV9y9MnslldDPrfcZ/rtYF5u8lgifv2+nvK69RsyP2esuLnq2qk9jsej9F88 3HuAHAA== X-Developer-Key: i=cyphar@cyphar.com; a=openpgp; fpr=C9C370B246B09F6DBCFC744C34401015D1D2D386 This is loosely based on the original documentation written by David Howells and later maintained by Christian Brauner, but has been rewritten to be more from a user perspective (as well as fixing a few critical mistakes). Co-authored-by: David Howells Signed-off-by: David Howells Co-authored-by: Christian Brauner Signed-off-by: Christian Brauner Signed-off-by: Aleksa Sarai --- man/man2/fspick.2 | 309 ++++++++++++++++++++++++++++++++++++++++++++++++++= ++++ 1 file changed, 309 insertions(+) diff --git a/man/man2/fspick.2 b/man/man2/fspick.2 new file mode 100644 index 0000000000000000000000000000000000000000..a1060bcdb7d57b0656d4065683b= 5c69407550038 --- /dev/null +++ b/man/man2/fspick.2 @@ -0,0 +1,309 @@ +.\" Copyright, the authors of the Linux man-pages project +.\" +.\" SPDX-License-Identifier: Linux-man-pages-copyleft +.\" +.TH fspick 2 (date) "Linux man-pages (unreleased)" +.SH NAME +fspick \- select filesystem for reconfiguration +.SH LIBRARY +Standard C library +.RI ( libc ,\~ \-lc ) +.SH SYNOPSIS +.nf +.BR "#include " " /* Definition of " AT_* " constants */" +.B #include +.P +.BI "int fspick(int " dirfd ", const char *" path ", unsigned int " flags = ");" +.fi +.SH DESCRIPTION +The +.BR fspick () +system call is part of +the suite of file descriptor based mount facilities in Linux. +.P +.BR fspick() +creates a new filesystem configuration context +for the extant filesystem instance +associated with the path described by +.IR dirfd +and +.IR path , +places it into reconfiguration mode +(similar to +.BR mount (8) +with the +.I -o remount +option). +A new file descriptor +associated with the filesystem configuration context +is then returned. +The calling process must have the +.BR CAP_SYS_ADMIN +capability in order to create a new filesystem configuration context. +.P +The resultant file descriptor can be used with +.BR fsconfig (2) +to specify the desired set of changes to +filesystem parameters of the filesystem instance. +Once the desired set of changes have been configured, +the changes can be effectuated by calling +.BR fsconfig (2) +with the +.B \%FSCONFIG_CMD_RECONFIGURE +command. +.P +As with "*at()" system calls, +.BR fspick () +uses the +.I dirfd +argument in conjunction with the +.I path +argument to determine the path to operate on, as follows: +.IP \[bu] 3 +If the pathname given in +.I path +is absolute, then +.I dirfd +is ignored. +.IP \[bu] +If the pathname given in +.I path +is relative and +.I dirfd +is the special value +.BR \%AT_FDCWD , +then +.I path +is interpreted relative to +the current working directory +of the calling process (like +.BR open (2)). +.IP \[bu] +If the pathname given in +.I path +is relative, +then it is interpreted relative to +the directory referred to by the file descriptor +.I dirfd +(rather than relative to +the current working directory +of the calling process, +as is done by +.BR open (2) +for a relative pathname). +In this case, +.I dirfd +must be a directory +that was opened for reading +.RB ( O_RDONLY ) +or using the +.B O_PATH +flag. +.IP \[bu] +If +.I path +is an empty string, +and +.I flags +contains +.BR \%FSPICK_EMPTY_PATH , +then the file descriptor +.I dirfd +is operated on directly. +In this case, +.I dirfd +may refer to any type of file, +not just a directory. +.P +.I flags +can be used to control aspects of how +.I path +is resolved and +properties of the returned file descriptor. +A value for +.I flags +is constructed by bitwise ORing +zero or more of the following constants: +.RS +.TP +.B FSPICK_CLOEXEC +Set the close-on-exec +.RB ( FD_CLOEXEC ) +flag on the new file descriptor. +See the description of the +.B O_CLOEXEC +flag in +.BR open (2) +for reasons why this may be useful. +.TP +.B FSPICK_EMPTY_PATH +If +.I path +is an empty string, +operate on the file referred to by +.I dirfd +(which may have been obtained from +.BR open (2), +.BR fsmount (2), +or +.BR open_tree (2)). +In this case, +.I dirfd +may refer to any type of file, +not just a directory. +If +.I dirfd +is +.BR \%AT_FDCWD , +.BR fspick () +will operate on the current working directory +of the calling process. +.TP +.B FSPICK_SYMLINK_NOFOLLOW +Do not follow symbolic links +in the terminal component of +.IR path . +If +.I path +references a symbolic link, +the returned filesystem context will reference +the filesystem that the symbolic link itself resides on. +.TP +.B FSPICK_NO_AUTOMOUNT +Do not automount any automount points encountered +while resolving +.IR path . +This allows you to reconfigure an automount point, +rather than the location that would be mounted. +This flag has no effect if +the automount point has already been mounted over. +.RE +.P +As with filesystem contexts created with +.BR fsopen (2), +the file descriptor returned by +.BR fspick () +may be queried for message strings at any time by calling +.BR read (2) +on the file descriptor. +(See the "Message retrieval interface" subsection in +.BR fsopen (2) +for more details on the message format.) +.SH RETURN VALUE +On success, a new file descriptor is returned. +On error, \-1 is returned, and +.I errno +is set to indicate the error. +.SH ERRORS +.TP +.B EACCES +Search permission is denied +for one of the directories +in the path prefix of +.IR path . +(See also +.BR path_resolution (7).) +.TP +.B EBADF +.I path +is relative but +.I dirfd +is neither +.B \%AT_FDCWD +nor a valid file descriptor. +.TP +.B EFAULT +.I path +is NULL +or a pointer to a location +outside the calling process's accessible address space. +.TP +.B EINVAL +Invalid flag specified in +.IR flags . +.TP +.B ELOOP +Too many symbolic links encountered when resolving +.IR path . +.TP +.B EMFILE +The calling process has too many open files to create more. +.TP +.B ENAMETOOLONG +.I path +is longer than +.BR PATH_MAX . +.TP +.B ENFILE +The system has too many open files to create more. +.TP +.B ENOENT +A component of +.I path +does not exist, +or is a dangling symbolic link. +.TP +.B ENOENT +.I path +is an empty string, but +.B \%FSPICK_EMPTY_PATH +is not specified in +.IR flags . +.TP +.B ENOTDIR +A component of the path prefix of +.I path +is not a directory; +or +.I path +is relative and +.I dirfd +is a file descriptor referring to a file other than a directory. +.TP +.B ENOMEM +The kernel could not allocate sufficient memory to complete the operation. +.TP +.B EPERM +The calling process does not have the required +.B \%CAP_SYS_ADMIN +capability. +.SH STANDARDS +Linux. +.SH HISTORY +Linux 5.2. +.\" commit cf3cba4a429be43e5527a3f78859b1bfd9ebc5fb +.\" commit 400913252d09f9cfb8cce33daee43167921fc343 +glibc 2.36. +.SH EXAMPLES +The following example sets the read-only flag +on the filesystem instance referenced by +the mount object attached at +.IR /tmp . +.P +.in +4n +.EX +int fsfd =3D fspick(AT_FDCWD, "/tmp", FSPICK_CLOEXEC); +fsconfig(fsfd, FSCONFIG_SET_FLAG, "ro", NULL, 0); +fsconfig(fsfd, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0); +.EE +.in +.P +The above procedure is functionally equivalent to +the following mount operation using +.BR mount (2): +.P +.in +4n +.EX +mount(NULL, "/tmp", NULL, MS_REMOUNT | MS_RDONLY, NULL); +.EE +.in +.SH SEE ALSO +.BR fsconfig (2), +.BR fsmount (2), +.BR fsopen (2), +.BR mount (2), +.BR mount_setattr (2), +.BR move_mount (2), +.BR open_tree (2), +.BR mount_namespaces (7) + --=20 2.50.1 From nobody Mon Dec 15 01:34:25 2025 Received: from mout-p-201.mailbox.org (mout-p-201.mailbox.org [80.241.56.171]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B753D24BBE4; Fri, 8 Aug 2025 20:40:49 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=80.241.56.171 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1754685652; cv=none; b=CPzU4aqlqmJ0r5MIHyNpwWhJbEWNC86syhMdgUWpmfQvsUpW8SRqHj/5Nno6sB+HvMl9nzRRZS3Z62sCl2RkVNxVnspdJ5NO4SRhHkeDjx+1hoe/1P9seQcQlLsM+dr40IsYk5V6+Dj1WebyHNqdcHrybM9d9Va5PmfeZsN6IFI= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1754685652; c=relaxed/simple; bh=nSQJnzTbQ8HeB7k0GsHwawNdLgpbFNJcMVFAcXpnocQ=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=Fi+LTnmr80BM7W62HliFpLVARsQKmf1Xt+JLgp110mwptvyUqq5k4jYqmTJc4fOD2twG+m0HKJvLU/srYw0lPH3eM4q3Ls72d3/f3RC904g7JdI2z98OyQ8ABPmt31YbYHlLcM0UY4DIVVzTHSjUHrak56SY5pvZOman+0eCrSs= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=cyphar.com; spf=pass smtp.mailfrom=cyphar.com; dkim=pass (2048-bit key) header.d=cyphar.com header.i=@cyphar.com header.b=WuVqg/km; arc=none smtp.client-ip=80.241.56.171 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=cyphar.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=cyphar.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=cyphar.com header.i=@cyphar.com header.b="WuVqg/km" Received: from smtp1.mailbox.org (smtp1.mailbox.org [IPv6:2001:67c:2050:b231:465::1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mout-p-201.mailbox.org (Postfix) with ESMTPS id 4bzGBc57dzz9srN; Fri, 8 Aug 2025 22:40:40 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cyphar.com; s=MBO0001; t=1754685640; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=/vj8Y0Lbs60Y0zYWISeEywicexVkthjrDdcm7zln73I=; b=WuVqg/kmWpsOJnS2kbBzM9bmkahZ4r+K1t+hKlUe1WNyYrCyhXIReS9Cx9M7bAXUix09cZ jR35pb7jt3cALwIVgyM7O/W7Ds5fkOd/HfCRTiyFRIkWJHBxOYUfSB/QUjTfFzQhIGzUq3 9/jqtLyovFIRUWLbuPH1YabCNL3yr2J+T6KqbTYRnAD4DbyF25myytmZFxvgUub3xu27Ty VEEnnz7gw9b2KPYA3HO3tBmLU1kgsQ5fYsG/X+RJzGF1N7I27+qdw9t7rVkZ+BfHoQbkuB o3aX9/A/IOuBMVwdd5e8QuIekBsE6q7KDdNqiruAh0E4sDk419BRZ+OubarZ5g== Authentication-Results: outgoing_mbo_mout; dkim=none; spf=pass (outgoing_mbo_mout: domain of cyphar@cyphar.com designates 2001:67c:2050:b231:465::1 as permitted sender) smtp.mailfrom=cyphar@cyphar.com From: Aleksa Sarai Date: Sat, 09 Aug 2025 06:39:50 +1000 Subject: [PATCH v3 06/12] man/man2/fsconfig.2: document "new" mount API Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20250809-new-mount-api-v3-6-f61405c80f34@cyphar.com> References: <20250809-new-mount-api-v3-0-f61405c80f34@cyphar.com> In-Reply-To: <20250809-new-mount-api-v3-0-f61405c80f34@cyphar.com> To: Alejandro Colomar Cc: "Michael T. Kerrisk" , Alexander Viro , Jan Kara , Askar Safin , "G. Branden Robinson" , linux-man@vger.kernel.org, linux-api@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, David Howells , Christian Brauner , Aleksa Sarai X-Developer-Signature: v=1; a=openpgp-sha256; l=19365; i=cyphar@cyphar.com; h=from:subject:message-id; bh=nSQJnzTbQ8HeB7k0GsHwawNdLgpbFNJcMVFAcXpnocQ=; b=owGbwMvMwCWmMf3Xpe0vXfIZT6slMWRMS5j+MuTlptXfjV4FZxRP+ThLPNDm6Ac55jf5hRL6L 949qt/1oaOUhUGMi0FWTJFlm59n6Kb5i68kf1rJBjOHlQlkCAMXpwBMhCuBkWHTYheBRLOcf280 zi5576FscbCAhUFZNigzm9Pb5Aij3BZGhhcTZzz/dYL51ELltaee2XDdSW5U+lNTZ7fTSYtZqd5 oAysA X-Developer-Key: i=cyphar@cyphar.com; a=openpgp; fpr=C9C370B246B09F6DBCFC744C34401015D1D2D386 X-Rspamd-Queue-Id: 4bzGBc57dzz9srN This is loosely based on the original documentation written by David Howells and later maintained by Christian Brauner, but has been rewritten to be more from a user perspective (as well as fixing a few critical mistakes). Co-authored-by: David Howells Signed-off-by: David Howells Co-authored-by: Christian Brauner Signed-off-by: Christian Brauner Signed-off-by: Aleksa Sarai --- man/man2/fsconfig.2 | 670 ++++++++++++++++++++++++++++++++++++++++++++++++= ++++ 1 file changed, 670 insertions(+) diff --git a/man/man2/fsconfig.2 b/man/man2/fsconfig.2 new file mode 100644 index 0000000000000000000000000000000000000000..97c9aff0e0c195e6028e1c7bd70= e40905ba9f994 --- /dev/null +++ b/man/man2/fsconfig.2 @@ -0,0 +1,670 @@ +.