netbsd-help: Re: union mount problems in 1.5.1

Subject: Re: union mount problems in 1.5.1
To: Trevin Beattie <trevin@xmission.com>
From: Frederick Bruckman <fredb@immanent.net>
List: netbsd-help
Date: 09/05/2001 23:18:33
On Wed, 5 Sep 2001, Trevin Beattie wrote:

> The next thing I wanted to do was reconfigure and recompile the kernel.  So
> I downloaded the system sources and installed them in /usr/src/sys, and I
> wanted to make a union mount on top of that to keep the distribution files
> clean.
>
> Unfortunately I'm not able to do so.  When I try to do an inverted union
> mount under my own account, I get the error "Operation not permitted" even
> though I own the upper layer (union) directory.

There was some change made before 1.5 in response to some exploit
(sorry, fuzzy on details). I get the same result even when I own
_both_ layers, though, in contravention to the man page (NetBSD-1.5.2).

> I am able to create the union mount as root, but this doesn't help because
> all upper layer directories created will be owned by root, thus I can't use
> it under my own account.

That's argueably wrong. You can, however, evidently change the owners
on the upper-layer directories while the union mount isn't mounted (as
root, after causing them to be created by cd'ing to them), and it'll
stick for the next mount.

> What's even worse is that when I tried to unmount
> the union, the system pretends it doesn't exist!

PR kern/3205 [non-critical/medium]:
mount_union with a '/' suffix to directory causes problems

I got the same result while following your directions. I finally got
it to unmount, but looking through the histories I can't figure out
when and how. (Sorry!)

> Here's a transcript of what happened (starting from my own account):
>
> clyde: {1} mount_union -b /usr/src/sys/ /home/trevin/sys/
> mount_union: /home/src/sys on /home/trevin/sys/: Operation not permitted
> clyde: {2} su
> Password:
> clyde: {1} mount_union -b /usr/src/sys /home/trevin/sys/
> clyde: {2} exit
> clyde: {3} exit
> clyde: {3} cd sys/arch/i386/conf/
> clyde: {4} touch testfile
> touch: testfile: Permission denied
> clyde: {5} cd ~
> clyde: {6} su
> Password:
> clyde: {1} umount /home/trevin/sys/
> umount: /home/trevin/sys: not currently mounted
> clyde: {2} mount
> /dev/wd0a on / type ffs (local)
> /dev/wd0f on /var type ffs (local)
> /dev/wd0e on /tmp type ffs (local)
> kernfs on /kern type kernfs (local)
> /dev/wd1a on /home type ffs (local)
> <below>:/home/src/sys on /home/trevin/sys/ type union
> clyde: {3} umount -a -t union
> umount: /home/trevin/sys: not currently mounted
>
> Am I doing something wrong?  The mount command is fairly simple, and I used
> it in my .login file under NetBSD-1.4.2 without any problem, but it's been
> so long I don't remember whether I had to configure anything else first.
>
> If not, I think I ought to report this problem to GNATS.

Sure. A search of the database on the word "union" turns up a whole
bunch -- some of which could probably be summarily closed -- but there
doesn't seem to be anything about permissions in there.

Frederick