Subject: Re: mount(2) on kauth(9)
To: None <elad@NetBSD.org>
From: YAMAMOTO Takashi <yamt@mwd.biglobe.ne.jp>
List: tech-kern
Date: 12/31/2006 05:50:13
> yes. these are the current semantics. a different model may strictly
> deny mounts for non-root users, or just deny them altogether if they
> don't contain nodev/nosuid. (it would always check "only allow non-root
> mounts if dovfsusermount==1 and no privileged options were requested".)
> 
> the problem here is that the semantics are just ugly. we could approach
> it differently: before we respect suid/dev (in kern_exec.c and
> spec_vnops.c - is that enough?) we could issue a KAUTH_SYSTEM_MOUNT_PRIV
> with the desired option. then the mount would not say it's nodev/nosuid,
> but would still ignore them.

do you mean to keep mount-time credential somewhere,
for later KAUTH_SYSTEM_MOUNT_PRIV?

YAMAMOTO Takashi