\" Copyright, the authors of the Linux man-pages project +.\" +.\" SPDX-License-Identifier: Linux-man-pages-copyleft +.\" +.TH fsconfig 2 (date) "Linux man-pages (unreleased)" +.SH NAME +fsconfig \- configure new or existing filesystem context +.SH LIBRARY +Standard C library +.RI ( libc ,\~ \-lc ) +.SH SYNOPSIS +.nf +.B #include +.P +.BI "int fsconfig(int " fd ", unsigned int " cmd "," +.BI " const char *" key ", const void *" value ", int " aux ")= ;" +.fi +.SH DESCRIPTION +The +.BR fsconfig () +system call is part of +the suite of file descriptor based mount facilities in Linux. +.P +.BR fsconfig () +is used to supply parameters to +and issue commands against +the filesystem configuration context +associated with the file descriptor +.IR fd . +Filesystem configuration contexts can be created with +.BR fsopen (2) +or instantiated from an extant filesystem instance with +.BR fspick (2). +.P +The +.I cmd +argument indicates the command to be issued. +Some commands supply parameters to the context +(equivalent to mount options specified with +.BR mount (8)), +while others are meta-operations on the filesystem context. +The list of valid +.I cmd +values are: +.RS +.TP +.B FSCONFIG_SET_FLAG +Set the flag parameter named by +.IR key . +.I value +must be NULL, +and +.I aux +must be 0. +.TP +.B FSCONFIG_SET_STRING +Set the string parameter named by +.I key +to the value specified by +.IR value . +.I value +points to a null-terminated string, +and +.I aux +must be 0. +.TP +.B FSCONFIG_SET_BINARY +Set the blob parameter named by +.I key +to the contents of the binary blob +specified by +.IR value . +.I value +points to +the start of a buffer +that is +.I aux +bytes in length. +.TP +.B FSCONFIG_SET_FD +Set the file parameter named by +.I key +to the open file description +referenced by the file descriptor +.IR aux . +.I value +must be NULL. +.IP +You may also use +.B \%FSCONFIG_SET_STRING +for file parameters, +with +.I value +set to a null-terminated string +containing a base-10 representation +of the file descriptor number. +This mechanism is primarily intended for compatibility +with older +.BR mount (2)-based +programs, +and only works for parameters +that only accept file descriptor arguments. +.TP +.B FSCONFIG_SET_PATH +Set the path parameter named by +.I key +to the object at a provided path, +resolved in a similar manner to +.BR openat (2). +.I value +points to a null-terminated pathname string, +and +.I aux +is equivalent to the +.I dirfd +argument to +.BR openat (2). +.IP +You may also use +.B \%FSCONFIG_SET_STRING +for path parameters, +the behaviour of which is equivalent to +.B \%FSCONFIG_SET_PATH +with +.I aux +set to +.BR \%AT_FDCWD . +.TP +.B FSCONFIG_SET_PATH_EMPTY +As with +.BR \%FSCONFIG_SET_PATH , +except that if +.I value +is an empty string, +the file descriptor specified by +.I aux +is operated on directly +and may be any type of file +(not just a directory). +This is equivalent to the behaviour of +.B \%AT_EMPTY_PATH +with most "*at()" system calls. +If +.I aux +is +.BR \%AT_FDCWD , +the call operates on +the current working directory of the calling process. +.TP +.B FSCONFIG_CMD_CREATE +This command instructs the filesystem driver +to instantiate an instance of the filesystem in the kernel +with the parameters specified in the filesystem configuration context. +.IR key " and " value +must be NULL, +and +.I aux +must be 0. +.IP +If this operation succeeds, +the filesystem context +associated with file descriptor +.I fd +now references the created filesystem instance, +and is placed into a special "awaiting-mount" mode +that allows you to use +.BR fsmount (2) +to create a mount object from the filesystem instance. +.\" FS_CONTEXT_AWAITING_MOUNT is the term the kernel uses for this. +.IP +This is intended for use with filesystem configuration contexts created wi= th +.BR fsopen (2). +In order to create a filesystem instance, +the calling process must have the +.B \%CAP_SYS_ADMIN +capability. +.IP +Note that the Linux kernel reuses filesystem instances +for many filesystems, +so (depending on the filesystem being configured and parameters used) +it is possible for the filesystem instance "created" by +.B \%FSCONFIG_CMD_CREATE +to, in fact, be a reference +to an existing filesystem instance in the kernel. +The kernel will attempt to merge the specified parameters +of this filesystem configuration context +with those of the filesystem instance being reused, +but some parameters may be +.IR "silently ignored" . +.IP +Programs that need to ensure +that they create a new filesystem instance +with specific parameters +(notably, security-related parameters +such as +.I acl +to enable POSIX ACLs as described in +.BR acl (5)) +should use +.B \%FSCONFIG_CMD_CREATE_EXCL +instead. +.TP +.BR FSCONFIG_CMD_CREATE_EXCL " (since Linux 6.6)" +.\" commit 22ed7ecdaefe0cac0c6e6295e83048af60435b13 +.\" commit 84ab1277ce5a90a8d1f377707d662ac43cc0918a +As with +.BR \%FSCONFIG_CMD_CREATE , +except that the kernel is instructed +to create a new filesystem instance +("superblock" in kernel-developer parlance) +rather than reusing an existing one. +.IP +If this is not possible +(such as with disk-backed filesystems +where multiple filesystem instances +using the same filesystem driver +and writing to the same underlying device +could result in data corruption), +this operation will incur +an +.B EBUSY +error. +.IP +As a result (unlike +.BR \%FSCONFIG_CMD_CREATE ), +if this command succeeds +then the calling process can be sure that +all of the parameters successfully configured with +.BR fsconfig () +will actually be applied +to the created filesystem instance. +.TP +.B FSCONFIG_CMD_RECONFIGURE +This command instructs the filesystem driver +to apply the parameters specified in the filesystem configuration context +to the extant filesystem instance +referenced by the filesystem configuration context. +.IP +This is primarily intended for use with +.BR fspick (2), +but may also be used to modify the parameters of filesystem instance after +.BR \%FSCONFIG_CMD_CREATE +was used to create it +and a mount object was created using +.BR fsmount (2). +In order to reconfigure an extant filesystem instance, +the calling process must have the +.B CAP_SYS_ADMIN +capability. +.IP +Once this operation succeeds, the filesystem context is reset +but remains in reconfiguration mode +and thus can be used for subsequent +.B \%FSCONFIG_CMD_RECONFIGURE +commands. +.RE +.P +Parameters specified with +.BI FSCONFIG_SET_ * +do not take effect +until the corresponding +.B \%FSCONFIG_CMD_CREATE +or +.B \%FSCONFIG_CMD_RECONFIGURE +command is issued. +.SH RETURN VALUE +On success, +.BR fsconfig () +returns 0. +On error, \-1 is returned, and +.I errno +is set to indicate the error. +.SH ERRORS +If an error occurs, the filesystem driver may provide +additional information about the error +through the message retrieval interface for filesystem configuration conte= xts. +This additional information can be retrieved at any time by calling +.BR read (2) +on the filesystem instance or filesystem configuration context +referenced by the file descriptor +.IR fd . +(See the "Message retrieval interface" subsection in +.BR fsopen (2) +for more details on the message format.) +.P +Even after an error occurs, +the filesystem configuration context is +.I not +invalidated, +and thus can still be used with other +.BR fsconfig () +commands. +This means that users can probe support for filesystem parameters +on a per-parameter basis, +and adjust which parameters they wish to set. +.P +The error values given below result from +filesystem type independent errors. +Each filesystem type may have its own special errors +and its own special behavior. +See the Linux kernel source code for details. +.TP +.B EACCES +A component of a path +provided as a path parameter +was not searchable. +(See also +.BR path_resolution (7).) +.TP +.B EACCES +.B \%FSCONFIG_CMD_CREATE +was attempted +for a read-only filesystem +without specifying the +.RB ' ro ' +flag parameter. +.TP +.B EACCES +A specified block device parameter +is located on a filesystem +mounted with the +.B \%MS_NODEV +option. +.TP +.B EBADF +The file descriptor given by +.I fd +(or possibly by +.IR aux , +depending on the command) +is invalid. +.TP +.B EBUSY +The filesystem context associated with +.I fd +is in the wrong state +for the given command. +.TP +.B EBUSY +The filesystem instance cannot be reconfigured as read-only +with +.B \%FSCONFIG_CMD_RECONFIGURE +because some programs +still hold files open for writing. +.TP +.B EBUSY +A new filesystem instance was requested with +.B \%FSCONFIG_CMD_CREATE_EXCL +but a matching superblock already existed. +.TP +.B EFAULT +One of the pointer arguments +points to a location +outside the calling process's accessible address space. +.TP +.B EINVAL +.I fd +does not refer to +a filesystem configuration context +or filesystem instance. +.TP +.B EINVAL +One of the values of +.IR name , +.IR value , +and/or +.I aux +were set to a non-zero value when +.I cmd +required that they be zero +(or NULL). +.TP +.B EINVAL +The parameter named by +.I name +cannot be set +using the type specified with +.IR cmd . +.TP +.B EINVAL +One of the source parameters +referred to +an invalid superblock. +.TP +.B ELOOP +Too many links encountered +during pathname resolution +of a path argument. +.TP +.B ENAMETOOLONG +A path argument was longer than +.BR PATH_MAX . +.TP +.B ENOENT +A path argument had a non-existent component. +.TP +.B ENOENT +A path argument is an empty string, +but +.I cmd +is not +.BR \%FSCONFIG_SET_PATH_EMPTY . +.TP +.B ENOMEM +The kernel could not allocate sufficient memory to complete the operation. +.TP +.B ENOTBLK +The parameter named by +.I name +must be a block device, +but the provided parameter value was not a block device. +.TP +.B ENOTDIR +A component of the path prefix +of a path argument +was not a directory. +.TP +.B EOPNOTSUPP +The command given by +.I cmd +is not valid. +.TP +.B ENXIO +The major number +of a block device parameter +is out of range. +.TP +.B EPERM +The command given by +.I cmd +was +.BR \%FSCONFIG_CMD_CREATE , +.BR \%FSCONFIG_CMD_CREATE_EXCL , +or +.BR \% FSCONFIG_CMD_RECONFIGURE , +but the calling process does not have the required +.B \%CAP_SYS_ADMIN +capability. +.SH STANDARDS +Linux. +.SH HISTORY +Linux 5.2. +.\" commit ecdab150fddb42fe6a739335257949220033b782 +.