Open
Conversation
This was referenced Mar 2, 2026
sedlund
force-pushed
the
btrfs-mountoptions-guardrails
branch
from
81701fd to
c06e927
Compare
sedlund
force-pushed
the
btrfs-mountoptions-guardrails
branch
3 times, most recently
from
ba54e7a to
7ef2289
Compare
sedlund
force-pushed
the
btrfs-mountoptions-guardrails
branch
2 times, most recently
from
89d1754 to
330b3b8
Compare
Add strict-by-default consistency guardrails for filesystem-wide Btrfs mountOptions with a conservative per-mount whitelist. Use top-level btrfs mountOptions as canonical and treat subvolume filesystem-wide options as key/value overrides so omitted keys are inherited.
sedlund
force-pushed
the
btrfs-mountoptions-guardrails
branch
from
330b3b8 to
da7dccd
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Problem
Btrfs mount options are largely filesystem-wide, but disko allows per-subvolume mountOptions to diverge.
When they do, the effective behavior depends on mount ordering, which is not explicit and can lead to non-deterministic results.
Approach
Introduce a deterministic, Btrfs-specific guardrail:
Compare filesystem-wide option sets across all mounted subvolumes.
Allow only a conservative whitelist of clearly per-mount VFS flags to differ:
Ignore
defaults,subvol=..., and userspace helper options (e.g.X-mount.mkdir).Treat subvolumes using the default subvolume
mountOptions = [ "defaults" ]as inheriting the top-level Btrfs mount options for the consistency check.Compare option sets order-insensitively and by option key/value for filesystem-wide options.
Policy / Options
Two new Btrfs module options:
enforceConsistentMountOptions (default: true)
Throw an evaluation error if non-whitelisted inconsistencies are detected.
warnOnInconsistentMountOptions (default: true)
When strict mode is disabled, emit a warning unless this is set to false.
Why Btrfs-specific?
This behavior is specific to Btrfs subvolume multi-mount semantics, where many mount options are effectively filesystem-wide. Other filesystems do not exhibit the same ambiguity in disko’s model.
Tests
Added coverage for both allowed and rejected Btrfs subvolume mount option divergence.
btrfs-mountoptions-per-mount-allowednoexec,nosuid,nodev, andnoatime.btrfs-mountoptions-consistency-guardrailcompress=configuration to confirm the guardrail throws under the default strict mode.The implementation also treats subvolumes using the default subvolume
mountOptions = [ "defaults" ]as inheriting the top-level Btrfs mount options for the consistency check, and ignoresdefaults,subvol=..., andX-mount.mkdirwhen comparing filesystem-wide option sets.Fixes #331