18 Consider the following situation:
20 A process wants to clone its own namespace, but still wants to access the CD
21 that got mounted recently. Shared subtree semantics provide the necessary
22 mechanism to accomplish the above.
24 It provides the necessary building blocks for features like per-user-namespace
25 and versioned filesystem.
30 Shared subtree provides four different flavors of mounts; struct vfsmount to be
39 2a) A shared mount can be replicated to as many mountpoints and all the
40 replicas continue to be exactly same.
44 Let's say /mnt has a mount that is shared.
45 mount --make-shared /mnt
47 Note: mount(8) command now supports the --make-shared flag,
48 so the sample 'smount' program is no longer needed and has been
51 # mount --bind /mnt /tmp
52 The above command replicates the mount at /mnt to the mountpoint /tmp
53 and the contents of both the mounts remain identical.
61 Now let's say we mount a device at /tmp/a
62 # mount /dev/sd0 /tmp/a
70 Note that the mount has propagated to the mount at /mnt as well.
72 And the same is true even when /dev/sd0 is mounted on /mnt/a. The
73 contents will be visible under /tmp/a too.
76 2b) A slave mount is like a shared mount except that mount and umount events
77 only propagate towards it.
79 All slave mounts have a master mount which is a shared.
83 Let's say /mnt has a mount which is shared.
84 # mount --make-shared /mnt
86 Let's bind mount /mnt to /tmp
87 # mount --bind /mnt /tmp
89 the new mount at /tmp becomes a shared mount and it is a replica of
92 Now let's make the mount at /tmp; a slave of /mnt
93 # mount --make-slave /tmp
95 let's mount /dev/sd0 on /mnt/a
96 # mount /dev/sd0 /mnt/a
104 Note the mount event has propagated to the mount at /tmp
106 However let's see what happens if we mount something on the mount at /tmp
108 # mount /dev/sd1 /tmp/b
115 Note how the mount event has not propagated to the mount at
119 2c) A private mount does not forward or receive propagation.
121 This is the mount we are familiar with. Its the default type.
124 2d) A unbindable mount is a unbindable private mount
126 let's say we have a mount at /mnt and we make is unbindable
128 # mount --make-unbindable /mnt
130 Let's try to bind mount this mount somewhere else.
131 # mount --bind /mnt /tmp
132 mount: wrong fs type, bad option, bad superblock on /mnt,
133 or too many mounted file systems
135 Binding a unbindable mount is a invalid operation.
140 Modern mount(8) command is aware of shared subtree features,
141 so use it instead of the 'smount' command. [source code removed]
147 A) A process wants to clone its own namespace, but still wants to
148 access the CD that got mounted recently.
152 The system administrator can make the mount at /cdrom shared
153 mount --bind /cdrom /cdrom
154 mount --make-shared /cdrom
156 Now any process that clones off a new namespace will have a
157 mount at /cdrom which is a replica of the same mount in the
160 So when a CD is inserted and mounted at /cdrom that mount gets
161 propagated to the other mount at /cdrom in all the other clone
164 B) A process wants its mounts invisible to any other process, but
165 still be able to see the other system mounts.
169 To begin with, the administrator can mark the entire mount tree
172 mount --make-rshared /
174 A new process can clone off a new namespace. And mark some part
175 of its namespace as slave
177 mount --make-rslave /myprivatetree
179 Hence forth any mounts within the /myprivatetree done by the
180 process will not show up in any other namespace. However mounts
181 done in the parent namespace under /myprivatetree still shows
182 up in the process's namespace.
185 Apart from the above semantics this feature provides the
186 building blocks to solve the following problems:
188 C) Per-user namespace
190 The above semantics allows a way to share mounts across
191 namespaces. But namespaces are associated with processes. If
192 namespaces are made first class objects with user API to
193 associate/disassociate a namespace with userid, then each user
194 could have his/her own namespace and tailor it to his/her
195 requirements. Offcourse its needs support from PAM.
