Subject: Re: does vfs.generic.usermount work with mount_union?
To: Manuel Bouyer <firstname.lastname@example.org>
From: Bill Studenmund <email@example.com>
Date: 01/08/2007 19:31:25
Content-Type: text/plain; charset=us-ascii
On Sun, Jan 07, 2007 at 12:41:41PM +0100, Manuel Bouyer wrote:
> On Sun, Jan 07, 2007 at 02:36:08AM +0100, Kurt Schreiner wrote:
> > On Sat, Jan 06, 2007 at 04:36:27PM -0500, Blair Sadewitz wrote:
> > > [...]
> > >=20
> > > Why is this returning EPERM?
> > Because you are trying to mout w/o having nodev,nosuid defined for
> > the file system you try to mount? This is a new requirement since
> > a few days when the code was changed to use KAUTH...
> Hum, I think the previous code added this automatically for user mounts .=
Yes, it did. The problem is that adding this would mean that the bsd44=20
security model would be changing mount options as opposed to validating=20
them, which is very gross. It also weakens security as a rogue security=20
model could now do more than just be obstinant and deny access; it could=20
actually weaken security.
kauth doesn't really have a way to say, "This is ok if you change this."=20
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (NetBSD)
-----END PGP SIGNATURE-----