Cursed Linux hacks for 500…0:
Know how you can bind mount things on top of other things? Most people generally are aware that "things" can be directories, but also files. This is especially useful if you're inside a user+mount namespace, with privileges to mount but not overwrite some file — so you create your file elsewhere and "over-mount" the original. (Commonly done for /etc/resolv.conf)
Now… regular mount can do this on top of symlinks too. (Guess where this is going? 🤣 … cont'd next)
So if /etc/resolv.conf is a symlink, you can still create a new resolv.conf and mount it over the symlink (it's not resolved.)
Now, if you pass a symlink to mount as the "thing" to mount on top of the existing thing, it resolves the symlink. So no sticking a symlink over something else.
Except.
The kernel accepts AT_SYMLINK_NOFOLLOW for this without any complaint, so if you write a tool like https://aurora.nox.tf/tmp/mountsymlink.c you can totally mount a symlink!
Now why is this a great hack? well…
Another reason why this is better than mounting a file on top of a file is that when you bind mount a file, the source of the mount is an inode. So, if the source file gets unlinked (e.g. because someone wants to atomically update it), the mount will continue to point at the file that was unlinked.
Bind-mounting a directory with the source file on the side and bind-mounting a symlink to the source file on top of the target file gets rid of that footgun (because you presumably won't want to update the symlink).
