Date: Wed, 6 Apr 2005 01:19:27 +0200 From: Maxime Henrion <mux@FreeBSD.org> To: Robert Watson <rwatson@FreeBSD.org> Cc: current@freebsd.org Subject: Re: Panic on mount with write-locked USB media (umass) Message-ID: <20050405231927.GR25563@elvis.mu.org> In-Reply-To: <20050405235414.D81173@fledge.watson.org> References: <2871.1112734748@critter.freebsd.dk> <20050405235414.D81173@fledge.watson.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Robert Watson wrote: > On Tue, 5 Apr 2005, Poul-Henning Kamp wrote: > > >In message <20050405201820.042685D07@ptavv.es.net>, "Kevin Oberman" writes: > > > >>>It would be useful if mount was smart enough to notice when it is > >>>dealing with a read-only device, and try to mount such things > >>>read-only, rather than trying to mount things read-write by default and > >>>failing. Of course, the system shouldn't panic, either. :-) > >> > >>I think that is what I said. I am almost sure that this is how it used > >>to work. I'm not sure whether the change was caused by something in > >>msdosfs or GEOM (or somewhere else), but I sure preferred it when the RO > >>device mounted RO. CDs still do this (thankfully). This makes me suspect > >>msdosfs is the culprit. > > > >There are two ways that a filesystem correctly could handle a R/O media: > > > >1. Fail with EROFS unless asked t mouned read-only > > > >2. Silently downgrade th emount to read-only. > > > >I personally prefer the first because that way a script does not have to > >check if it got the mount it wanted or not. > > In general, I agree, but this will de-POLA the following command: > > mount -t cd9660 /dev/acd0 /cdrom > > I wonder if a useful middle ground is to adopt (1) above except in the > case of perenially read-only file systems (cd9660), in which case (2) is > adopted? I think that mount(8) should still try to mount things read/write when neither -r nor -w are specified. However, if -w is specified, mount(8) has to fail with an EROFS error if it can't mount read/write, and should not try to mount read/only (I'm not sure if that's the case already). That way, a script that knows it needs a read/write mount just has to specify -w and doesn't have to check afterwards, and we're not breaking POLA. To implement this we can either just call mount() as usual, and unmount() and fail if we got a read-only filesystem, or add a new mount flag meaning "I really want read/write and not read-only" to the mount() system call. MNT_RDWR would be appropriate. And we keep the semantics of "give me the best you can" when neither MNT_RDONLY nor MNT_RDWR is passed. Cheers, Maxime
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050405231927.GR25563>