YAMAMOTO Takashi wrote:
>> YAMAMOTO Takashi wrote:
>>>> +				/* Enforce 'nodev', 'nosuid', for non-root */
>>>> +				*flags |= MNT_NODEV | MNT_NOSUID;
>>> this kind of structure makes the order of listeners important.
>>> i'm not sure if it's a good idea.
>>>
>>> YAMAMOTO Takashi
>> I know. I've discussed it with blymn@ a bit, and the alternatives didn't
>> seem like they'd pass.
> 
> what are alternatives?

I was thinking just plain denying the request if it didn't already have
nodev/nosuid; that'd mean that any time a non-root user is mounting he'd
have to pass these options though.

noexec retaining is a different issue that I'm not sure how to handle.

2nd alternative is what you suggest.

> 
>> do you have any idea how this can be done otherwise?
>>
>> -e.
> 
> having additional kauth calls for these bits?

"can set suid/nodev"? also see above wrt/noexec on update.

-e.