Home Explore Blog CI



man-pages
12th chunk of `mount.man`
d83581539fc1fde2d15b460a9e0a93feaa38a970218d7bac0000000100000fa5
 remount,ro" is applied to VFS and
       filesystem superblock. This semantic allows create a read-only
       mountpoint but keeps the filesystem writable from another mountpoint.

       Since v2.39 libmount can use a new kernel mount interface to set the VFS
       options recursive. For backward compatibility, this feature is not
       enabled by default, although recursive operation (e.g. rbind) has been
       requested. The new option argument "recursive" could be specified, for
       example:

              mount -orbind,ro=recursive,noexec=recursive,nosuid /foo /bar

       recursively binds filesystems from /foo to /bar, /bar, and all submounts
       will be read-only and noexec, but only /bar itself will be "nosuid". The
       "recursive" optional argument for VFS mount options is an EXPERIMENTAL
       feature.

       The following options apply to any filesystem that is being mounted (but
       not every filesystem actually honors them - e.g., the sync option today
       has an effect only for ext2, ext3, ext4, fat, vfat, ufs and xfs):

       async
           All I/O to the filesystem should be done asynchronously. (See also
           the sync option.)

       atime
           Do not use the noatime feature, so the inode access time is
           controlled by kernel defaults. See also the descriptions of the
           relatime and strictatime mount options.

       noatime
           Do not update inode access times on this filesystem (e.g. for faster
           access on the news spool to speed up news servers). This works for
           all inode types (directories too), so it implies nodiratime.

       auto
           Can be mounted with the -a option.

       noauto
           Can only be mounted explicitly (i.e., the -a option will not cause
           the filesystem to be mounted).

       context=context, fscontext=context, defcontext=context, and
       rootcontext=context
           The context= option is useful when mounting filesystems that do not
           support extended attributes, such as a floppy or hard disk formatted
           with VFAT, or systems that are not normally running under SELinux,
           such as an ext3 or ext4 formatted disk from a non-SELinux
           workstation. You can also use context= on filesystems you do not
           trust, such as a floppy. It also helps in compatibility with
           xattr-supporting filesystems on earlier 2.4.<x> kernel versions.
           Even where xattrs are supported, you can save time not having to
           label every file by assigning the entire disk one security context.

           A commonly used option for removable media is
           context="system_u:object_r:removable_t.

           The fscontext= option works for all filesystems, regardless of their
           xattr support. The fscontext option sets the overarching filesystem
           label to a specific security context. This filesystem label is
           separate from the individual labels on the files. It represents the
           entire filesystem for certain kinds of permission checks, such as
           during mount or file creation. Individual file labels are still
           obtained from the xattrs on the files themselves. The context option
           actually sets the aggregate context that fscontext provides, in
           addition to supplying the same label for individual files.

           You can set the default security context for unlabeled files using
           defcontext= option. This overrides the value set for unlabeled files
           in the policy and requires a filesystem that supports xattr
           labeling.

           The rootcontext= option allows you to explicitly label the root
           inode of a FS being mounted before that FS or inode becomes visible
           to userspace. This was found to be useful for things like stateless
           Linux. The special value @target can be used to assign the current
           context
Title: Filesystem-Independent Mount Options (cont.)
Summary
This section details further filesystem-independent mount options for the `mount` command. It covers `async`, `atime`, `noatime`, `auto`, `noauto`, `context`, `fscontext`, `defcontext`, and `rootcontext`. These options provide control over I/O behavior, access time updates, automatic mounting, and SELinux security contexts. Notably, the effects of some of these options can vary depending on the specific filesystem type.