In article <20070220221043.GH16404@cs.hut.fi>,
Antti Kantee  <pooka@cs.hut.fi> wrote:
>On Tue Feb 20 2007 at 16:08:34 -0600, Jeremy C. Reed wrote:
>> > Current you need to explicitly tell the kernel you want a nosuid/nodev
>> > mount, i.e. mount -o nosuid,nodev /dev/cgd0a /pics
>> > 
>> > See thread with the title "mount(2) on kauth(9)" on tech-kern in 2006/12
>> > for more information.
>> 
>> Is this documented in man page or other official documentation?
>
>I have no idea.  I'm still hoping it will be fixed to be like it used
>to be: those flags being implicitly set for a non-superuser mount.

We can create trymount(3) which would try the nodev,nosuid,ro flags
if mount fails with EPERM... That is ugly though. We need to re-think
how to do this properly.

christos