Subject: Re: does vfs.generic.usermount work with mount_union?
To: Bill Stouder-Studenmund <email@example.com>
From: Oliver Gould <firstname.lastname@example.org>
Date: 07/31/2007 21:34:25
On 2007-07-31 17:49 -0500, Bill Stouder-Studenmund wrote:
> On Mon, Jul 30, 2007 at 05:32:56PM -0400, Oliver Gould wrote:
> > Blair, Current-users-
> > I am running into an annoying issue with mount_union (on 4.99.20). I
> > see that Blair described the same problem back in January, though:
> > On 2007-01-06 16:36 -0500, Blair Sadewitz wrote:
> > > $ mount -t union -o -b /u/git build
> > > mount_union: /u/git on /home/blair/build: Operation not permitted
> I think the issue is that you need to add -o nodev,nosuid. I'm not 100%
> sure on the flags, but the key issue is that we no longer auto-add the
> user mount restrictions. They now have to be explicitly given.
That's much clearer.
I think that the mount_union(8) manual needs some better explanation of
this. Currently it says:
To enforce filesystem security, the user mounting the filesystem
must be superuser or else have write permission on the
mounted-on directory. In addition, the vfs.generic.usermount
sysctl(3) variable must be set to 1 to permit file system
mounting by ordinary users.
That paragraph could probably use a small mention of the kauth(9)
restrictions. At the very least, an additional user-mount example could