prevent bind mount on login if mounted
Clash Royale CLAN TAG#URR8PPP
up vote
0
down vote
favorite
At login, a bind mount is created. In ~/.pam_mount.conf.xml:
<volume options="bind" user="phg" mountpoint="/nix" path="/store/nix" />
This needs to be done only once per boot. Note that I do not have
access to the fstab or systemd mounts.
The bind mount itself works. However, it is being executed on
every login. Since I can have dozens, hundreds of logins to the
box via SSH, this fills up the mount table rather quickly. Just
minutes ago the box was rendered unusable due to resource
exhaustion because of it.
Detecting an existing bind mount is easy but with pam_mount.so
I don’t see a means to make the mount depend on the result of,
say a script.
Hence my question:
- How can I prevent the bind mount from being executed more than
once, or - how can I make repeated bind mounts a no-op so as to prevent mounts
from accumulating?
See also: https://github.com/karelzak/util-linux/issues/448
linux mount util-linux
asked Jul 11 at 15:05
phg
520414
add a comment |Â
up vote
0
down vote
favorite
At login, a bind mount is created. In ~/.pam_mount.conf.xml:
<volume options="bind" user="phg" mountpoint="/nix" path="/store/nix" />
This needs to be done only once per boot. Note that I do not have
access to the fstab or systemd mounts.
The bind mount itself works. However, it is being executed on
every login. Since I can have dozens, hundreds of logins to the
box via SSH, this fills up the mount table rather quickly. Just
minutes ago the box was rendered unusable due to resource
exhaustion because of it.
Detecting an existing bind mount is easy but with pam_mount.so
I don’t see a means to make the mount depend on the result of,
say a script.
Hence my question:
- How can I prevent the bind mount from being executed more than
once, or - how can I make repeated bind mounts a no-op so as to prevent mounts
from accumulating?
See also: https://github.com/karelzak/util-linux/issues/448
linux mount util-linux
asked Jul 11 at 15:05
phg
520414
1
pam_execcould do it, but it sounds like you can't change the PAM configuration either.
– sourcejedi
Jul 11 at 16:11
Thanks for the pointer. Sadly, pam_exec is not available on this system.
– phg
Jul 12 at 6:34
add a comment |Â
up vote
0
down vote
favorite
up vote
0
down vote
favorite
At login, a bind mount is created. In ~/.pam_mount.conf.xml:
<volume options="bind" user="phg" mountpoint="/nix" path="/store/nix" />
This needs to be done only once per boot. Note that I do not have
access to the fstab or systemd mounts.
The bind mount itself works. However, it is being executed on
every login. Since I can have dozens, hundreds of logins to the
box via SSH, this fills up the mount table rather quickly. Just
minutes ago the box was rendered unusable due to resource
exhaustion because of it.
Detecting an existing bind mount is easy but with pam_mount.so
I don’t see a means to make the mount depend on the result of,
say a script.
Hence my question:
- How can I prevent the bind mount from being executed more than
once, or - how can I make repeated bind mounts a no-op so as to prevent mounts
from accumulating?
See also: https://github.com/karelzak/util-linux/issues/448
linux mount util-linux
asked Jul 11 at 15:05
phg
520414
At login, a bind mount is created. In ~/.pam_mount.conf.xml:
<volume options="bind" user="phg" mountpoint="/nix" path="/store/nix" />
This needs to be done only once per boot. Note that I do not have
access to the fstab or systemd mounts.
The bind mount itself works. However, it is being executed on
every login. Since I can have dozens, hundreds of logins to the
box via SSH, this fills up the mount table rather quickly. Just
minutes ago the box was rendered unusable due to resource
exhaustion because of it.
Detecting an existing bind mount is easy but with pam_mount.so
I don’t see a means to make the mount depend on the result of,
say a script.
Hence my question:
- How can I prevent the bind mount from being executed more than
once, or - how can I make repeated bind mounts a no-op so as to prevent mounts
from accumulating?
See also: https://github.com/karelzak/util-linux/issues/448
linux mount util-linux
asked Jul 11 at 15:05
phg
520414
asked Jul 11 at 15:05
phg
520414
asked Jul 11 at 15:05
phg
520414
asked Jul 11 at 15:05
phg
520414
520414
1
pam_execcould do it, but it sounds like you can't change the PAM configuration either.
– sourcejedi
Jul 11 at 16:11
Thanks for the pointer. Sadly, pam_exec is not available on this system.
– phg
Jul 12 at 6:34
add a comment |Â
1
pam_execcould do it, but it sounds like you can't change the PAM configuration either.
– sourcejedi
Jul 11 at 16:11
Thanks for the pointer. Sadly, pam_exec is not available on this system.
