[stgt] [PATCH 2/2] tgt-admin: check if device is mounted on /

[Doron Shoham]

Tomasz Chmielewski wrote:

> 
> Generally, any filesystem mounted on the target should not be allocated
> to initiators. Disallowing / (i.e., /dev/sda1), but allowing /usr (i.e.,
> /dev/sda2) or swap is certainly not a good idea.
> 
> The info can be fetched from /etc/mtab (unless we have a system with
> read-only /etc, where /etc/mtab could be a link to /proc/mounts - I
> think /proc/mounts doesn't always show an underlying device where rootfs
> sits). Also, parsing /proc/swaps would be useful.
> 
> But what if someone has rootfs on /dev/mtd0, mtd0 consists of /dev/sda1
> and /dev/sdb1 - and wants to allocate /dev/sdb to initiators? Not to say
> LVM, dm-crypt devices, etc... - it looks like there are lots of
> possibilities for an admin to break the system ;)
> 
> 
> If someone is brave (or uses a distributed fs on the target) and really
> wants to allow initiators access to a mounted filesystem, we could add a
> separate option for that ("allow-mounted")?
> Although I guess it wouldn't have many users today.
> 
> 

For the beginning we will just disallow any filesystem mounted on the target.
Later we can expand it to handle /dev/mtd0, LVM and so on.

If I understood correctly, we need to:
1. parse /etc/matb - read the device which mounted on /
Doesn't the rootfs will be always mounted on /, even if we use nfs?
2. parse /proc/mounts - read all the devices
compare the devices we found to the device we want to allocate.
3. Add allow-mounted option to override this action and allow the allocation.

Do you have any suggestions about handling other situations as you described above (/dev/mtd0, LVM, etc...)?

Thanks,
Doron



--
To unsubscribe from this list: send the line "unsubscribe stgt" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html