\" commit 400913252d09f9cfb8cce33daee43167921fc343 +glibc 2.36. +.SH NOTES +.SS Generic filesystem parameters +Each filesystem driver is responsible for +parsing most parameters specified with +.BR fsconfig (), +meaning that individual filesystems +may have very different behaviour +when encountering parameters with the same name. +In general, +you should not assume that the behaviour of +.BR fsconfig () +when specifying a parameter to one filesystem type +will match the behaviour of the same parameter +with a different filesystem type. +.P +However, +the following generic parameters +apply to all filesystems and have unified behaviour. +They are set using the listed +.BI \%FSCONFIG_SET_ * +command. +.TP +\fIro\fP and \fIrw\fP (\fB\%FSCONFIG_SET_FLAG\fP) +Configure whether the filesystem instance is read-only. +.TP +\fIdirsync\fP (\fB\%FSCONFIG_SET_FLAG\fP) +Make directory changes on this filesystem instance synchronous. +.TP +\fIsync\fP and \fIasync\fP (\fB\%FSCONFIG_SET_FLAG\fP) +Configure whether writes on this filesystem instance +will be made synchronous +(as though the +.B O_SYNC +flag to +.BR open (2) +was specified for +all file opens in this filesystem instance). +.TP +\fIlazytime\fP and \fInolazytime\fP (\fB\%FSCONFIG_SET_FLAG\fP) +Configure whether to reduce on-disk updates +of inode timestamps on this filesystem instance +(as described in the +.B \%MS_LAZYTIME +section of +.BR mount (2)). +.TP +\fImand\fP and \fInomand\fP (\fB\%FSCONFIG_SET_FLAG\fP) +Configure whether the filesystem instance should permit mandatory locking. +Since Linux 5.15, +.\" commit f7e33bdbd6d1bdf9c3df8bba5abcf3399f957ac3 +mandatory locking has been deprecated +and setting this flag is a no-op. +.TP +\fIsource\fP (\fB\%FSCONFIG_SET_STRING\fP) +This parameter is equivalent to the +.I source +parameter passed to +.BR mount (2) +for the same filesystem type, +and is usually the pathname of a block device +containing the filesystem. +This parameter may only be set once +per filesystem configuration context transaction. +.IP +Note that individual filesystem drivers +may choose to additionally permit other +.BI FSCONFIG_SET_ * +commands be used with +.IR source , +.\" (i.e., fc->ops->parse_param() parses "source") +but setting this parameter with +.B FSCONFIG_SET_STRING +is always allowed. +.P +In addition, +any filesystem parameters associated with +Linux Security Modules (LSMs) +are also generic with respect to the underlying filesystem. +See the documentation for the LSM you wish to configure for more details. +.SH CAVEATS +.SS Filesystem parameter types +As a result of +each filesystem driver being responsible for +parsing most parameters specified with +.BR fsconfig (), +some filesystem parameters +may have unintuitive behaviour +with regards to which +.BI \%FSCONFIG_SET_ * +commands are permitted +to configure a given parameter. +.P +In order for +filesystem parameters to be backwards compatible with +.BR mount (2), +they must be parseable as strings; +this almost universally means that +.B \%FSCONFIG_SET_STRING +can also be used to configure them. +.\" Aleksa Sarai +.\" Theoretically, a filesystem could check fc->oldapi and refuse +.\" FSCONFIG_SET_STRING if the operation is coming from the new API, but= no +.\" filesystems do this (and probably never will). +However, other +.BI \%FSCONFIG_SET_ * +commands need to be opted into +by each filesystem driver's parameter parser. +.P +One of the most user-visible instances of +this inconsistency is that +many filesystems do not support +configuring path parameters with +.B \%FSCONFIG_SET_PATH +(despite the name), +which can lead to somewhat confusing +.B EINVAL +errors. +(For example, the generic +.I source +parameter\[em]which is usually a path\[em]can only be configured +with +.BR \%FSCONFIG_SET_STRING .) +.P +When writing programs that use +.BR fsconfig () +to configure parameters +with commands other than +.BR \%FSCONFIG_SET_STRING , +users should verify +that the +.BI \%FSCONFIG_SET_ * +commands used to configure each parameter +are supported by the corresponding filesystem driver. +.\" Aleksa Sarai +.\" While this (quite confusing) inconsistency in behaviour is true today +.\" (and has been true since this was merged), this appears to mostly be= an +.\" unintended consequence of filesystem drivers hand-coding fsparam par= sing. +.\" Path parameters are the most eggregious causes of confusion. Hopeful= ly we +.\" can make this no longer the case in a future kernel. +.SH EXAMPLES +To illustrate the different kinds of flags that can be configured with +.BR fsconfig (), +here are a few examples of some different filesystems being created: +.P +.in +4n +.EX +int fsfd, mntfd; +\& +fsfd =3D fsopen("tmpfs", FSOPEN_CLOEXEC); +fsconfig(fsfd, FSCONFIG_SET_FLAG, "inode64", NULL, 0); +fsconfig(fsfd, FSCONFIG_SET_STRING, "uid", "1234", 0); +fsconfig(fsfd, FSCONFIG_SET_STRING, "huge", "never", 0); +fsconfig(fsfd, FSCONFIG_SET_FLAG, "casefold", NULL, 0); +fsconfig(fsfd, FSCONFIG_CMD_CREATE, NULL, NULL, 0); +mntfd =3D fsmount(fsfd, FSMOUNT_CLOEXEC, MOUNT_ATTR_NOEXEC); +move_mount(mntfd, "", AT_FDCWD, "/tmp", MOVE_MOUNT_F_EMPTY_PATH); +\& +fsfd =3D fsopen("erofs", FSOPEN_CLOEXEC); +fsconfig(fsfd, FSCONFIG_SET_STRING, "source", "/dev/loop0", 0); +fsconfig(fsfd, FSCONFIG_SET_FLAG, "acl", NULL, 0); +fsconfig(fsfd, FSCONFIG_SET_FLAG, "user_xattr", NULL, 0); +fsconfig(fsfd, FSCONFIG_CMD_CREATE_EXCL, NULL, NULL, 0); +mntfd =3D fsmount(fsfd, FSMOUNT_CLOEXEC, MOUNT_ATTR_NOSUID); +move_mount(mntfd, "", AT_FDCWD, "/mnt", MOVE_MOUNT_F_EMPTY_PATH); +.EE +.in +.P +Usually, +specifying the same parameter named by +.I key +multiple times with +.BR fsconfig () +causes the parameter value to be replaced. +However, some filesystems can have unique behaviour: +.P +.in +4n +.EX +\& +int fsfd, mntfd; +int lowerdirfd =3D open("/o/ctr/lower1", O_DIRECTORY | O_CLOEXEC); +\& +fsfd =3D fsopen("overlay", FSOPEN_CLOEXEC); +/* "lowerdir+" appends to the lower dir stack each time. */ +fsconfig(fsfd, FSCONFIG_SET_FD, "lowerdir+", NULL, lowerdirfd); +fsconfig(fsfd, FSCONFIG_SET_STRING, "lowerdir+", "/o/ctr/lower2", 0); +fsconfig(fsfd, FSCONFIG_SET_STRING, "lowerdir+", "/o/ctr/lower3", 0); +fsconfig(fsfd, FSCONFIG_SET_STRING, "lowerdir+", "/o/ctr/lower4", 0); +.\" fsconfig(fsfd, FSCONFIG_SET_PATH, "lowerdir+", "/o/ctr/lower5", AT_FDC= WD); +.\" fsconfig(fsfd, FSCONFIG_SET_PATH_EMPTY, "lowerdir+", "", lowerdirfd); +.\" Aleksa Sarai: Hopefully these will also be supported in the future. +fsconfig(fsfd, FSCONFIG_SET_STRING, "xino", "auto", 0); +fsconfig(fsfd, FSCONFIG_SET_STRING, "nfs_export", "off", 0); +fsconfig(fsfd, FSCONFIG_CMD_CREATE, NULL, NULL, 0); +mntfd =3D fsmount(fsfd, FSMOUNT_CLOEXEC, 0); +move_mount(mntfd, "", AT_FDCWD, "/mnt", MOVE_MOUNT_F_EMPTY_PATH); +.EE +.in +.P +And here is an example of how +.BR fspick (2) +can be used with +.BR fsconfig () +to reconfigure the parameters +of an extant filesystem instance +attached to +.IR /proc : +.P +.in +4n +.EX +int fsfd =3D fspick(AT_FDCWD, "/proc", FSPICK_CLOEXEC); +fsconfig(fsfd, FSCONFIG_SET_STRING, "hidepid", "ptraceable", 0); +fsconfig(fsfd, FSCONFIG_SET_STRING, "subset", "pid", 0); +fsconfig(fsfd, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0); +.EE +.in +.SH SEE ALSO +.BR fsmount (2), +.BR fsopen (2), +.BR fspick (2), +.BR mount (2), +.BR mount_setattr (2), +.BR move_mount (2), +.BR open_tree (2), +.BR mount_namespaces (7) + --=20 2.50.1 From nobody Mon Dec 15 01:34:25 2025 Received: from mout-p-101.mailbox.org (mout-p-101.mailbox.org [80.241.56.151]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A686C288C81; Fri, 8 Aug 2025 20:40:56 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=80.241.56.151 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1754685659; cv=none; b=YAKN/bXPFIxXg3No816j0VK2u18mvR0pp7BDm40hlWSDjnU2Z1M9kt6wvn3cey4NcAQvnfTLybDYFURvNNTbWl1XjjD8jPmYIstQO3/XHyP/u4pH5PSm4uDCeKAyaN9OVNwnmATaUd1Ei+kLWRLk8Rm3+gddSkDvTbi/XnwyDrA= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1754685659; c=relaxed/simple; bh=wVlzcJGWQtyC1xNvYJTTBK9Kr0muB5IFIbr6F+yhGgY=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=pIj/IaaXnC9MchiqTW1IFS2m5fo8lX1VJumaio4JPpwH6Hy5KgKb7bFo/f1YKz1n10eeINWfZyYhesf6FzqxpHufJ4I+ndKuL3ZYxg7mIzsE5n+FLFDtJH5kifUMQoNr85aTcnWfQz5JlYQAD6FvioWxZAoR0i1rnoMu+nuI0pQ= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=cyphar.com; spf=pass smtp.mailfrom=cyphar.com; dkim=pass (2048-bit key) header.d=cyphar.com header.i=@cyphar.com header.b=MvbD/n9Y; arc=none smtp.client-ip=80.241.56.151 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=cyphar.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=cyphar.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=cyphar.com header.i=@cyphar.com header.b="MvbD/n9Y" Received: from smtp1.mailbox.org (smtp1.mailbox.org [10.196.197.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mout-p-101.mailbox.org (Postfix) with ESMTPS id 4bzGBl03ltz9sn5; Fri, 8 Aug 2025 22:40:47 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cyphar.com; s=MBO0001; t=1754685647; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=apCS++qzUkR/PmBkaOypdPF6pEHRYEKfGZIPrvm2Dqo=; b=MvbD/n9YVi7PWA30mTtnxMbNbi9Ap+O6+8B+rYLBhY7AZp4pz+0LckNc75Y8p+vCQfOVhL +94OEraARPNzhnAt4CpIfGTRaspJb/BCJKjqvkTSNYerw+JLZCEnZ1vSfh77AXyACqdYPy 2SbbHg3RLL2Ini5o0+5u18/YLh5bQeTkCi9tiC+uy8+y66Xsfrtr5RSZAuKT2TBEQd259T gPQf/BRXsewpnIE3CcVXmM5kSsdexVnt/9bxMi2YOLKtLtyeYY1gSsxMWSuNkqmD2dpvYz EPi9kobJaHydjw4S3gpt3gmnIKxM0CMLgyhEmQasHCP+6M1H+U2XcszyXtkh3w== From: Aleksa Sarai Date: Sat, 09 Aug 2025 06:39:51 +1000 Subject: [PATCH v3 07/12] man/man2/fsmount.2: document "new" mount API Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20250809-new-mount-api-v3-7-f61405c80f34@cyphar.com> References: <20250809-new-mount-api-v3-0-f61405c80f34@cyphar.com> In-Reply-To: <20250809-new-mount-api-v3-0-f61405c80f34@cyphar.com> To: Alejandro Colomar Cc: "Michael T. Kerrisk" , Alexander Viro , Jan Kara , Askar Safin , "G. Branden Robinson" , linux-man@vger.kernel.org, linux-api@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, David Howells , Christian Brauner , Aleksa Sarai X-Developer-Signature: v=1; a=openpgp-sha256; l=6364; i=cyphar@cyphar.com; h=from:subject:message-id; bh=wVlzcJGWQtyC1xNvYJTTBK9Kr0muB5IFIbr6F+yhGgY=; b=owGbwMvMwCWmMf3Xpe0vXfIZT6slMWRMS5jOJ8+0+P2MPTOq3Z78/p2aLOdwRkO08n73l8nb7 9RZ8H6a3VHKwiDGxSArpsiyzc8zdNP8xVeSP61kg5nDygQyhIGLUwAmcnAdI0M7F2ND3OkCweM3 1I5wK0tKKk/X3r1AtOx4Q8/3P4JaTbKMDLuECyauWTazxCX4Uv/MV591X/5e9rN1q+vdtqMsS05 e3sYLAA== X-Developer-Key: i=cyphar@cyphar.com; a=openpgp; fpr=C9C370B246B09F6DBCFC744C34401015D1D2D386 This is loosely based on the original documentation written by David Howells and later maintained by Christian Brauner, but has been rewritten to be more from a user perspective (as well as fixing a few critical mistakes). Co-authored-by: David Howells Signed-off-by: David Howells Co-authored-by: Christian Brauner Signed-off-by: Christian Brauner Signed-off-by: Aleksa Sarai --- man/man2/fsmount.2 | 220 +++++++++++++++++++++++++++++++++++++++++++++++++= ++++ 1 file changed, 220 insertions(+) diff --git a/man/man2/fsmount.2 b/man/man2/fsmount.2 new file mode 100644 index 0000000000000000000000000000000000000000..92331cb18272f9ac836e55e7f28= faea3a3efbdac --- /dev/null +++ b/man/man2/fsmount.2 @@ -0,0 +1,220 @@ +.