Panic on mount with write-locked USB media (umass)
Maxime Henrion
mux at FreeBSD.org
Tue Apr 5 16:19:27 PDT 2005
Robert Watson wrote:
> On Tue, 5 Apr 2005, Poul-Henning Kamp wrote:
>
> >In message <20050405201820.042685D07 at ptavv.es.net>, "Kevin Oberman" writes:
> >
> >>>It would be useful if mount was smart enough to notice when it is
> >>>dealing with a read-only device, and try to mount such things
> >>>read-only, rather than trying to mount things read-write by default and
> >>>failing. Of course, the system shouldn't panic, either. :-)
> >>
> >>I think that is what I said. I am almost sure that this is how it used
> >>to work. I'm not sure whether the change was caused by something in
> >>msdosfs or GEOM (or somewhere else), but I sure preferred it when the RO
> >>device mounted RO. CDs still do this (thankfully). This makes me suspect
> >>msdosfs is the culprit.
> >
> >There are two ways that a filesystem correctly could handle a R/O media:
> >
> >1. Fail with EROFS unless asked t mouned read-only
> >
> >2. Silently downgrade th emount to read-only.
> >
> >I personally prefer the first because that way a script does not have to
> >check if it got the mount it wanted or not.
>
> In general, I agree, but this will de-POLA the following command:
>
> mount -t cd9660 /dev/acd0 /cdrom
>
> I wonder if a useful middle ground is to adopt (1) above except in the
> case of perenially read-only file systems (cd9660), in which case (2) is
> adopted?
I think that mount(8) should still try to mount things read/write when
neither -r nor -w are specified. However, if -w is specified, mount(8)
has to fail with an EROFS error if it can't mount read/write, and should
not try to mount read/only (I'm not sure if that's the case already).
That way, a script that knows it needs a read/write mount just has to
specify -w and doesn't have to check afterwards, and we're not breaking
POLA.
To implement this we can either just call mount() as usual, and
unmount() and fail if we got a read-only filesystem, or add a new mount
flag meaning "I really want read/write and not read-only" to the mount()
system call. MNT_RDWR would be appropriate. And we keep the semantics
of "give me the best you can" when neither MNT_RDONLY nor MNT_RDWR is
passed.
Cheers,
Maxime
More information about the freebsd-current
mailing list