199 If the entire mount tree is visible at multiple locations, then
200 a underlying versioning file system can return different
201 version of the file depending on the path used to access that
206 mount --make-shared /
207 mount --rbind / /view/v1
208 mount --rbind / /view/v2
209 mount --rbind / /view/v3
210 mount --rbind / /view/v4
212 and if /usr has a versioning filesystem mounted, than that
213 mount appears at /view/v1/usr, /view/v2/usr, /view/v3/usr and
216 A user can request v3 version of the file /usr/fs/namespace.c
217 by accessing /view/v3/usr/fs/namespace.c . The underlying
218 versioning filesystem can then decipher that v3 version of the
219 filesystem is being requested and return the corresponding
222 5) Detailed semantics:
224 The section below explains the detailed semantics of
225 bind, rbind, move, mount, umount and clone-namespace operations.
227 Note: the word 'vfsmount' and the noun 'mount' have been used
228 to mean the same thing, throughout this document.
232 A given mount can be in one of the following states
239 A 'propagation event' is defined as event generated on a vfsmount
240 that leads to mount or unmount actions in other vfsmounts.
242 A 'peer group' is defined as a group of vfsmounts that propagate
243 events to each other.
247 A 'shared mount' is defined as a vfsmount that belongs to a
251 mount --make-shared /mnt
252 mount --bin /mnt /tmp
254 The mount at /mnt and that at /tmp are both shared and belong
255 to the same peer group. Anything mounted or unmounted under
256 /mnt or /tmp reflect in all the other mounts of its peer
262 A 'slave mount' is defined as a vfsmount that receives
263 propagation events and does not forward propagation events.
265 A slave mount as the name implies has a master mount from which
266 mount/unmount events are received. Events do not propagate from
267 the slave mount to the master. Only a shared mount can be made
268 a slave by executing the following command
270 mount --make-slave mount
272 A shared mount that is made as a slave is no more shared unless
273 modified to become shared.
277 A vfsmount can be both shared as well as slave. This state
278 indicates that the mount is a slave of some vfsmount, and
279 has its own peer group too. This vfsmount receives propagation
280 events from its master vfsmount, and also forwards propagation
281 events to its 'peer group' and to its slave vfsmounts.
283 Strictly speaking, the vfsmount is shared having its own
284 peer group, and this peer-group is a slave of some other
287 Only a slave vfsmount can be made as 'shared and slave' by
288 either executing the following command
289 mount --make-shared mount
290 or by moving the slave vfsmount under a shared vfsmount.
294 A 'private mount' is defined as vfsmount that does not
295 receive or forward any propagation events.
299 A 'unbindable mount' is defined as vfsmount that does not
300 receive or forward any propagation events and cannot
305 The state diagram below explains the state transition of a mount,
306 in response to various commands.
307 ------------------------------------------------------------------------
308 | |make-shared | make-slave | make-private |make-unbindab|
309 --------------|------------|--------------|--------------|-------------|
310 |shared |shared |*slave/private| private | unbindable |
312 |-------------|------------|--------------|--------------|-------------|
313 |slave |shared | **slave | private | unbindable |
315 |-------------|------------|--------------|--------------|-------------|
316 |shared |shared | slave | private | unbindable |
317 |and slave |and slave | | | |
318 |-------------|------------|--------------|--------------|-------------|
319 |private |shared | **private | private | unbindable |
320 |-------------|------------|--------------|--------------|-------------|
321 |unbindable |shared |**unbindable | private | unbindable |
322 ------------------------------------------------------------------------
324 * if the shared mount is the only mount in its peer group, making it
325 slave, makes it private automatically. Note that there is no master to
326 which it can be slaved to.
328 ** slaving a non-shared mount has no effect on the mount.
330 Apart from the commands listed below, the 'move' operation also changes
331 the state of a mount depending on type of the destination mount. Its
332 explained in section 5d.
336 Consider the following command
340 where 'A' is the source mount, 'a' is the dentry in the mount 'A', 'B'
341 is the destination mount and 'b' is the dentry in the destination mount.
343 The outcome depends on the type of mount of 'A' and 'B'. The table
344 below contains quick reference.