\" Copyright, the authors of the Linux man-pages project +.\" +.\" SPDX-License-Identifier: Linux-man-pages-copyleft +.\" +.TH fsmount 2 (date) "Linux man-pages (unreleased)" +.SH NAME +fsmount \- instantiate mount object from filesystem context +.SH LIBRARY +Standard C library +.RI ( libc ,\~ \-lc ) +.SH SYNOPSIS +.nf +.B #include +.P +.BI "int fsmount(int " fsfd ", unsigned int " flags ", \ +unsigned int " attr_flags ");" +.fi +.SH DESCRIPTION +The +.BR fsmount () +system call is part of +the suite of file descriptor based mount facilities in Linux. +.P +.BR fsmount () +creates a new detached mount object +for the root of the new filesystem instance +referenced by the filesystem context file descriptor +.IR fsfd . +A new file descriptor +associated with the detached mount object +is then returned. +In order to create a mount object with +.BR fsmount (), +the calling process must have the +.BR \%CAP_SYS_ADMIN +capability. +.P +The filesystem context must have been created with a call to +.BR fsopen (2) +and then had a filesystem instance instantiated with a call to +.BR fsconfig (2) +with +.B \%FSCONFIG_CMD_CREATE +or +.B \%FSCONFIG_CMD_CREATE_EXCL +in order to be in the correct state +for this operation +(the "awaiting-mount" mode in kernel-developer parlance). +.\" FS_CONTEXT_AWAITING_MOUNT is the term the kernel uses for this. +Unlike +.BR open_tree (2) +with +.BR \%OPEN_TREE_CLONE, +.BR fsmount () +can only be called once +in the lifetime of a filesystem instance +to produce a mount object. +.P +As with file descriptors returned from +.BR open_tree (2) +called with +.BR OPEN_TREE_CLONE , +the returned file descriptor +can then be used with +.BR move_mount (2), +.BR mount_setattr (2), +or other such system calls to do further mount operations. +This mount object will be unmounted and destroyed +when the file descriptor is closed +if it was not otherwise attached to a mount point +by calling +.BR move_mount (2). +The returned file descriptor +also acts the same as one produced by +.BR open (2) +with +.BR O_PATH , +meaning it can also be used as a +.I dirfd +argument +to "*at()" system calls. +.P +.I flags +controls the creation of the returned file descriptor. +A value for +.I flags +is constructed by bitwise ORing +zero or more of the following constants: +.RS +.TP +.B FSMOUNT_CLOEXEC +Set the close-on-exec +.RB ( FD_CLOEXEC ) +flag on the new file descriptor. +See the description of the +.B O_CLOEXEC +flag in +.BR open (2) +for reasons why this may be useful. +.RE +.P +.I attr_flags +specifies mount attributes +which will be applied to the created mount object, +in the form of +.BI \%MOUNT_ATTR_ * +flags. +The flags are interpreted as though +.BR mount_setattr (2) +was called with +.I attr.attr_set +set to the same value as +.IR attr_flags . +.BI \% MOUNT_ATTR_ * +flags which would require +specifying additional fields in +.BR mount_attr (2type) +(such as +.BR \%MOUNT_ATTR_IDMAP ) +are not valid flag values for +.IR attr_flags . +.P +If the +.BR fsmount () +operation is successful, +the filesystem context +associated with the file descriptor +.I fsfd +is reset +and placed into reconfiguration mode, +as if it were just returned by +.BR fspick (2). +You may continue to use +.BR fsconfig (2) +with the now-reset filesystem context, +including issuing the +.B \%FSCONFIG_CMD_RECONFIGURE +command +to reconfigure the filesystem instance. +.SH RETURN VALUE +On success, a new file descriptor is returned. +On error, \-1 is returned, and +.I errno +is set to indicate the error. +.SH ERRORS +.TP +.B EBUSY +The filesystem context associated with +.I fsfd +is not in the right state +to be used by +.BR fsmount (). +.TP +.B EINVAL +.I flags +had an invalid flag set. +.TP +.B EINVAL +.I attr_flags +had an invalid +.BI MOUNT_ATTR_ * +flag set. +.TP +.B EMFILE +The calling process has too many open files to create more. +.TP +.B ENFILE +The system has too many open files to create more. +.TP +.B ENOSPC +The "anonymous" mount namespace +necessary to contain the new mount object +could not be allocated, +as doing so would exceed +the configured per-user limit on +the number of mount namespaces in the current user namespace. +(See also +.BR namespaces (7).) +.TP +.B ENOMEM +The kernel could not allocate sufficient memory to complete the operation. +.TP +.B EPERM +The calling process does not have the required +.B CAP_SYS_ADMIN +capability. +.SH STANDARDS +Linux. +.SH HISTORY +Linux 5.2. +.\" commit 93766fbd2696c2c4453dd8e1070977e9cd4e6b6d +.\" commit 400913252d09f9cfb8cce33daee43167921fc343 +glibc 2.36. +.SH EXAMPLES +.in +4n +.EX +int fsfd, mntfd, tmpfd; +\& +fsfd =3D fsopen("tmpfs", FSOPEN_CLOEXEC); +fsconfig(fsfd, FSCONFIG_CMD_CREATE, NULL, NULL, 0); +mntfd =3D fsmount(fsfd, FSMOUNT_CLOEXEC, MOUNT_ATTR_NODEV | MOUNT_ATTR_NOE= XEC); +\& +/* Create a new file without attaching the mount object. */ +int tmpfd =3D openat(mntfd, "tmpfile", O_CREAT | O_EXCL | O_RDWR, 0600); +unlinkat(mntfd, "tmpfile", 0); +\& +/* Attach the mount object to "/tmp". */ +move_mount(mntfd, "", AT_FDCWD, "/tmp", MOVE_MOUNT_F_EMPTY_PATH); +.EE +.in +.SH SEE ALSO +.BR fsconfig (2), +.BR fsopen (2), +.BR fspick (2), +.BR mount (2), +.BR mount_setattr (2), +.BR move_mount (2), +.BR open_tree (2), +.BR mount_namespaces (7) + --=20 2.50.1 From nobody Mon Dec 15 01:34:25 2025 Received: from mout-p-201.mailbox.org (mout-p-201.mailbox.org [80.241.56.171]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 34E2B288C89; Fri, 8 Aug 2025 20:40:56 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=80.241.56.171 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1754685660; cv=none; b=o7CL/nSXtup1+GM3PcpFk983Smiu6uemgOdRCppuu1hT7EsDXcUwLTIgZ9hQ1Hl5BszBlKnSQHU9BsqBUZagAJylFoyEoOB5jbpHCdRWeGwt2khXT1Q4lec0f115WCaD8j5pUEN3BCbk9TnqPiX41EmwGkf4IY1NtV0F9ju9ITk= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1754685660; c=relaxed/simple; bh=32OoGk+D2mym1L0E5K5AB18rITt+XUC7O6fS+F43B8c=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=Cr6wggLLOp07N6fBNQwJhJ0ANa/XVXewVGjgv59D1Be6fFSRhn3ZqsIQprbaHpRFtN1yQy6onLuedc7RJbqBZgSh2MnXwJHkaWV6wAwqeoCONiD/Oi8NnLMol21NTY8Q5lOdZpJT+aSNby+GfOLBp4vtumvtjoWy313F8i5c770= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=cyphar.com; spf=pass smtp.mailfrom=cyphar.com; dkim=pass (2048-bit key) header.d=cyphar.com header.i=@cyphar.com header.b=cHHy3jzP; arc=none smtp.client-ip=80.241.56.171 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=cyphar.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=cyphar.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=cyphar.com header.i=@cyphar.com header.b="cHHy3jzP" Received: from smtp1.mailbox.org (smtp1.mailbox.org [10.196.197.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mout-p-201.mailbox.org (Postfix) with ESMTPS id 4bzGBs4Q3kz9srN; Fri, 8 Aug 2025 22:40:53 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cyphar.com; s=MBO0001; t=1754685653; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=7tQk2hWPv9K8FqsIgBqoadl8hRRXDafA1EsIoyCxfr0=; b=cHHy3jzPiFsZl7n7X2AtEh35dLyAP9App8kYSm9NfXDGx/Xqf2F/AHzH+bOaIRmItrx06b eeVTsfBtD5hz+QfSlzbqnMohrAlbhiFA4Kfnmzkl614p6yUR6+/kyRD8wEzfg4Zuc4kUV5 /+ydg5xuOTPI5E24obQGpl7L2on3yH2YPxpXSkA71p90W96xERycRM2LGZXsvFCxQ2cgGb kxeur20NwVhUnmMFrXblfWwbQpE0Cf5Xf6qcAa8juVnx0qwvrjmWczloWJUe54iiPSEDGh YIZS8fefJO4PFm5SrInYBkAytJr1iQp+XYdkeF90bVUSSTcA+l+c25Zb+l7pZA== From: Aleksa Sarai Date: Sat, 09 Aug 2025 06:39:52 +1000 Subject: [PATCH v3 08/12] man/man2/move_mount.2: document "new" mount API Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20250809-new-mount-api-v3-8-f61405c80f34@cyphar.com> References: <20250809-new-mount-api-v3-0-f61405c80f34@cyphar.com> In-Reply-To: <20250809-new-mount-api-v3-0-f61405c80f34@cyphar.com> To: Alejandro Colomar Cc: "Michael T. Kerrisk" , Alexander Viro , Jan Kara , Askar Safin , "G. Branden Robinson" , linux-man@vger.kernel.org, linux-api@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, David Howells , Christian Brauner , Aleksa Sarai X-Developer-Signature: v=1; a=openpgp-sha256; l=15484; i=cyphar@cyphar.com; h=from:subject:message-id; bh=32OoGk+D2mym1L0E5K5AB18rITt+XUC7O6fS+F43B8c=; b=owGbwMvMwCWmMf3Xpe0vXfIZT6slMWRMS5gRYjTjnrz6FNtb/OpR6aqG/5bETvTXlrrNdLC6d NK9Dq+5HaUsDGJcDLJiiizb/DxDN81ffCX500o2mDmsTCBDGLg4BWAiKzsZ/kfuzY3xTP/hfkxJ +av44+e72Fq+1m7TXRWT7H7hdbP8WndGhr/PjWLjnJsFjv/fXmSfLOEXrnFE7Pyp5zful9UHCNV p8gMA X-Developer-Key: i=cyphar@cyphar.com; a=openpgp; fpr=C9C370B246B09F6DBCFC744C34401015D1D2D386 This is loosely based on the original documentation written by David Howells and later maintained by Christian Brauner, but has been rewritten to be more from a user perspective (as well as fixing a few critical mistakes). Co-authored-by: David Howells Signed-off-by: David Howells Co-authored-by: Christian Brauner Signed-off-by: Christian Brauner Signed-off-by: Aleksa Sarai --- man/man2/move_mount.2 | 640 ++++++++++++++++++++++++++++++++++++++++++++++= ++++ 1 file changed, 640 insertions(+) diff --git a/man/man2/move_mount.2 b/man/man2/move_mount.2 new file mode 100644 index 0000000000000000000000000000000000000000..ccb5477620ce0ab37a2be11947b= f262d50a52cc9 --- /dev/null +++ b/man/man2/move_mount.2 @@ -0,0 +1,640 @@ +.\" Copyright, the authors of the Linux man-pages project +.\" +.\" SPDX-License-Identifier: Linux-man-pages-copyleft +.\" +.TH move_mount 2 (date) "Linux man-pages (unreleased)" +.SH NAME +move_mount \- move or attach mount object to filesystem +.SH LIBRARY +Standard C library +.RI ( libc ,\~ \-lc ) +.SH SYNOPSIS +.nf +.BR "#include " " /* Definition of " AT_* " constants */" +.B #include +.P +.BI "int move_mount(int " from_dirfd ", const char *" from_path "," +.BI " int " to_dirfd ", const char *" to_path "," +.BI " unsigned int " flags ");" +.fi +.SH DESCRIPTION +The +.BR move_mount () +system call is part of +the suite of file descriptor based mount facilities in Linux. +.P +.BR move_mount () +moves the mount object indicated by +.I from_dirfd +and +.I from_path +to the path indicated by +.I to_dirfd +and +.IR to_path . +The mount object being moved +can be an existing mount point in the current mount namespace, +or a detached mount object created by +.BR fsmount (2) +or +.BR open_tree (2) +with +.BR \%OPEN_TREE_CLONE . +.P +To access the source mount object +or the destination mount point, +no permissions are required on the object itself, +but if either pathname is supplied, +execute (search) permission is required +on all of the directories specified in +.I from_path +or +.IR to_path . +.P +The calling process must have the +.BR \%CAP_SYS_ADMIN +capability in order to move or attach a mount object. +.P +As with "*at()" system calls, +.BR move_mount () +uses the +.I from_dirfd +and +.I to_dirfd +arguments +in conjunction with the +.I from_path +and +.I to_path +arguments to determine the source and destination objects to operate on +(respectively), as follows: +.IP \[bu] 3 +If the pathname given in +.I *_path +is absolute, then +the corresponding +.I *_dirfd +is ignored. +.IP \[bu] +If the pathname given in +.I *_path +is relative and +the corresponding +.I *_dirfd +is the special value +.BR \%AT_FDCWD , +then +.I *_path +is interpreted relative to +the current working directory +of the calling process (like +.BR open (2)). +.IP \[bu] +If the pathname given in +.I *_path +is relative, +then it is interpreted relative to +the directory referred to by +the corresponding file descriptor +.I *_dirfd +(rather than relative to +the current working directory +of the calling process, +as is done by +.BR open (2) +for a relative pathname). +In this case, +the corresponding +.I *_dirfd +must be a directory +that was opened for reading +.RB ( O_RDONLY ) +or using the +.B O_PATH +flag. +.IP \[bu] +If +.I *_path +is an empty string, +and +.I flags +contains the appropriate +.BI \%MOVE_MOUNT_ * _EMPTY_PATH +flag, +then the corresponding file descriptor +.I *_dirfd +is operated on directly. +In this case, +the corresponding +.I *_dirfd +may refer to any type of file, +not just a directory. +.P +.I flags +can be used to control aspects of the path lookup +for both the source and destination objects, +as well as other properties of the mount operation. +A value for +.I flags +is constructed by bitwise ORing +zero or more of the following constants: +.RS +.TP +.B MOVE_MOUNT_F_EMPTY_PATH +If +.I from_path +is an empty string, operate on the file referred to by +.I from_dirfd +(which may have been obtained from +.BR open (2), +.BR fsmount (2), +or +.BR open_tree (2)). +In this case, +.I from_dirfd +may refer to any type of file, +not just a directory. +If +.I from_dirfd +is +.BR \%AT_FDCWD , +.BR move_mount () +will operate on the current working directory +of the calling process. +.IP +This is the most common mechanism +used to attach detached mount objects +produced by +.BR fsmount (2) +and +.BR open_tree (2) +to a mount point. +.TP +.B MOVE_MOUNT_T_EMPTY_PATH +As with +.BR \%MOVE_MOUNT_F_EMPTY_PATH , +except operating on +.I to_dirfd +and +.IR to_path . +.TP +.B MOVE_MOUNT_F_SYMLINKS +If +.IR from_path +references a symbolic link, +then dereference it. +The default behaviour for +.BR move_mount () +is to +.I not follow +symbolic links. +.TP +.B MOVE_MOUNT_T_SYMLINKS +As with +.BR \%MOVE_MOUNT_F_SYMLINKS , +except operating on +.I to_dirfd +and +.IR to_path . +.TP +.B MOVE_MOUNT_F_NO_AUTOMOUNT +Do not automount any automount points encountered +while resolving +.IR from_path . +This allows a mount object +that has an automount point at its root +to be moved +and prevents unintended triggering of an automount point. +This flag has no effect +if the automount point has already been mounted over. +.TP +.B MOVE_MOUNT_T_NO_AUTOMOUNT +As with +.BR \%MOVE_MOUNT_F_NO_AUTOMOUNT , +except operating on +.I to_dirfd +and +.IR to_path . +This allows an automount point to be manually mounted over. +.TP +.BR MOVE_MOUNT_SET_GROUP " (since Linux 5.15)" +Add the attached private-propagation mount object indicated by +.I to_dirfd +and +.I to_path +into the mount propagation "peer group" +of the attached non-private-propagation mount object indicated by +.I from_dirfd +and +.IR from_path . +.IP +Unlike other +.BR move_mount () +operations, +this operation does not move or attach any mount objects. +Instead, it only updates the metadata +of attached mount objects. +(Also, take careful note of +the argument order\[em]the mount object being modified +by this operation is the one specified by +.I to_dirfd +and +.IR to_path .) +.IP +This makes it possible to first create a mount tree +consisting only of private mounts +and then configure the desired propagation layout afterwards. +(See the "SHARED SUBTREES" section of +.BR mount_namespaces (7) +for more information about mount propagation and peer groups.) +.TP +.BR MOVE_MOUNT_BENEATH " (since Linux 6.5)" +If the path indicated by +.I to_dirfd +and +.I to_path +is an existing mount object, +rather than attaching or moving the mount object +indicated by +.I from_dirfd +and +.I from_path +on top of the mount stack, +attach or move it beneath the current top mount +on the mount stack. +.IP +After using +.BR \%MOVE_MOUNT_BENEATH , +it is possible to +.BR umount (2) +the top mount +in order to reveal the mount object +which was attached beneath it earlier. +This allows for the seamless (and atomic) replacement +of intricate mount trees, +which can further be used +to "upgrade" a mount tree with a newer version. +.IP +This operation has several restrictions: +.RS +.IP \[bu] 3 +Mount objects cannot be attached beneath the filesystem root, +including cases where +the filesystem root was configured by +.BR chroot (2) +or +.BR pivot_root (2). +To mount beneath the filesystem root, +.BR pivot_root (2) +must be used. +.IP \[bu] +The target path indicated by +.I to_dirfd +and +.I to_path +must not be a detached mount object, +such as those produced by +.BR open_tree (2) +with +.B \%OPEN_TREE_CLONE +or +.BR fsmount (2). +.IP \[bu] +The current top mount +of the target path's mount stack +and its parent mount +must be in the calling process's mount namespace. +.IP \[bu] +The caller must have sufficient privileges +to unmount the top mount +of the target path's mount stack, +to prove they have privileges +to reveal the underlying mount. +.IP \[bu] +Mount propagation events triggered by this +.BR move_mount () +operation +(as described in +.BR mount_namespaces (7)) +are calculated based on the parent mount +of the current top mount +of the target path's mount stack. +.IP \[bu] +The target path's mount +cannot be an ancestor in the mount tree of +the source mount object. +.IP \[bu] +The source mount object +must not have any overmounts, +otherwise it would be possible to create "shadow mounts" +(i.e., two mounts mounted on the same parent mount at the same mount point= ). +.IP \[bu] +It is not possible to move a mount +beneath a top mount +if the parent mount +of the current top mount +propagates to the top mount itself. +Otherwise, +.B \%MOVE_MOUNT_BENEATH +would cause the mount object +to be propagated +to the top mount +from the parent mount, +defeating the purpose of using +.BR \%MOVE_MOUNT_BENEATH . +.IP \[bu] +It is not possible to move a mount +beneath a top mount +if the parent mount +of the current top mount +propagates to the mount object +being mounted beneath. +Otherwise, this would cause a similar propagation issue +to the previous point, +also defeating the purpose of using +.BR \%MOVE_MOUNT_BENEATH . +.RE +.RE +.P +If +.I from_dirfd +is a mount object file descriptor and +.BR move_mount () +is operating on it directly, +.I from_dirfd +will remain associated with the mount object after +.BR move_mount () +succeeds, +so you may repeatedly use +.I from_dirfd +with +.BR move_mount (2) +and/or "*at()" system calls +as many times as necessary. +.SH RETURN VALUE +On success, +.BR move_mount () +returns 0. +On error, \-1 is returned, and +.I errno +is set to indicate the error. +.SH ERRORS +.TP +.B EACCES +Search permission is denied +for one of the directories +in the path prefix of one of +.I from_path +or +.IR to_path . +(See also +.BR path_resolution (7).) +.TP +.B EBADF +One of +.I from_dirfd +or +.I to_dirfd +is not a valid file descriptor. +.TP +.B EFAULT +One of +.I from_path +or +.I to_path +is NULL +or a pointer to a location +outside the calling process's accessible address space. +.TP +.B EINVAL +Invalid flag specified in +.IR flags . +.TP +.B EINVAL +The path indicated by +.I from_dirfd +and +.I from_path +is not a mount object. +.TP +.B EINVAL +The mount object type +of the source mount object and target inode +are not compatible +(i.e., the source is a file but the target is a directory, or vice-versa). +.TP +.B EINVAL +The source mount object or target path +are not in the calling process's mount namespace +(or an anonymous mount namespace of the calling process). +.TP +.B EINVAL +The source mount object's parent mount +has shared mount propagation, +and thus cannot be moved +(as described in +.BR mount_namespaces (7)). +.TP +.B EINVAL +The source mount has +.B MS_UNBINDABLE +child mounts +but the target path +resides on a mount tree with shared mount propagation, +which would otherwise cause the unbindable mounts to be propagated +(as described in +.BR mount_namespaces (7)). +.TP +.B EINVAL +.B \%MOVE_MOUNT_BENEATH +was attempted, +but one of the listed restrictions was violated. +.TP +.B ELOOP +Too many symbolic links encountered +when resolving one of +.I from_path +or +.IR to_path . +.TP +.B ENAMETOOLONG +One of +.I from_path +or +.I to_path +is longer than +.BR PATH_MAX . +.TP +.B ENOENT +A component of one of +.I from_path +or +.I to_path +does not exist. +.TP +.B ENOENT +One of +.I from_path +or +.I to_path +is an empty string, +but the corresponding +.BI MOVE_MOUNT_ * _EMPTY_PATH +flag is not specified in +.IR flags . +.TP +.B ENOTDIR +A component of the path prefix of one of +.I from_path +or +.I to_path +is not a directory, +or one of +.I from_path +or +.I to_path +is relative +and the corresponding +.I from_dirfd +or +.I to_dirfd +is a file descriptor referring to a file other than a directory. +.TP +.B ENOMEM +The kernel could not allocate sufficient memory to complete the operation. +.TP +.B EPERM +The calling process does not have the required +.B \%CAP_SYS_ADMIN +capability. +.SH STANDARDS +Linux. +.SH HISTORY +Linux 5.2. +.\" commit 2db154b3ea8e14b04fee23e3fdfd5e9d17fbc6ae +.\" commit 400913252d09f9cfb8cce33daee43167921fc343 +glibc 2.36. +.SH EXAMPLES +.BR move_mount () +can be used to move attached mounts like the following: +.P +.in +4n +.EX +move_mount(AT_FDCWD, "/a", AT_FDCWD, "/b", 0); +.EE +.in +.P +This would move the mount object mounted on +.I /a +to +.IR /b . +The above procedure is functionally equivalent to +the following mount operation +using +.BR mount (2): +.P +.in +4n +.EX +mount("/a", "/b", NULL, MS_MOVE, NULL); +.EE +.in +.P +.BR move_mount () +can also be used in conjunction with file descriptors returned from +.BR open_tree (2) +or +.BR open (2): +.P +.in +4n +.EX +int fd =3D open_tree(AT_FDCWD, "/mnt", 0); /* or open("/mnt", O_PATH); */ +move_mount(fd, "", AT_FDCWD, "/mnt2", MOVE_MOUNT_F_EMPTY_PATH); +move_mount(fd, "", AT_FDCWD, "/mnt3", MOVE_MOUNT_F_EMPTY_PATH); +move_mount(fd, "", AT_FDCWD, "/mnt4", MOVE_MOUNT_F_EMPTY_PATH); +.EE +.in +.P +This would move the mount object mounted at +.I /mnt +to +.IR /mnt2 , +then +.IR /mnt3 , +and then +.IR /mnt4 . +.P +If the source mount object +indicated by +.I from_dirfd +and +.I from_path +is a detached mount object, +.BR move_mount () +can be used to attach it to a mount point: +.P +.in +4n +.EX +int fsfd, mntfd; +\& +fsfd =3D fsopen("ext4", FSOPEN_CLOEXEC); +fsconfig(fsfd, FSCONFIG_SET_STRING, "source", "/dev/sda1", 0); +fsconfig(fsfd, FSCONFIG_SET_FLAG, "user_xattr", NULL, 0); +fsconfig(fsfd, FSCONFIG_CMD_CREATE, NULL, NULL, 0); +mntfd =3D fsmount(fsfd, FSMOUNT_CLOEXEC, MOUNT_ATTR_NODEV); +move_mount(mntfd, "", AT_FDCWD, "/home", MOVE_MOUNT_F_EMPTY_PATH); +.EE +.in +.P +This would create a new filesystem configuration context for ext4, +configure it, +create a mount