tech-kern: Re: Patch to disallow mounts of unclean FFS unless forced

Subject: Re: Patch to disallow mounts of unclean FFS unless forced
To: Charles M. Hannum <abuse@spamalicious.com>
From: Darrin B. Jewell <dbj@NetBSD.org>
List: tech-kern
Date: 10/14/2003 18:05:00

I originally recommended this change, and I still think it is a good
idea.  Its purpose is mainly to keep administrators from accidentally
manually mounting an unclean filesystem which could potentially panic
the kernel.  However, I do agree it is largely an issue of style.

The filesystem code in the kernel was written with various assumptions
about the consistency of the metadata on disk.  The filesystem clean
flag is designed as the indicator of when the on disk metatadata does
not satisfy these consistency requirements.  Under normal operation
and expected failure modes involving complete disconnect of the
filesystem media, this flag does correctly represent the consistency
state of the filesystem.

This change is not intended to solve the much more complicated problem
of abnormal or arbitrary corruption of the filesystem.  Additionally,
it is not a code path that should ever be encountered without manual
intervention, since fsck is normally run before a filesystem mount.

However, it does provide some protection from an administrator
shooting themselves in the foot because they didn't realize a
filesystem was unclean before they manually bring it online.  The
mount '-f' option specifies that the administrator is aware that they
are performing an abnormal and potentially dangerous operation.  This
is similar to the unmount -f usage.  Its not a case that occurs
without manual intervention, but it does provide a minor safegard
against a potentially dangerous operation.

Darrin

"Charles M. Hannum" <abuse@spamalicious.com> writes:

> On Monday 13 October 2003 06:09 pm, Jason Thorpe wrote:
> > The following patch changes the FFS code to disallow mounts of unclean
> > file systems unless the mount is forced.  Mounts can be forced by root
> > using the -f flag to mount(8).  Non-root users are not allowed to force
> > mounts (this is enforced by sys_mount()).  The initial mount of the
> > root file system is always forced.
> 
> So, exactly what problem are you attempting to solve here?  This is one of the 
> most irritating misfeatures of FreeBSD.