345 ---------------------------------------------------------------------------
346 | BIND MOUNT OPERATION |
347 |**************************************************************************
348 |source(A)->| shared | private | slave | unbindable |
352 |**************************************************************************
353 | shared | shared | shared | shared & slave | invalid |
355 |non-shared| shared | private | slave | invalid |
356 ***************************************************************************
360 1. 'A' is a shared mount and 'B' is a shared mount. A new mount 'C'
361 which is clone of 'A', is created. Its root dentry is 'a' . 'C' is
362 mounted on mount 'B' at dentry 'b'. Also new mount 'C1', 'C2', 'C3' ...
363 are created and mounted at the dentry 'b' on all mounts where 'B'
364 propagates to. A new propagation tree containing 'C1',..,'Cn' is
365 created. This propagation tree is identical to the propagation tree of
366 'B'. And finally the peer-group of 'C' is merged with the peer group
369 2. 'A' is a private mount and 'B' is a shared mount. A new mount 'C'
370 which is clone of 'A', is created. Its root dentry is 'a'. 'C' is
371 mounted on mount 'B' at dentry 'b'. Also new mount 'C1', 'C2', 'C3' ...
372 are created and mounted at the dentry 'b' on all mounts where 'B'
373 propagates to. A new propagation tree is set containing all new mounts
374 'C', 'C1', .., 'Cn' with exactly the same configuration as the
375 propagation tree for 'B'.
377 3. 'A' is a slave mount of mount 'Z' and 'B' is a shared mount. A new
378 mount 'C' which is clone of 'A', is created. Its root dentry is 'a' .
379 'C' is mounted on mount 'B' at dentry 'b'. Also new mounts 'C1', 'C2',
380 'C3' ... are created and mounted at the dentry 'b' on all mounts where
381 'B' propagates to. A new propagation tree containing the new mounts
382 'C','C1',.. 'Cn' is created. This propagation tree is identical to the
383 propagation tree for 'B'. And finally the mount 'C' and its peer group
384 is made the slave of mount 'Z'. In other words, mount 'C' is in the
385 state 'slave and shared'.
387 4. 'A' is a unbindable mount and 'B' is a shared mount. This is a
390 5. 'A' is a private mount and 'B' is a non-shared(private or slave or
391 unbindable) mount. A new mount 'C' which is clone of 'A', is created.
392 Its root dentry is 'a'. 'C' is mounted on mount 'B' at dentry 'b'.
394 6. 'A' is a shared mount and 'B' is a non-shared mount. A new mount 'C'
395 which is a clone of 'A' is created. Its root dentry is 'a'. 'C' is
396 mounted on mount 'B' at dentry 'b'. 'C' is made a member of the
399 7. 'A' is a slave mount of mount 'Z' and 'B' is a non-shared mount. A
400 new mount 'C' which is a clone of 'A' is created. Its root dentry is
401 'a'. 'C' is mounted on mount 'B' at dentry 'b'. Also 'C' is set as a
402 slave mount of 'Z'. In other words 'A' and 'C' are both slave mounts of
403 'Z'. All mount/unmount events on 'Z' propagates to 'A' and 'C'. But
404 mount/unmount on 'A' do not propagate anywhere else. Similarly
405 mount/unmount on 'C' do not propagate anywhere else.
407 8. 'A' is a unbindable mount and 'B' is a non-shared mount. This is a
408 invalid operation. A unbindable mount cannot be bind mounted.
412 rbind is same as bind. Bind replicates the specified mount. Rbind
413 replicates all the mounts in the tree belonging to the specified mount.
414 Rbind mount is bind mount applied to all the mounts in the tree.
416 If the source tree that is rbind has some unbindable mounts,
417 then the subtree under the unbindable mount is pruned in the new
420 eg: let's say we have the following mount tree.
428 Let's say all the mount except the mount C in the tree are
429 of a type other than unbindable.
431 If this tree is rbound to say Z
433 We will have the following tree at the new location.
439 B' Note how the tree under C is pruned
440 / \ in the new location.
447 Consider the following command
451 where 'A' is the source mount, 'B' is the destination mount and 'b' is
452 the dentry in the destination mount.
454 The outcome depends on the type of the mount of 'A' and 'B'. The table
455 below is a quick reference.