– phg
Jul 12 at 6:34
1
1
pam_exec could do it, but it sounds like you can't change the PAM configuration either.– sourcejedi
Jul 11 at 16:11
pam_exec could do it, but it sounds like you can't change the PAM configuration either.– sourcejedi
Jul 11 at 16:11
Thanks for the pointer. Sadly, pam_exec is not available on this system.
– phg
Jul 12 at 6:34
Thanks for the pointer. Sadly, pam_exec is not available on this system.
– phg
Jul 12 at 6:34
add a comment |Â
1 Answer
1
active
oldest
votes
up vote
1
down vote
I wonder if you are using systemd (mount propagation by default). It seems to more than double the number of bind mounts each time. Maybe it behaves better with private in the mount options... Ah. I see you can write unbindable as an option to mount. If it accepts that, then it could answer your question. So long as pam_mount allows a mount to fail and does not abort the login.
I notice that for some reason, your pam_mount does not seem to be working as it is designed.
pam_mount keeps a "reference count" of your mounts. For example, if you have two active logins at once, the filesystem should only be mounted once. It is unmounted after both sessions log out.
If you are stopping the filesystem from being unmounted at logout time, you are abusing pam_mount. Be aware that it might change in future in some way which breaks your setup.
answered Jul 11 at 16:51
sourcejedi
18k22375
So long as pam_mount allows a mount to fail and does not abort the login – this should be possible with the nofail option, shouldn’t it?
– phg
Jul 12 at 6:35
pam_mount keeps a "reference count" of your mounts. For example, if you have two active logins at once, the filesystem should only be mounted once. It is unmounted after both sessions log out. – the first part does not agree with my observation; the latter is trivial to explain: over a work day, tons of SSH sessions accumulate to that system, I rarely close them (working with a master connection is too fragile in my experience).
– phg
Jul 12 at 6:39
@phg I thinknofailonly applies tomount -a(or systemd equivalent).
– sourcejedi
Jul 12 at 9:06
add a comment |Â
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
1
down vote
I wonder if you are using systemd (mount propagation by default). It seems to more than double the number of bind mounts each time. Maybe it behaves better with private in the mount options... Ah. I see you can write unbindable as an option to mount. If it accepts that, then it could answer your question. So long as pam_mount allows a mount to fail and does not abort the login.
I notice that for some reason, your pam_mount does not seem to be working as it is designed.
pam_mount keeps a "reference count" of your mounts. For example, if you have two active logins at once, the filesystem should only be mounted once. It is unmounted after both sessions log out.
If you are stopping the filesystem from being unmounted at logout time, you are abusing pam_mount. Be aware that it might change in future in some way which breaks your setup.
answered Jul 11 at 16:51
sourcejedi
18k22375
So long as pam_mount allows a mount to fail and does not abort the login – this should be possible with the nofail option, shouldn’t it?
– phg
Jul 12 at 6:35
pam_mount keeps a "reference count" of your mounts. For example, if you have two active logins at once, the filesystem should only be mounted once. It is unmounted after both sessions log out. – the first part does not agree with my observation; the latter is trivial to explain: over a work day, tons of SSH sessions accumulate to that system, I rarely close them (working with a master connection is too fragile in my experience).
– phg
Jul 12 at 6:39
@phg I thinknofailonly applies tomount -a(or systemd equivalent).
– sourcejedi
Jul 12 at 9:06
add a comment |Â
up vote
1
down vote
I wonder if you are using systemd (mount propagation by default). It seems to more than double the number of bind mounts each time. Maybe it behaves better with private in the mount options... Ah. I see you can write unbindable as an option to mount. If it accepts that, then it could answer your question. So long as pam_mount allows a mount to fail and does not abort the login.
I notice that for some reason, your pam_mount does not seem to be working as it is designed.
pam_mount keeps a "reference count" of your mounts. For example, if you have two active logins at once, the filesystem should only be mounted once. It is unmounted after both sessions log out.
If you are stopping the filesystem from being unmounted at logout time, you are abusing pam_mount. Be aware that it might change in future in some way which breaks your setup.
answered Jul 11 at 16:51
sourcejedi
18k22375
So long as pam_mount allows a mount to fail and does not abort the login – this should be possible with the nofail option, shouldn’t it?
– phg
Jul 12 at 6:35
pam_mount keeps a "reference count" of your mounts. For example, if you have two active logins at once, the filesystem should only be mounted once. It is unmounted after both sessions log out. – the first part does not agree with my observation; the latter is trivial to explain: over a work day, tons of SSH sessions accumulate to that system, I rarely close them (working with a master connection is too fragile in my experience).
– phg
Jul 12 at 6:39
@phg I thinknofailonly applies tomount -a(or systemd equivalent).