object, +and then attach it to +.IR /home . +The above procedure is functionally equivalent to +the following mount operation +using +.BR mount (2): +.P +.in +4n +.EX +mount("/dev/sda1", "/home", "ext4", MS_NODEV, "user_xattr"); +.EE +.in +.P +The same operation also works with detached bind-mounts created with +.BR open_tree (2) +with +.BR OPEN_TREE_CLONE : +.P +.in +4n +.EX +int mntfd =3D open_tree(AT_FDCWD, "/home/cyphar", OPEN_TREE_CLONE); +move_mount(mntfd, "", AT_FDCWD, "/root", MOVE_MOUNT_F_EMPTY_PATH); +.EE +.in +.P +This would create a new bind-mount of +.I /home/cyphar +as attached mount object, +and then attach it to +.IR /root . +The above procedure is functionally equivalent to +the following mount operation +using +.BR mount (2): +.P +.in +4n +.EX +mount("/home/cyphar", "/root", NULL, MS_BIND, NULL); +.EE +.in +.SH SEE ALSO +.BR fsconfig (2), +.BR fsmount (2), +.BR fsopen (2), +.BR fspick (2), +.BR mount (2), +.BR mount_setattr (2), +.BR open_tree (2), +.BR mount_namespaces (7) + --=20 2.50.1 From nobody Mon Dec 15 01:34:25 2025 Received: from mout-p-103.mailbox.org (mout-p-103.mailbox.org [80.241.56.161]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 69D05253939; Fri, 8 Aug 2025 20:41:03 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=80.241.56.161 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1754685665; cv=none; b=P8BLCleIqxFEBhXiTU3lA0iOAww+dem5teHEvxAdbyoJ3VGMTpvu940sBqacyVIjrxvgcWlH/DneA3DSZHI4ilkXtepE4NLluTK09MGV0NmVc9wqpEULjl/eJTF2utXE0JHp0Fru8RQ4p8gUOB2QnF1CsJRxjnnYu/EZQ+O5OMk= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1754685665; c=relaxed/simple; bh=bSeqyXAXnjU3xZRJle5jTkcmh4aB3oDy5r9FCQk9ZOk=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=eGVr5g/lVMV9R4HGRlzG8V/FWEd/rfO/ux/YIQML6KTjE3aMovyzPujQPAWTsoIpMsWf02cx1naF9e5xi+CoUuE7i5gQ6SrSj6A+BL9ALNnUcPQwW5CMm3twMYJaYcSbgWhrN8mfOAMKEBdQUnvmkXqNvrtiYboFRJjMrMOfeos= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=cyphar.com; spf=pass smtp.mailfrom=cyphar.com; dkim=pass (2048-bit key) header.d=cyphar.com header.i=@cyphar.com header.b=dEVzKYLn; arc=none smtp.client-ip=80.241.56.161 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=cyphar.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=cyphar.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=cyphar.com header.i=@cyphar.com header.b="dEVzKYLn" Received: from smtp1.mailbox.org (smtp1.mailbox.org [10.196.197.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mout-p-103.mailbox.org (Postfix) with ESMTPS id 4bzGBz6BP5z9ssn; Fri, 8 Aug 2025 22:40:59 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cyphar.com; s=MBO0001; t=1754685659; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=82z6kh61HtnSG2ifnALJUZbFSUNo8ByAHKEQBHqZEHQ=; b=dEVzKYLn2q4crj0n/GM9nb9c2hfBElQv0OE1DEDpswUeE7waA12kZrItg1yIevesPagAOa So/J9f759pHxFOpDP+0k9v1l+6+T73A9ZWtVLnS/cBICpQ6A0l6s+iqNwGr1gV1TfG2G68 3s8ywcv/2gFnFeJIfWo3gU0vC116QUBGLgbnXtNJ63SNvWI2P8ftjELWCOaGib8cTCfp4d qy/BIrmJFoPeYYIHccQBLKhaHfrk1YU+kATTQ/58x8obaoU/6siRkaKqZFxr/OQYtl33TP PJ9P9mD/eVh07bTpFIG/UJw1LtN6vzyMOH4V8AwWucsPFZVFTaCV6IXZ3l6HXQ== From: Aleksa Sarai Date: Sat, 09 Aug 2025 06:39:53 +1000 Subject: [PATCH v3 09/12] man/man2/open_tree.2: document "new" mount API Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20250809-new-mount-api-v3-9-f61405c80f34@cyphar.com> References: <20250809-new-mount-api-v3-0-f61405c80f34@cyphar.com> In-Reply-To: <20250809-new-mount-api-v3-0-f61405c80f34@cyphar.com> To: Alejandro Colomar Cc: "Michael T. Kerrisk" , Alexander Viro , Jan Kara , Askar Safin , "G. Branden Robinson" , linux-man@vger.kernel.org, linux-api@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, David Howells , Christian Brauner , Aleksa Sarai X-Developer-Signature: v=1; a=openpgp-sha256; l=11759; i=cyphar@cyphar.com; h=from:subject:message-id; bh=bSeqyXAXnjU3xZRJle5jTkcmh4aB3oDy5r9FCQk9ZOk=; b=owGbwMvMwCWmMf3Xpe0vXfIZT6slMWRMS5ghN/Ulp4qun9B759vPn7+56HKd+c+U9FdZfZHSw sKz96Wv6yhlYRDjYpAVU2TZ5ucZumn+4ivJn1aywcxhZQIZwsDFKQATyc5hZDjx45m0wpTcOYqr 595Jv+Qo77Qw3KGapbvGQfXmCuOn6S8Y/tdxTn/9NyjqwZQpW2zNA2uufC9W7Vi4XPy7oPWNt8s MlRgB X-Developer-Key: i=cyphar@cyphar.com; a=openpgp; fpr=C9C370B246B09F6DBCFC744C34401015D1D2D386 This is loosely based on the original documentation written by David Howells and later maintained by Christian Brauner, but has been rewritten to be more from a user perspective (as well as fixing a few critical mistakes). Co-authored-by: David Howells Signed-off-by: David Howells Co-authored-by: Christian Brauner Signed-off-by: Christian Brauner Signed-off-by: Aleksa Sarai --- man/man2/open_tree.2 | 471 +++++++++++++++++++++++++++++++++++++++++++++++= ++++ 1 file changed, 471 insertions(+) diff --git a/man/man2/open_tree.2 b/man/man2/open_tree.2 new file mode 100644 index 0000000000000000000000000000000000000000..07aac7616107d16d05cc71ba7db= 6aee35f3a9cc6 --- /dev/null +++ b/man/man2/open_tree.2 @@ -0,0 +1,471 @@ +.\" Copyright, the authors of the Linux man-pages project +.\" +.\" SPDX-License-Identifier: Linux-man-pages-copyleft +.\" +.TH open_tree 2 (date) "Linux man-pages (unreleased)" +.SH NAME +open_tree \- open path or create detached mount object and attach to fd +.SH LIBRARY +Standard C library +.RI ( libc ,\~ \-lc ) +.SH SYNOPSIS +.nf +.BR "#include " " /* Definition of " AT_* " constants */" +.B #include +.P +.BI "int open_tree(int " dirfd ", const char *" path ", unsigned int " fla= gs ");" +.fi +.SH DESCRIPTION +The +.BR open_tree () +system call is part of +the suite of file descriptor based mount facilities in Linux. +.IP \[bu] 3 +If +.I flags +contains +.BR \%OPEN_TREE_CLONE , +.BR open_tree () +creates a detached mount object +which consists of a bind-mount of +the path specified by the +.IR path . +A new file descriptor +associated with the detached mount object +is then returned. +The mount object is equivalent to a bind-mount +that would be created by +.BR mount (2) +called with +.BR MS_BIND , +except that it is tied to a file descriptor +and is not mounted onto the filesystem. +.IP +As with file descriptors returned from +.BR fsmount (2), +the resultant file descriptor can then be used with +.BR move_mount (2), +.BR mount_setattr (2), +or other such system calls to do further mount operations. +This mount object will be unmounted and destroyed +when the file descriptor is closed +if it was not otherwise attached to a mount point +by calling +.BR move_mount (2). +.IP \[bu] +If +.I flags +does not contain +.BR \%OPEN_TREE_CLONE , +.BR open_tree () +returns a file descriptor +that is exactly equivalent to +one produced by +.BR openat (2) +when called with the same +.I dirfd +and +.IR path . +.P +In either case, the resultant file descriptor +acts the same as one produced by +.BR open (2) +with +.BR O_PATH , +meaning it can also be used as a +.I dirfd +argument to +"*at()" system calls. +.P +As with "*at()" system calls, +.BR open_tree () +uses the +.I dirfd +argument in conjunction with the +.I path +argument to determine the path to operate on, as follows: +.IP \[bu] 3 +If the pathname given in +.I path +is absolute, then +.I dirfd +is ignored. +.IP \[bu] +If the pathname given in +.I path +is relative and +.I dirfd +is the special value +.BR \%AT_FDCWD , +then +.I path +is interpreted relative to +the current working directory +of the calling process (like +.BR open (2)). +.IP \[bu] +If the pathname given in +.I path +is relative, +then it is interpreted relative to +the directory referred to by the file descriptor +.I dirfd +(rather than relative to +the current working directory +of the calling process, +as is done by +.BR open (2) +for a relative pathname). +In this case, +.I dirfd +must be a directory +that was opened for reading +.RB ( O_RDONLY ) +or using the +.B O_PATH +flag. +.IP \[bu] +If +.I path +is an empty string, +and +.I flags +contains +.BR \%AT_EMPTY_PATH , +then the file descriptor +.I dirfd +is operated on directly. +In this case, +.I dirfd +may refer to any type of file, +not just a directory. +.P +.I flags +can be used to control aspects of the path lookup +and properties of the returned file descriptor. +A value for +.I flags +is constructed by bitwise ORing +zero or more of the following constants: +.RS +.TP +.B AT_EMPTY_PATH +If +.I path +is an empty string, operate on the file referred to by +.I dirfd +(which may have been obtained from +.BR open (2), +.BR fsmount(2), +or from another +.BR open_tree () +call). +In this case, +.I dirfd +may refer to any type of file, not just a directory. +If +.I dirfd +is +.BR \%AT_FDCWD , +.BR open_tree () +will operate on the current working directory +of the calling process. +This flag is Linux-specific; define +.B \%_GNU_SOURCE +to obtain its definition. +.TP +.B AT_NO_AUTOMOUNT +Do not automount any automount points encountered +while resolving +.IR path . +This allows you to create a handle to the automount point itself, +rather than the location it would mount. +This flag has no effect if the mount point has already been mounted over. +This flag is Linux-specific; define +.B \%_GNU_SOURCE +to obtain its definition. +.TP +.B AT_SYMLINK_NOFOLLOW +If +.I path +is a symbolic link, do not dereference it; instead, +create either a handle to the link itself +or a bind-mount of it. +The resultant file descriptor is indistinguishable from one produced by +.BR openat (2) +with +.BR \%O_PATH | O_NOFOLLLOW . +.TP +.B OPEN_TREE_CLOEXEC +Set the close-on-exec +.RB ( FD_CLOEXEC ) +flag on the new file descriptor. +See the description of the +.B O_CLOEXEC +flag in +.BR open (2) +for reasons why this may be useful. +.TP +.B OPEN_TREE_CLONE +Rather than creating an +.BR openat (2)-style +.B O_PATH +file descriptor, +create a bind-mount of +.I path +(akin to +.IR "mount --bind" ) +as a detached mount object. +In order to do this operation, +the calling process must have the +.BR \%CAP_SYS_ADMIN +capability. +.TP +.B AT_RECURSIVE +Create a recursive bind-mount of the path +(akin to +.IR "mount --rbind" ) +as a detached mount object. +This flag is only permitted in conjunction with +.BR \%OPEN_TREE_CLONE . +.SH RETURN VALUE +On success, a new file descriptor is returned. +On error, \-1 is returned, and +.I errno +is set to indicate the error. +.SH ERRORS +.TP +.B EACCES +Search permission is denied for one of the directories +in the path prefix of +.IR path . +(See also +.BR path_resolution (7).) +.TP +.B EBADF +.I path +is relative but +.I dirfd +is neither +.B \%AT_FDCWD +nor a valid file descriptor. +.TP +.B EFAULT +.I path +is NULL +or a pointer to a location +outside the calling process's accessible address space. +.TP +.B EINVAL +Invalid flag specified in +.IR flags . +.TP +.B ELOOP +Too many symbolic links encountered when resolving +.IR path . +.TP +.B EMFILE +The calling process has too many open files to create more. +.TP +.B ENAMETOOLONG +.I path +is longer than +.BR PATH_MAX . +.TP +.B ENFILE +The system has too many open files to create more. +.TP +.B ENOENT +A component of +.I path +does not exist, or is a dangling symbolic link. +.TP +.B ENOENT +.I path +is an empty string, but +.B AT_EMPTY_PATH +is not specified in +.IR flags . +.TP +.B ENOTDIR +A component of the path prefix of +.I path +is not a directory, or +.I path +is relative and +.I dirfd +is a file descriptor referring to a file other than a directory. +.TP +.B ENOSPC +The "anonymous" mount namespace +necessary to contain the +.B \%OPEN_TREE_CLONE +detached bind-mount mount object +could not be allocated, +as doing so would exceed +the configured per-user limit on +the number of mount namespaces in the current user namespace. +(See also +.BR namespaces (7).) +.TP +.B ENOMEM +The kernel could not allocate sufficient memory to complete the operation. +.TP +.B EPERM +.I flags +contains +.B \%OPEN_TREE_CLONE +but the calling process does not have the required +.B CAP_SYS_ADMIN +capability. +.SH STANDARDS +Linux. +.SH HISTORY +Linux 5.2. +.