456 ---------------------------------------------------------------------------
457 | MOVE MOUNT OPERATION |
458 |**************************************************************************
459 | source(A)->| shared | private | slave | unbindable |
463 |**************************************************************************
464 | shared | shared | shared |shared and slave| invalid |
466 |non-shared| shared | private | slave | unbindable |
467 ***************************************************************************
468 NOTE: moving a mount residing under a shared mount is invalid.
472 1. 'A' is a shared mount and 'B' is a shared mount. The mount 'A' is
473 mounted on mount 'B' at dentry 'b'. Also new mounts 'A1', 'A2'...'An'
474 are created and mounted at dentry 'b' on all mounts that receive
475 propagation from mount 'B'. A new propagation tree is created in the
476 exact same configuration as that of 'B'. This new propagation tree
477 contains all the new mounts 'A1', 'A2'... 'An'. And this new
478 propagation tree is appended to the already existing propagation tree
481 2. 'A' is a private mount and 'B' is a shared mount. The mount 'A' is
482 mounted on mount 'B' at dentry 'b'. Also new mount 'A1', 'A2'... 'An'
483 are created and mounted at dentry 'b' on all mounts that receive
484 propagation from mount 'B'. The mount 'A' becomes a shared mount and a
485 propagation tree is created which is identical to that of
486 'B'. This new propagation tree contains all the new mounts 'A1',
489 3. 'A' is a slave mount of mount 'Z' and 'B' is a shared mount. The
490 mount 'A' is mounted on mount 'B' at dentry 'b'. Also new mounts 'A1',
491 'A2'... 'An' are created and mounted at dentry 'b' on all mounts that
492 receive propagation from mount 'B'. A new propagation tree is created
493 in the exact same configuration as that of 'B'. This new propagation
494 tree contains all the new mounts 'A1', 'A2'... 'An'. And this new
495 propagation tree is appended to the already existing propagation tree of
496 'A'. Mount 'A' continues to be the slave mount of 'Z' but it also
499 4. 'A' is a unbindable mount and 'B' is a shared mount. The operation
500 is invalid. Because mounting anything on the shared mount 'B' can
501 create new mounts that get mounted on the mounts that receive
502 propagation from 'B'. And since the mount 'A' is unbindable, cloning
503 it to mount at other mountpoints is not possible.
505 5. 'A' is a private mount and 'B' is a non-shared(private or slave or
506 unbindable) mount. The mount 'A' is mounted on mount 'B' at dentry 'b'.
508 6. 'A' is a shared mount and 'B' is a non-shared mount. The mount 'A'
509 is mounted on mount 'B' at dentry 'b'. Mount 'A' continues to be a
512 7. 'A' is a slave mount of mount 'Z' and 'B' is a non-shared mount.
513 The mount 'A' is mounted on mount 'B' at dentry 'b'. Mount 'A'
514 continues to be a slave mount of mount 'Z'.
516 8. 'A' is a unbindable mount and 'B' is a non-shared mount. The mount
517 'A' is mounted on mount 'B' at dentry 'b'. Mount 'A' continues to be a
522 Consider the following command
526 'B' is the destination mount and 'b' is the dentry in the destination
529 The above operation is the same as bind operation with the exception
530 that the source mount is always a private mount.
533 5f) Unmount semantics
535 Consider the following command
539 where 'A' is a mount mounted on mount 'B' at dentry 'b'.
541 If mount 'B' is shared, then all most-recently-mounted mounts at dentry
542 'b' on mounts that receive propagation from mount 'B' and does not have
543 sub-mounts within them are unmounted.
545 Example: Let's say 'B1', 'B2', 'B3' are shared mounts that propagate to
548 let's say 'A1', 'A2', 'A3' are first mounted at dentry 'b' on mount
549 'B1', 'B2' and 'B3' respectively.
551 let's say 'C1', 'C2', 'C3' are next mounted at the same dentry 'b' on
552 mount 'B1', 'B2' and 'B3' respectively.
554 if 'C1' is unmounted, all the mounts that are most-recently-mounted on
555 'B1' and on the mounts that 'B1' propagates-to are unmounted.
