On Tue, Nov 23, 1999 at 06:41:24PM +0100, Manuel Bouyer wrote:
> On Tue, Nov 23, 1999 at 06:07:26PM +0100, Jaromir Dolecek wrote:
> > Manuel Bouyer wrote:
> > > Aggred for user mounts but I want to keep the possibility for root
> > > mounts
> > > to stop the machine when a FS goes bad. Keeping the machine running
> > > without an
> > > important FS can have bad consequences (think mail servers ...).
> > 
> > What if it's hardware fault, which won't go away after 
> > reboot ? If you keep the machine running, it can send all sorts
> 
> I hope it will not.
> 
> > of alert to anywhere its desirable and return temporary errors
> > to e-mail originators -
> 
> If the home directory are just gone, it will not be temporary error.
> .forward and .procmailrc files just won't be processes and this is bad.

by "disable access to the filesystem" I meant "all VOPs return an error
and no writes from the filesystem to the device are permitted" rather than
"forced unmount".  then it's really apparent to applications that something
is horribly wrong, but the machine can keep going.  does that sound more
acceptable?

I'm not opposed to making this optionally panic as long as it's just
in one place in the code.  but I don't think that's what most people
will want if they have more than a couple filesystems.

really, the best thing would be to disable corrupted bits of the
filesystem on a finer granularity (eg. per-file), but just getting
rid of the explicit panics would be a good start.

-Chuck


> > once you panic, your machine is not available
> > at all anymore and it may take much longer to notice.
> 
> This is a situation where I prefer to have the machine down instead of running
> is a degraded mode. It doesn't take very long to notice when important servers
> are down anyway :)
> 
> --
> Manuel Bouyer, LIP6, Universite Paris VI.           Manuel.Bouyer@lip6.fr
> --