Chapman Flack wrote:

> theo borm wrote:
>
>> Hmm.Then basically the answer should be "don't set 
>> vfs.generic.usermount"
>> if you dont want your (malicious/ignorant) users to panic your system.
>
>
> I wonder if there {is|could be|should be} some way to extend the idea
> of the usermount sysctl with a per-filesystem-type variant....

could be.

>
> quick fix, leave usermount off and set something up with sudo....

That's something I would also like to avoid. Securing sudo scripts with
user input (which thing mounted how and where) without opening
other holes is probably not that easy

cheers, Theo