\" commit a07b20004793d8926f78d63eb5980559f7813404 +.\" commit 400913252d09f9cfb8cce33daee43167921fc343 +glibc 2.36. +.SH NOTES +.SS Anonymous mount namespaces +The bind-mount mount objects created by +.BR open_tree () +with +.B \%OPEN_TREE_CLONE +are not attached to the mount namespace of the calling process. +Instead, each mount object is attached to +a newly allocated "anonymous" mount namespace +associated with the calling process. +.P +One of the side-effects of this is that +(unlike bind-mounts created with +.BR mount (2)), +mount propagation +(as described in +.BR mount_namespaces (7)) +will not be applied to bind-mounts created by +.BR open_tree () +until the bind-mount is attached with +.BR move_mount (2), +at which point the mount +will be associated with the mount namespace +where it was mounted +and mount propagation will resume. +.SH EXAMPLES +The following examples show how +.BR open_tree () +can be used in place of more traditional +.BR mount (2) +calls with +.BR MS_BIND . +.P +.in +4n +.EX +int srcfd =3D open_tree(AT_FDCWD, "/var", OPEN_TREE_CLONE); +move_mount(srcfd, "", AT_FDCWD, "/mnt", MOVE_MOUNT_F_EMPTY_PATH); +.EE +.in +.P +First, +a detached bind-mount mount object of +.I /var +is created and attached to the file descriptor +.IR srcfd . +Then, the mount object is attached to +.I /mnt +using +.BR move_mount (2) +with +.B \%MOVE_MOUNT_F_EMPTY_PATH +to request that the detached mount object attached to the file descriptor +.I srcfd +be moved (and thus attached) to +.IR /mnt . +.P +The above procedure is functionally equivalent to +the following mount operation using +.BR mount (2): +.P +.in +4n +.EX +mount("/var", "/mnt", NULL, MS_BIND, NULL); +.EE +.in +.P +.B \%OPEN_TREE_CLONE +can be combined with +.B \%AT_RECURSIVE +to create recursive detached bind-mount mount objects, +which in turn can be attached to mount points +to create recursive bind-mounts. +.P +.in +4n +.EX +int srcfd =3D open_tree(AT_FDCWD, "/var", OPEN_TREE_CLONE | AT_RECURSIVE); +move_mount(srcfd, "", AT_FDCWD, "/mnt", MOVE_MOUNT_F_EMPTY_PATH); +.EE +.in +.P +The above procedure is functionally equivalent to +the following mount operation using +.BR mount (2): +.P +.in +4n +.EX +mount("/var", "/mnt", NULL, MS_BIND | MS_REC, NULL); +.EE +.in +.P +One of the primary benefits of using +.BR open_tree () +and +.BR move_mount (2) +over the traditional +.BR mount (2) +is that operating with +.IR dirfd -style +file descriptors is far easier and more intuitive. +.P +.in +4n +.EX +int srcfd =3D open_tree(100, "", AT_EMPTY_PATH | OPEN_TREE_CLONE); +move_mount(srcfd, "", 200, "foo", MOVE_MOUNT_F_EMPTY_PATH); +.EE +.in +.P +The above procedure is roughly equivalent to +the following mount operation using +.BR mount (2): +.P +.in +4n +.EX +mount("/proc/self/fd/100", "/proc/self/fd/200/foo", NULL, MS_BIND, NULL); +.EE +.in +.P +In addition, you can use the file descriptor returned by +.BR open_tree () +as the +.I dirfd +argument to any "*at()" system calls: +.P +.in +4n +.EX +int dirfd, fd; +\& +dirfd =3D open_tree(AT_FDCWD, "/etc", OPEN_TREE_CLONE); +fd =3D openat(dirfd, "passwd", O_RDONLY); +fchmodat(dirfd, "shadow", 0000, 0); +close(dirfd); +close(fd); +/* The bind-mount is now destroyed. */ +.EE +.in +.SH SEE ALSO +.BR fsconfig (2), +.BR fsmount (2), +.BR fsopen (2), +.BR fspick (2), +.BR mount (2), +.BR mount_setattr (2), +.BR move_mount (2), +.BR mount_namespaces (7) --=20 2.50.1 From nobody Mon Dec 15 01:34:25 2025 Received: from mout-p-201.mailbox.org (mout-p-201.mailbox.org [80.241.56.171]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id F1150289E01; Fri, 8 Aug 2025 20:41:09 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=80.241.56.171 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1754685671; cv=none; b=TPg/oO4p0XtB/qR8lUvqBJ2o6bmfmMUDSDY94NSPS/AOKrAzE2GhDJCnLKh0j3zYxY6zQ43lZo6jyw/0MuSBItTZ2xViAFc6q64KnQ8J081L262JswQhGKc96YVe41AWTc3y3b2O8pDwsoEsDVkc/RB47H0YkGAX8b2cTn4zYes= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1754685671; c=relaxed/simple; bh=k4I6IhzIuLAKznoxjZO8roLMK+pWpHy5eTqdzRZCCxg=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=lwqJvSd4hTsq+zuacAy+l168Jjjk40pamXBbdxKE+eQmnekdQwDDMMAvzYWIpOufycMy13FH20pBPCaj6R8RyukRwJLvdbPUEt8ywk5aLPX5nrHIhRY9sjk7nPZ9Hti1h2TXVRQxTybDeCb3xzkZJYaxhiA2Kr15J8cTRwLYCRY= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=cyphar.com; spf=pass smtp.mailfrom=cyphar.com; dkim=pass (2048-bit key) header.d=cyphar.com header.i=@cyphar.com header.b=s6YutWte; arc=none smtp.client-ip=80.241.56.171 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=cyphar.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=cyphar.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=cyphar.com header.i=@cyphar.com header.b="s6YutWte" Received: from smtp1.mailbox.org (smtp1.mailbox.org [10.196.197.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mout-p-201.mailbox.org (Postfix) with ESMTPS id 4bzGC62rkPz9srN; Fri, 8 Aug 2025 22:41:06 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cyphar.com; s=MBO0001; t=1754685666; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=8fAn2b5Wd7l80nCN6IMuQRQe4awmsDAnQOQK6EkhBSw=; b=s6YutWtelvDML72HGJxcXKAmsyaRjdZ4VsBfc/PD4V03+FKtXgk3VoXeoob+cXBahbkt3y TKZWFhuY3RQSAKhGhJKyoLM48rqnTF+evlARKjyU2rBzKrL5AEqB0U9+cODCsd6u/WYMvU wpDQ7tj8+BInBEPTlx03EzxJ+tVi7WcGzgrDIIZn/XYHdMAStfMICX7ewu3/J+W0p4HqUu xPGRVfuAgXqbYDC8acyUBX8+Xa82jFgWrCAucrG/iNKIeoHmboo1fgWmu+kRubQh9PwXFG EZk2EMw13ekbYyvijDLJK3ShRXbV7uGvc003n8+YAi61BaL84LbD3swmzACL8g== From: Aleksa Sarai Date: Sat, 09 Aug 2025 06:39:54 +1000 Subject: [PATCH v3 10/12] man/man2/mount_setattr.2: mirror opening sentence from fsopen(2) Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20250809-new-mount-api-v3-10-f61405c80f34@cyphar.com> References: <20250809-new-mount-api-v3-0-f61405c80f34@cyphar.com> In-Reply-To: <20250809-new-mount-api-v3-0-f61405c80f34@cyphar.com> To: Alejandro Colomar Cc: "Michael T. Kerrisk" , Alexander Viro , Jan Kara , Askar Safin , "G. Branden Robinson" , linux-man@vger.kernel.org, linux-api@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, David Howells , Christian Brauner , Aleksa Sarai X-Developer-Signature: v=1; a=openpgp-sha256; l=1026; i=cyphar@cyphar.com; h=from:subject:message-id; bh=k4I6IhzIuLAKznoxjZO8roLMK+pWpHy5eTqdzRZCCxg=; b=owGbwMvMwCWmMf3Xpe0vXfIZT6slMWRMS5iRlnqIq3urGbfO/9orsqf7fZ7cmVggzimr32Wly SAcUzGlo5SFQYyLQVZMkWWbn2fopvmLryR/WskGM4eVCWQIAxenAEwk4RbDH76pa/4uSVwZdenc lgn9nXpZR5SlM/OcH3z5nGX7S3fzuakM/2w5irbN9MhuE5hxjEP+XLfY2SMTrV88v+K5SpX3tsY KCV4A X-Developer-Key: i=cyphar@cyphar.com; a=openpgp; fpr=C9C370B246B09F6DBCFC744C34401015D1D2D386 All of the other new mount API docs have this lead-in sentence in order to make this set of APIs feel a little bit more cohesive. Despite being a bit of a latecomer, mount_setattr(2) is definitely part of this family of APIs and so deserves the same treatment. Signed-off-by: Aleksa Sarai --- man/man2/mount_setattr.2 | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/man/man2/mount_setattr.2 b/man/man2/mount_setattr.2 index 46fcba927dd8c0959c898b9ba790ae298f514398..d98e7d70870c082144dfa47e31d= df091c8545e4f 100644 --- a/man/man2/mount_setattr.2 +++ b/man/man2/mount_setattr.2 @@ -19,7 +19,11 @@ .SH SYNOPSIS .SH DESCRIPTION The .BR mount_setattr () -system call changes the mount properties of a mount or an entire mount tre= e. +system call is part of +the suite of file descriptor based mount facilities in Linux. +.P +.BR mount_setattr () +changes the mount properties of a mount or an entire mount tree. If .I path is relative, --=20 2.50.1 From nobody Mon Dec 15 01:34:25 2025 Received: from mout-p-103.mailbox.org (mout-p-103.mailbox.org [80.241.56.161]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 1BE992652B2; Fri, 8 Aug 2025 20:41:15 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=80.241.56.161 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1754685678; cv=none; b=l5F9tdOlN0ZKEJ2RlnnKMuVjDJ7wGS4pYzBw+ePdQ87i4F3F1NeV9ZxZd6nmcxeDxG8H/BkYD9c8Fgfoq504gl8jSryBo4ftYsjMROmtH/NGvvtlp44NP1Lcj9e+OIsndW5NLS/P8dm2fbmW4u2KPMN47WUBPFIxHcmDn4CovzY= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1754685678; c=relaxed/simple; bh=NP75VawEkzAgS/qXsHKXpVi1UK/CmFLR4v+haPnvJCc=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=t3qEhbuYBHpIf26Kh+gwwZEOf8y8LbJKGvFt7lUtN2g9hqulUZYTRP0p6Dt1ppXuNrJXtUUN2M2qSk6/hlZ/reiP+AE0iB2HZNZSYNjeDv96gVJE/77OQXnoCjxbr9FGJcqaQMbRADN5NvWrHUye/L71XONmapg/ka75nNUhyvY= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=cyphar.com; spf=pass smtp.mailfrom=cyphar.com; dkim=pass (2048-bit key) header.d=cyphar.com header.i=@cyphar.com header.b=AUKfhm1e; arc=none smtp.client-ip=80.241.56.161 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=cyphar.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=cyphar.