Subject: Non-root users mounting a file system?
To: None <>
From: Paul Goyette <>
List: current-users
Date: 02/20/2007 13:55:45

I've made all the necessary permission changes on the mount point as 
well as the /dev/{,r}cgd* devices and the /etc/cgd directory (and its
files), but I still cannot seem to have a non-root user, even a member 
of group wheel, mount the filesystem.  The cgdconfig succeeds, and I
am positive the vfs.generic.usermount is set, yet still I get this:

 	quicky:paul {105} sysctl vfs.generic.usermount
 	vfs.generic.usermount = 1
 	quicky:paul {106} mount /dev/cgd0a /pics
 	mount_ffs: /dev/cgd0a on /pics: Operation not permitted
 	quicky:paul {107}

I suspect that this is a result of some flag checks being done in 
secmodel_bsd44_suser.c but I don't know enough to understand what these
checks are doing or how to make them succeed.

                 case KAUTH_REQ_SYSTEM_MOUNT_NEW:
                         if (isroot)
                                 result = KAUTH_RESULT_ALLOW;
                         else if (dovfsusermount) {
                                 struct vnode *vp = arg1;
                                 u_long flags = (u_long)arg2;

 				if (!(flags & MNT_NODEV) ||
                                     !(flags & MNT_NOSUID))

                                 if ((vp->v_mount->mnt_flag & MNT_NOEXEC) &&
                                     !(flags & MNT_NOEXEC))

 				result = KAUTH_RESULT_ALLOW;


|   Paul Goyette   | PGP DSS Key fingerprint: |  E-mail addresses:   |
| Network Engineer | FA29 0E3B 35AF E8AE 6651 |   |
|                  | 0786 F758 55DE 53BA 7731 | |