– sourcejedi
Jul 12 at 9:06
add a comment |Â
up vote
1
down vote
up vote
1
down vote
I wonder if you are using systemd (mount propagation by default). It seems to more than double the number of bind mounts each time. Maybe it behaves better with private in the mount options... Ah. I see you can write unbindable as an option to mount. If it accepts that, then it could answer your question. So long as pam_mount allows a mount to fail and does not abort the login.
I notice that for some reason, your pam_mount does not seem to be working as it is designed.
pam_mount keeps a "reference count" of your mounts. For example, if you have two active logins at once, the filesystem should only be mounted once. It is unmounted after both sessions log out.
If you are stopping the filesystem from being unmounted at logout time, you are abusing pam_mount. Be aware that it might change in future in some way which breaks your setup.
answered Jul 11 at 16:51
sourcejedi
18k22375
I wonder if you are using systemd (mount propagation by default). It seems to more than double the number of bind mounts each time. Maybe it behaves better with private in the mount options... Ah. I see you can write unbindable as an option to mount. If it accepts that, then it could answer your question. So long as pam_mount allows a mount to fail and does not abort the login.
I notice that for some reason, your pam_mount does not seem to be working as it is designed.
pam_mount keeps a "reference count" of your mounts. For example, if you have two active logins at once, the filesystem should only be mounted once. It is unmounted after both sessions log out.
If you are stopping the filesystem from being unmounted at logout time, you are abusing pam_mount. Be aware that it might change in future in some way which breaks your setup.
answered Jul 11 at 16:51
sourcejedi
18k22375
answered Jul 11 at 16:51
sourcejedi
18k22375
answered Jul 11 at 16:51
sourcejedi
18k22375
answered Jul 11 at 16:51
sourcejedi
18k22375
18k22375
So long as pam_mount allows a mount to fail and does not abort the login – this should be possible with the nofail option, shouldn’t it?
– phg
Jul 12 at 6:35
pam_mount keeps a "reference count" of your mounts. For example, if you have two active logins at once, the filesystem should only be mounted once. It is unmounted after both sessions log out. – the first part does not agree with my observation; the latter is trivial to explain: over a work day, tons of SSH sessions accumulate to that system, I rarely close them (working with a master connection is too fragile in my experience).
– phg
Jul 12 at 6:39
@phg I thinknofailonly applies tomount -a(or systemd equivalent).
– sourcejedi
Jul 12 at 9:06
add a comment |Â
So long as pam_mount allows a mount to fail and does not abort the login – this should be possible with the nofail option, shouldn’t it?
– phg
Jul 12 at 6:35
pam_mount keeps a "reference count" of your mounts. For example, if you have two active logins at once, the filesystem should only be mounted once. It is unmounted after both sessions log out. – the first part does not agree with my observation; the latter is trivial to explain: over a work day, tons of SSH sessions accumulate to that system, I rarely close them (working with a master connection is too fragile in my experience).
– phg
Jul 12 at 6:39
@phg I thinknofailonly applies tomount -a(or systemd equivalent).
– sourcejedi
Jul 12 at 9:06
So long as pam_mount allows a mount to fail and does not abort the login – this should be possible with the nofail option, shouldn’t it?
– phg
Jul 12 at 6:35
So long as pam_mount allows a mount to fail and does not abort the login – this should be possible with the nofail option, shouldn’t it?
– phg
Jul 12 at 6:35
pam_mount keeps a "reference count" of your mounts. For example, if you have two active logins at once, the filesystem should only be mounted once. It is unmounted after both sessions log out. – the first part does not agree with my observation; the latter is trivial to explain: over a work day, tons of SSH sessions accumulate to that system, I rarely close them (working with a master connection is too fragile in my experience).
– phg
Jul 12 at 6:39
pam_mount keeps a "reference count" of your mounts. For example, if you have two active logins at once, the filesystem should only be mounted once. It is unmounted after both sessions log out. – the first part does not agree with my observation; the latter is trivial to explain: over a work day, tons of SSH sessions accumulate to that system, I rarely close them (working with a master connection is too fragile in my experience).
– phg
Jul 12 at 6:39
@phg I think
nofail only applies to mount -a (or systemd equivalent).– sourcejedi
Jul 12 at 9:06
@phg I think
nofail only applies to mount -a (or systemd equivalent).– sourcejedi
Jul 12 at 9:06
add a comment |Â
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f454711%2fprevent-bind-mount-on-login-if-mounted%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
1
pam_execcould do it, but it sounds like you can't change the PAM configuration either.– sourcejedi
Jul 11 at 16:11
Thanks for the pointer. Sadly, pam_exec is not available on this system.
– phg
Jul 12 at 6:34