On 2007-07-31 17:49 -0500, Bill Stouder-Studenmund wrote:
> On Mon, Jul 30, 2007 at 05:32:56PM -0400, Oliver Gould wrote:
> > Blair, Current-users-
> > 
> > I am running into an annoying issue with mount_union (on 4.99.20).  I
> > see that Blair described the same problem back in January, though:
> > 
> > On 2007-01-06 16:36 -0500, Blair Sadewitz wrote:
> > > $ mount -t union -o -b /u/git build
> > > mount_union: /u/git on /home/blair/build: Operation not permitted
> 
> I think the issue is that you need to add -o nodev,nosuid. I'm not 100% 
> sure on the flags, but the key issue is that we no longer auto-add the 
> user mount restrictions. They now have to be explicitly given.

That's much clearer.

I think that the mount_union(8) manual needs some better explanation of
this.  Currently it says:

	To enforce filesystem security, the user mounting the filesystem
	must be superuser or else have write permission on the
	mounted-on directory.  In addition, the vfs.generic.usermount
	sysctl(3) variable must be set to 1 to permit file system
	mounting by ordinary users.

That paragraph could probably use a small mention of the kauth(9)
restrictions.  At the very least, an additional user-mount example could
be provided.

Thanks,
  - Oliver