Re: [RFC] libmount: accept X-mount.{owner,group,mode}=

[Karel Zak <kzak@redhat.com>]

On Wed, Mar 30, 2022 at 08:13:00PM +0200, наб wrote:
> Which take an user, group, and mode, respectively, and set them on the
> target after mounting
> 
> This is vaguely similar to tmpfs(5)'s [ug]id= and mode= options,
> but we POSIX-parse the user- and group names
> 
> Oft requested in systemd/zram-generator, since a common use-case
> is to use it to create /tmp or an equivalent directory that needs
> to be a=rwx,o+t (or a user's private temp that needs to be owned
> by them) ‒ this is impossible without terrible hacks, cf.
> https://github.com/systemd/zram-generator/issues/150,
> https://github.com/systemd/zram-generator/issues/146, &c.
> 
> This started off as a Set{User,Group,Mode}= systemd mount unit,
> but was poetterung into libmount options:
> https://github.com/systemd/systemd/pull/22889

I see how usable this feature could be, but it also increases
complexity of the mount(8) command.

> But I'm not sure how to proceed. I've stuffed the parsing and chowning
> stage into mnt_context_finalize_mount() for ease-of-PoC, but should:
>   (a) the post-syscall error handling in mnt_context_get_mount_excode()
>       be extended to recognise MNT_ERR_MOUNTOPT?

Yes, see MNT_ERR_NAMESPACE, it the same thing. We have it in the
pre-syscall and in post-syscall sections.

>   (b) the parsing/chowning stages be split (parsing in pre-mount prep,
>       chowning in post-mount)? with a new MNT_ERR_ flag potentially?

Yes, this is probably the most robust way (don't call mount syscall if
X-mount.* is invalid).

I guess you can add tgt_owner, tgt_group and tgt_mode to libmnt_context to
keep parsed results, fill the fields in mnt_context_prepare_mount() (or so) and use
it mnt_context_do_mount() (before mnt_context_switch_ns()).

Don't forget to reset it in mnt_reset_context().

    Karel

-- 
 Karel Zak  <kzak@redhat.com>
 http://karelzak.blogspot.com