1. Forum
  2. Usenet
  3. LINUX.DEBIAN.USER

  • Re: Re: Having ten thousands of mount bind causes various processes to

    From Julien Petit@21:1/5 to All on Fri Jun 14 11:50:01 2024
    What processes are CPU hungry?

    On a vanilla debian 11 : udisksd, gvfs-udisks2-vo, (fstrim), find

    Perhaps it is not a Debian-specific bug, just more active usage of sandboxing in systemd. If some applications have troubles parsing /proc/mounts then bugs should be filed against them.

    It seems to happen with all processes accessing mounts. And since
    disabling sandboxing with php fixed the problem for the php process,
    it looks like it is linked to sandboxing.

    However do you need shared subtrees? It may cause exponential growth of number of moutpoints, see

    We only use mount bind to share an initial folder with other users
    with different access rights (rw or ro). So we probably don't need
    shared subtrees (as long as mount bind doesn't rely on it). I'm not
    really familiar with subtrees though. In my understanding, it is used
    for chroot or containers and that's something we don't use. When i
    list our mounts, it seems they are by default in shared mode. If the
    default before was "private", it might be why it used to work and it
    stopped.
    I'm gonna test the effect of setting them to private.

    Thanks for your help

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Julien Petit@21:1/5 to All on Wed Jun 19 23:40:02 2024
    However do you need shared subtrees?
    I'm gonna test the effect of setting them to private.

    This doesn't seem to fix the problem either

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Julien Petit@21:1/5 to All on Thu Jun 20 00:30:01 2024
    Does it really have to be in the home directory? Can't the software (and/or the users) open files in, say, /shared/accounting?

    It doesn't really matter where folders/mounts are. Users can share any directory (and subdirectories) in their home directory with any other
    user. The shared folder is mounted in the special directory "Shared
    with me" of the recipient home directory. I.e: John/Sales/Invoices is
    mounted in Alice/Shared with me/Invoices.

    If it really needs to be under /home: symlinks.

    Symlinks are no good since the user sharing his directory can decide
    to share it read/write to one user but read only to another

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Julien Petit@21:1/5 to All on Fri Jun 21 03:40:02 2024
    This can be solved with ACLs. Instead of creating a bind mount, this process that allows the user to share the directory can set an ACL and create a symlink.

    For a few users maybe but not that easy when you have many thousands
    users (that on top do not have local accounts). We'd probably hit
    another ACL limitation.

    Then again, this thread was not about finding new ways of doing what
    we do but to know the reason it stopped working. Is it a new
    limitation or a bug?

    PS: It would be better if you used a mailer that correctly sets mail headers References and/or In-Reply-To so that your replies are properly threaded.

    Sorry about that, i use the link provided on the list for mails i
    don't receive in my mailbox directly and gmail doesn't seem to be good
    about it...

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)