557 'B1' propagates to 'B2' and 'B3'. And the most recently mounted mount
558 on 'B2' at dentry 'b' is 'C2', and that of mount 'B3' is 'C3'.
560 So all 'C1', 'C2' and 'C3' should be unmounted.
562 If any of 'C2' or 'C3' has some child mounts, then that mount is not
563 unmounted, but all other mounts are unmounted. However if 'C1' is told
564 to be unmounted and 'C1' has some sub-mounts, the umount operation is
569 A cloned namespace contains all the mounts as that of the parent
572 Let's say 'A' and 'B' are the corresponding mounts in the parent and the
575 If 'A' is shared, then 'B' is also shared and 'A' and 'B' propagate to
578 If 'A' is a slave mount of 'Z', then 'B' is also the slave mount of
581 If 'A' is a private mount, then 'B' is a private mount too.
583 If 'A' is unbindable mount, then 'B' is a unbindable mount too.
588 A. What is the result of the following command sequence?
590 mount --bind /mnt /mnt
591 mount --make-shared /mnt
592 mount --bind /mnt /tmp
593 mount --move /tmp /mnt/1
595 what should be the contents of /mnt /mnt/1 /mnt/1/1 should be?
596 Should they all be identical? or should /mnt and /mnt/1 be
600 B. What is the result of the following command sequence?
602 mount --make-rshared /
606 what should be the content of /v/1/v/1 be?
609 C. What is the result of the following command sequence?
611 mount --bind /mnt /mnt
612 mount --make-shared /mnt
613 mkdir -p /mnt/1/2/3 /mnt/1/test
614 mount --bind /mnt/1 /tmp
615 mount --make-slave /mnt
616 mount --make-shared /mnt
617 mount --bind /mnt/1/2 /tmp1
618 mount --make-slave /mnt
620 At this point we have the first mount at /tmp and
621 its root dentry is 1. Let's call this mount 'A'
622 And then we have a second mount at /tmp1 with root
623 dentry 2. Let's call this mount 'B'
624 Next we have a third mount at /mnt with root dentry
625 mnt. Let's call this mount 'C'
627 'B' is the slave of 'A' and 'C' is a slave of 'B'
630 at this point if we execute the following command
632 mount --bind /bin /tmp/test
634 The mount is attempted on 'A'
636 will the mount propagate to 'B' and 'C' ?
638 what would be the contents of
643 Q1. Why is bind mount needed? How is it different from symbolic links?
644 symbolic links can get stale if the destination mount gets
645 unmounted or moved. Bind mounts continue to exist even if the
646 other mount is unmounted or moved.
648 Q2. Why can't the shared subtree be implemented using exportfs?
650 exportfs is a heavyweight way of accomplishing part of what
651 shared subtree can do. I cannot imagine a way to implement the
652 semantics of slave mount using exportfs?
654 Q3 Why is unbindable mount needed?
656 Let's say we want to replicate the mount tree at multiple
657 locations within the same subtree.
659 if one rbind mounts a tree within the same subtree 'n' times
660 the number of mounts created is an exponential function of 'n'.
661 Having unbindable mount can help prune the unneeded bind
662 mounts. Here is a example.
665 let's say the root tree has just two directories with
671 And we want to replicate the tree at multiple
672 mountpoints under /root/tmp
675 mount --make-shared /root
679 mount --rbind /root /tmp/m1
681 the new tree now looks like this:
697 mount --rbind /root /tmp/m2
699 the new tree now looks like this:
723 mount --rbind /root /tmp/m3
725 I wont' draw the tree..but it has 24 vfsmounts
728 at step i the number of vfsmounts is V[i] = i*V[i-1].
729 This is an exponential function. And this tree has way more
730 mounts than what we really needed in the first place.
732 One could use a series of umount at each step to prune
733 out the unneeded mounts. But there is a better solution.
