> attached is a diff that makes mount(2) use kauth(9).
> 
> the only difference between this and the original diff is that the
> flags are no longer passed as pointer -- apart from requiring certain
> order if we introduce logging listeners, this also breaks the kauth(9)
> restrictive policy, as a malicious listener can modify the flags.
> 
> the MNT_NOSUID/MNT_NODEV/MNT_NOEXEC enforcement is done inside the
> secmodel, simply preventing non-root users from doing what earlier
> would be silently enforced. (this is a compromise we'll have to make.)
> 
> if there are no objections, I'll commit this.
> 
> -e.

it seems reasonable to me.
(althouth i haven't use usermount seriously...)

YAMAMOTO Takashi