writing to RW-mounted UFS2 snapshots - confirmed.

[John Kozubik]

On Thu, 1 Jul 2004, Q wrote:

> > While this may not be "expected" behavior, I am curious why this is
> > something that should be prevented, rather than verified for
> > correctness?  By "correct" I mean, that the copy on write process is
> > performed correctly and modifications made to the snapshot don't
> > modify the underlying filesystem elements also.
>
> Ok, I decided to be self sufficient and read Marshall McKusick's paper
> on background fsck (which also covers snapshots) to answer my own
> question.
>
> Firstly, one of the stated requirements for snapshots to function as
> outlined in the paper is that they must be read only. The reason they
> need to be read only is because the support for multiple snapshots
> assumes that they cannot change, and handles block allocation of freed
> blocks with this in mind. Supporting snapshot modification is outside
> the scope of the original implementation and would require further
> thought.


This was the main reason that I decided to go back and see if this was
really happening or not.  I read the USENIX paper (McKusick) to be quite
clear that snapshots must be read-only: "Writes to snapshot files are not
permitted".  However, nothing is said about writing files to, or changing
files within, a mounted snapshot file.

My initial assumption is that both activities are equally incorrect (and
dangerous - especially for subsequent snapshots created after altering the
first one).

As for a solution, I suppose a quick fix would be to alter `mount` to
disallow the read/write mount of a snapshot file.  This is similar to the
exception that is already coded into `unlink` to accomodate snapshot
files.

I just submitted a PR for this.


-----
John Kozubik - john at kozubik.com - http://www.kozubik.com