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=cyphar.com header.i=@cyphar.com header.b="AUKfhm1e" Received: from smtp1.mailbox.org (smtp1.mailbox.org [IPv6:2001:67c:2050:b231:465::1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mout-p-103.mailbox.org (Postfix) with ESMTPS id 4bzGCD5ZqPz9scY; Fri, 8 Aug 2025 22:41:12 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cyphar.com; s=MBO0001; t=1754685672; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=A9z+81sauD1HLEDehH9FDzS5KmuUleH5DfgttFdp/xc=; b=AUKfhm1erdqe3EibSeKROo+zsHe7f6le1kP1vimcmhw/vHTZBXc8ogPv36RlqlKnTwelVb cwdhX9PsmHf9Y2IuRa0CSKpc6cnjg1JcRNMJIXRAuDiZLvX/XG18ZRmNXVmBrDCBL2/2UH JhT1RPMGqLXilJDjUAWO5ZUF6kHT2oSCMmzHyFV3bVIOlvtLP9If8GoYUprTKUu6gf8znQ fkTQJRpbM3u0hgRMo9cZxF8CS9AkANpOelrBfo0+ySl3wcHs/uZJpL94Yj3Twy2gshs6eu TIZnr/busIothw8OiIeGJHLVAiyxgbZfOaU9+F3/XkXMiRn4JAC1A7wr4o4gtA== Authentication-Results: outgoing_mbo_mout; dkim=none; spf=pass (outgoing_mbo_mout: domain of cyphar@cyphar.com designates 2001:67c:2050:b231:465::1 as permitted sender) smtp.mailfrom=cyphar@cyphar.com From: Aleksa Sarai Date: Sat, 09 Aug 2025 06:39:55 +1000 Subject: [PATCH v3 11/12] man/man2/open_tree{,_attr}.2: document new open_tree_attr() API Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20250809-new-mount-api-v3-11-f61405c80f34@cyphar.com> References: <20250809-new-mount-api-v3-0-f61405c80f34@cyphar.com> In-Reply-To: <20250809-new-mount-api-v3-0-f61405c80f34@cyphar.com> To: Alejandro Colomar Cc: "Michael T. Kerrisk" , Alexander Viro , Jan Kara , Askar Safin , "G. Branden Robinson" , linux-man@vger.kernel.org, linux-api@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, David Howells , Christian Brauner , Aleksa Sarai X-Developer-Signature: v=1; a=openpgp-sha256; l=4769; i=cyphar@cyphar.com; h=from:subject:message-id; bh=NP75VawEkzAgS/qXsHKXpVi1UK/CmFLR4v+haPnvJCc=; b=owGbwMvMwCWmMf3Xpe0vXfIZT6slMWRMS5gRqx0g4BNf8Xf7bam2D6X9P83YCt2v8+yqfxKiY iD4+lRuRykLgxgXg6yYIss2P8/QTfMXX0n+tJINZg4rE8gQBi5OAZgIWzHDb3Zr7vNtcRmaE29u XXRhmcaEBlkZ6wftxyaKxiZfVeHKuMfIcDEys/DCmcPTS+7wSM/O2tX4Oe3p6w17+qRTZJ2yll4 vYgEA X-Developer-Key: i=cyphar@cyphar.com; a=openpgp; fpr=C9C370B246B09F6DBCFC744C34401015D1D2D386 X-Rspamd-Queue-Id: 4bzGCD5ZqPz9scY This is a new API added in Linux 6.15, and is effectively just a minor expansion of open_tree(2) in order to allow for MOUNT_ATTR_IDMAP to be changed for an existing ID-mapped mount. glibc does not yet have a wrapper for this. Cc: Christian Brauner Signed-off-by: Aleksa Sarai --- man/man2/open_tree.2 | 122 ++++++++++++++++++++++++++++++++++++++++++= ++++ man/man2/open_tree_attr.2 | 1 + 2 files changed, 123 insertions(+) diff --git a/man/man2/open_tree.2 b/man/man2/open_tree.2 index 07aac7616107d16d05cc71ba7db6aee35f3a9cc6..f671c401b1f1e2926f7948d6fe5= 041b7848125ac 100644 --- a/man/man2/open_tree.2 +++ b/man/man2/open_tree.2 @@ -14,7 +14,19 @@ .SH SYNOPSIS .B #include .P .BI "int open_tree(int " dirfd ", const char *" path ", unsigned int " fla= gs ");" +.P +.BR "#include " " /* Definition of " SYS_* " constants *= /" +.P +.BI "int syscall(SYS_open_tree_attr, int " dirfd ", const char *" path "," +.BI " unsigned int " flags ", struct mount_attr *" attr ", \ +size_t " size ");" .fi +.P +.IR Note : +glibc provides no wrapper for +.BR open_tree_attr (), +necessitating the use of +.BR syscall (2). .SH DESCRIPTION The .BR open_tree () @@ -228,6 +240,111 @@ .SH DESCRIPTION as a detached mount object. This flag is only permitted in conjunction with .BR \%OPEN_TREE_CLONE . +.SS open_tree_attr() +The +.BR open_tree_attr () +system call operates in exactly the same way as +.BR open_tree (), +except for the differences described here. +.P +After performing the same operation as with +.BR open_tree (), +(before returning the resulting file descriptor) +.BR open_tree_attr () +will apply the mount attribute changes described in +.I attr +to the returned file descriptor. +(See +.BR mount_attr (2type) +for a description of the +.I mount_attr +structure. +As described in +.BR mount_setattr (2), +.I size +must be set to +.I sizeof(struct mount_attr) +in order to support future extensions.) +.P +The application of +.I attr +to the resultant file descriptor +has identical semantics to +.BR mount_setattr (2), +except for the following extensions and general caveats: +.IP \[bu] 3 +Unlike +.BR mount_setattr (2) +called with a regular +.B OPEN_TREE_CLONE +detached mount object from +.BR open_tree (), +.BR open_tree_attr () +can specify a different setting for +.B \%MOUNT_ATTR_IDMAP +to the original mount object cloned with +.BR OPEN_TREE_CLONE . +.IP +Adding +.B \%MOUNT_ATTR_IDMAP +to +.I attr.attr_clr +will disable ID-mapping for the new mount object; +adding +.B \%MOUNT_ATTR_IDMAP +to +.I attr.attr_set +will configure the mount object to have the ID-mapping defined by +the user namespace referenced by the file descriptor +.IR attr.userns_fd . +(The semantics of which are identical to when +.BR mount_setattr (2) +is used to configure +.BR \%MOUNT_ATTR_IDMAP .) +.IP +Changing or removing the mapping +of an ID-mapped mount is only permitted +if a new detached mount object is being created with +.I flags +including +.BR \%OPEN_TREE_CLONE . +.IP \[bu] +If +.I flags +contains +.BR \%AT_RECURSIVE , +then the attributes described in +.I attr +are applied recursively +(just as when +.BR mount_setattr (2) +is called with +.BR \%AT_RECURSIVE ). +However, this applies in addition to the +.BR open_tree ()-specific +behaviour regarding +.BR \%AT_RECURSIVE , +and thus +.I flags +must also contain +.BR \% OPEN_TREE_CLONE . +.P +Note that if +.I flags +does not contain +.BR \% OPEN_TREE_CLONE , +.BR open_tree_attr () +will attempt to modify the mount attributes of +the mount object attached at +the path described by +.I dirfd +and +.IR path . +As with +.BR mount_setattr (2), +if said path is not a mount point, +.BR open_tree_attr () +will return an error. .SH RETURN VALUE On success, a new file descriptor is returned. On error, \-1 is returned, and @@ -321,10 +438,15 @@ .SH ERRORS .SH STANDARDS Linux. .SH HISTORY +.SS open_tree() Linux 5.2. .\" commit a07b20004793d8926f78d63eb5980559f7813404 .\" commit 400913252d09f9cfb8cce33daee43167921fc343 glibc 2.36. +.SS open_tree_attr() +Linux 6.15. +.\" commit c4a16820d90199409c9bf01c4f794e1e9e8d8fd8 +.\" commit 7a54947e727b6df840780a66c970395ed9734ebe .SH NOTES .SS Anonymous mount namespaces The bind-mount mount objects created by diff --git a/man/man2/open_tree_attr.2 b/man/man2/open_tree_attr.2 new file mode 100644 index 0000000000000000000000000000000000000000..e57269bbd269bcce0b0a9744256= 44ba75e379f2f --- /dev/null +++ b/man/man2/open_tree_attr.2 @@ -0,0 +1 @@ +.so man2/open_tree.2 --=20 2.50.1 From nobody Mon Dec 15 01:34:25 2025 Received: from mout-p-202.mailbox.org (mout-p-202.mailbox.org [80.241.56.172]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A9826289E3C; Fri, 8 Aug 2025 20:41:22 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=80.241.56.172 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1754685685; cv=none; b=o8Y6sNlQhDakdCu/L96E+wab7RgmVyOx/IRNkNebZSO1K98SOMBGpG2xzzX8iSutFlUccs2Q9aasFbPduXUr1OThIPQLOWIkQN1XAgyHdxw9d9Wt/AaP0bjr4L6hFcvNm3VxiJcWQzUsDVmNEH/1RxFoSPBDyucoxMt4R9jrbdM= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1754685685; c=relaxed/simple; bh=kYsKPddX805RzOw4SP5aC06jULGnc9Yib7S66nFHI4k=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=Qj5GID6pGIikJLOVg62Urub12QEW1M9JKu6k55MTOnhPZ/Ic7riZDN61A+VsezsaS/fzpQr0Slisp/3XYC6KMGqX99a/m6DW0vyyVTzSZ8vW/xl0AaXw/1e4xJLgWk1dkSBjL5VaUoU+ftsyqyKOQ//OezD/NSVEDJk29ZmRuZw= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=cyphar.com; spf=pass smtp.mailfrom=cyphar.com; dkim=pass (2048-bit key) header.d=cyphar.com header.i=@cyphar.com header.b=nfmdhOZO; arc=none smtp.client-ip=80.241.56.172 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=cyphar.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=cyphar.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=cyphar.com header.i=@cyphar.com header.b="nfmdhOZO" Received: from smtp1.mailbox.org (smtp1.mailbox.org [10.196.197.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mout-p-202.mailbox.org (Postfix) with ESMTPS id 4bzGCM1f4lz9sc4; Fri, 8 Aug 2025 22:41:19 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cyphar.com; s=MBO0001; t=1754685679; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=bGPumx2Rqm3p1S+Eay5H6awP7U7X//hs66pgfwkfArc=; b=nfmdhOZONZIqDdp2LMPb/i11Lmd7BC5zLRjXgy7cdKTk+PfUT+nNdMnwA0DYGSsoUtg4Ng EJWmJp7VLE4GetNpIwiS68Xf5E3x8BQAS5/UjpCGsMws+quTJe2nBuIimRRhjqk0fLynYA /Uir3/CIU207a2mMOKpVgNZYAoQoEgf6iS6VrEAfajgaD5iGZjVmmXTSvrbjvxpv/bZtrN UpLRU/6LWMhxpMAObWDBxUS2ottC22sh5k7BCLpV9zeHQeiNdysLjBcZBPFNbj1iE8eD29 YEvna1o6ttRk47daFZpxxj7NuWc6lUahSsg7oi1feEodBxAyh+eCDWF8+qhbZA== From: Aleksa Sarai Date: Sat, 09 Aug 2025 06:39:56 +1000 Subject: [PATCH v3 12/12] man/man2/{fsconfig,mount_setattr}.2: add note about attribute-parameter distinction Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20250809-new-mount-api-v3-12-f61405c80f34@cyphar.com> References: <20250809-new-mount-api-v3-0-f61405c80f34@cyphar.com> In-Reply-To: <20250809-new-mount-api-v3-0-f61405c80f34@cyphar.com> To: Alejandro Colomar Cc: "Michael T. Kerrisk" , Alexander Viro , Jan Kara , Askar Safin , "G. Branden Robinson" , linux-man@vger.kernel.org, linux-api@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, David Howells , Christian Brauner , Aleksa Sarai X-Developer-Signature: v=1; a=openpgp-sha256; l=2776; i=cyphar@cyphar.com; h=from:subject:message-id; bh=kYsKPddX805RzOw4SP5aC06jULGnc9Yib7S66nFHI4k=; b=owGbwMvMwCWmMf3Xpe0vXfIZT6slMWRMS5hxnHdanKCNzTLp9dW6i3QShXrV9rXotXxZE9wZ9 /jD9RT5jlIWBjEuBlkxRZZtfp6hm+YvvpL8aSUbzBxWJpAhDFycAjCRcgFGhj3v50lNnc4+SW65 qMPpBaE+K/NOt2X0nXrUaGKwrc3D/BzDf5+ICYGL2Tm+eE6+mL+7/ry5x8frldXMfLs2Nwfefiq nxwMA X-Developer-Key: i=cyphar@cyphar.com; a=openpgp; fpr=C9C370B246B09F6DBCFC744C34401015D1D2D386 This was not particularly well documented in mount(8) nor mount(2), and since this is a fairly notable aspect of the new mount API, we should probably add some words about it. Signed-off-by: Aleksa Sarai --- man/man2/fsconfig.2 | 11 +++++++++++ man/man2/mount_setattr.2 | 37 +++++++++++++++++++++++++++++++++++++ 2 files changed, 48 insertions(+) diff --git a/man/man2/fsconfig.2 b/man/man2/fsconfig.2 index 97c9aff0e0c195e6028e1c7bd70e40905ba9f994..a7642e1633541bf8f5cd537db22= 987a4ec70da06 100644 --- a/man/man2/fsconfig.2 +++ b/man/man2/fsconfig.2 @@ -522,6 +522,17 @@ .SS Generic filesystem parameters Linux Security Modules (LSMs) are also generic with respect to the underlying filesystem. See the documentation for the LSM you wish to configure for more details. +.SS Mount attributes and filesystem parameters +Some filesystem parameters +(traditionally associated with +.BR mount (8)-style +options) +are also mount attributes. +.P +For a description of the distinction between +mount attributes and filesystem parameters, +see the "Mount attributes and filesystem parameters" subsection of +.BR mount_setattr (2). .SH CAVEATS .SS Filesystem parameter types As a result of diff --git a/man/man2/mount_setattr.2 b/man/man2/mount_setattr.2 index d98e7d70870c082144dfa47e31ddf091c8545e4f..2927b012eed1569e0d78a2fb918= 15f364fca124d 100644 --- a/man/man2/mount_setattr.2 +++ b/man/man2/mount_setattr.2 @@ -790,6 +790,43 @@ .SS ID-mapped mounts .BR chown (2) system call changes the ownership globally and permanently. .\" +.SS Mount attributes and filesystem parameters +Some mount attributes +(traditionally associated with +.BR mount (8)-style +options) +are also filesystem parameters. +For example, the +.I -o ro +option to +.BR mount (8) +can refer to the +"read-only" filesystem parameter, +or the "read-only" mount attribute. +.P +The distinction between these two kinds of option is that +mount object attributes are applied per-mount-object +(allowing different mount objects +derived from a given filesystem instance +to have different attributes), +while filesystem instance parameters +("superblock flags" in kernel-developer parlance) +apply to all mount objects +derived from the same filesystem instance. +.P +When using +.BR mount (2), +the line between these two types of mount options was blurred. +However, with +.BR mount_setattr () +and +.BR fsconfig (2), +the distinction is made much clearer. +Mount attributes are configured with +.BR mount_setattr (), +while filesystem parameters can be configured using +.BR fsconfig (2). +.\" .SS Extensibility In order to allow for future extensibility, .BR mount_setattr () --=20 2.50.1