On Tue Feb 20 2007 at 13:55:45 -0800, Paul Goyette wrote:
> Folks,
> 
> I've made all the necessary permission changes on the mount point as 
> well as the /dev/{,r}cgd* devices and the /etc/cgd directory (and its
> files), but I still cannot seem to have a non-root user, even a member 
> of group wheel, mount the filesystem.  The cgdconfig succeeds, and I
> am positive the vfs.generic.usermount is set, yet still I get this:
> 
> 	quicky:paul {105} sysctl vfs.generic.usermount
> 	vfs.generic.usermount = 1
> 	quicky:paul {106} mount /dev/cgd0a /pics
> 	mount_ffs: /dev/cgd0a on /pics: Operation not permitted
> 	quicky:paul {107}

Current you need to explicitly tell the kernel you want a nosuid/nodev
mount, i.e. mount -o nosuid,nodev /dev/cgd0a /pics

See thread with the title "mount(2) on kauth(9)" on tech-kern in 2006/12
for more information.

-- 
Antti Kantee <pooka@iki.fi>                     Of course he runs NetBSD
http://www.iki.fi/pooka/                          http://www.NetBSD.org/
    "la qualité la plus indispensable du cuisinier est l'exactitude"