734 Unclonable mounts come in handy here.
737 let's say the root tree has just two directories with
743 How do we set up the same tree at multiple locations under
747 mount --bind /root/tmp /root/tmp
749 mount --make-rshared /root
750 mount --make-unbindable /root/tmp
754 mount --rbind /root /tmp/m1
756 the new tree now looks like this:
768 mount --rbind /root /tmp/m2
770 the new tree now looks like this:
783 mount --rbind /root /tmp/m3
785 the new tree now looks like this:
793 tmp usr tmp usr tmp usr
799 4 new fields are introduced to struct vfsmount
805 ->mnt_share links together all the mount to/from which this vfsmount
806 send/receives propagation events.
808 ->mnt_slave_list links all the mounts to which this vfsmount propagates
811 ->mnt_slave links together all the slaves that its master vfsmount
814 ->mnt_master points to the master vfsmount from which this vfsmount
815 receives propagation.
817 ->mnt_flags takes two more flags to indicate the propagation status of
818 the vfsmount. MNT_SHARE indicates that the vfsmount is a shared
819 vfsmount. MNT_UNCLONABLE indicates that the vfsmount cannot be
822 All the shared vfsmounts in a peer group form a cyclic list through
825 All vfsmounts with the same ->mnt_master form on a cyclic list anchored
826 in ->mnt_master->mnt_slave_list and going through ->mnt_slave.
828 ->mnt_master can point to arbitrary (and possibly different) members
829 of master peer group. To find all immediate slaves of a peer group
830 you need to go through _all_ ->mnt_slave_list of its members.
831 Conceptually it's just a single set - distribution among the
832 individual lists does not affect propagation or the way propagation
833 tree is modified by operations.
835 A example propagation tree looks as shown in the figure below.
836 [ NOTE: Though it looks like a forest, if we consider all the shared
837 mounts as a conceptual entity called 'pnode', it becomes a tree]
840 A <--> B <--> C <---> D
848 In the above figure A,B,C and D all are shared and propagate to each
849 other. 'A' has got 3 slave mounts 'E' 'F' and 'G' 'C' has got 2 slave
850 mounts 'J' and 'K' and 'D' has got two slave mounts 'H' and 'I'.
851 'E' is also shared with 'K' and they propagate to each other. And
852 'K' has 3 slaves 'M', 'L' and 'N'
854 A's ->mnt_share links with the ->mnt_share of 'B' 'C' and 'D'
856 A's ->mnt_slave_list links with ->mnt_slave of 'E', 'K', 'F' and 'G'
858 E's ->mnt_share links with ->mnt_share of K
859 'E', 'K', 'F', 'G' have their ->mnt_master point to struct
861 'M', 'L', 'N' have their ->mnt_master point to struct vfsmount of 'K'
862 K's ->mnt_slave_list links with ->mnt_slave of 'M', 'L' and 'N'
864 C's ->mnt_slave_list links with ->mnt_slave of 'J' and 'K'
865 J and K's ->mnt_master points to struct vfsmount of C
866 and finally D's ->mnt_slave_list links with ->mnt_slave of 'H' and 'I'
867 'H' and 'I' have their ->mnt_master pointing to struct vfsmount of 'D'.
870 NOTE: The propagation tree is orthogonal to the mount tree.
875 The crux of the implementation resides in rbind/move operation.
877 The overall algorithm breaks the operation into 3 phases: (look at
878 attach_recursive_mnt() and propagate_mnt())
886 for each mount in the source tree:
887 a) Create the necessary number of mount trees to
888 be attached to each of the mounts that receive
889 propagation from the destination mount.
890 b) Do not attach any of the trees to its destination.
891 However note down its ->mnt_parent and ->mnt_mountpoint
892 c) Link all the new mounts to form a propagation tree that
893 is identical to the propagation tree of the destination
896 If this phase is successful, there should be 'n' new
897 propagation trees; where 'n' is the number of mounts in the
898 source tree. Go to the commit phase
900 Also there should be 'm' new mount trees, where 'm' is
901 the number of mounts to which the destination mount
904 if any memory allocations fail, go to the abort phase.
907 attach each of the mount trees to their corresponding
911 delete all the newly created trees.
913 NOTE: all the propagation related functionality resides in the file
917 ------------------------------------------------------------------------
919 version 0.1 (created the initial document, Ram Pai linuxram@us.ibm.com)
920 version 0.2 (Incorporated comments from Al Viro)
projects / linux-block.git / blob