Subject: Re: does vfs.generic.usermount work with mount_union?
To: Manuel Bouyer <>
From: Bill Studenmund <>
List: current-users
Date: 01/08/2007 19:31:25
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Sun, Jan 07, 2007 at 12:41:41PM +0100, Manuel Bouyer wrote:
> On Sun, Jan 07, 2007 at 02:36:08AM +0100, Kurt Schreiner wrote:
> > On Sat, Jan 06, 2007 at 04:36:27PM -0500, Blair Sadewitz wrote:
> > > [...]
> > >=20
> > > Why is this returning EPERM?
> > Because you are trying to mout w/o having nodev,nosuid defined for
> > the file system you try to mount? This is a new requirement since
> > a few days when the code was changed to use KAUTH...
> Hum, I think the previous code added this automatically for user mounts .=

Yes, it did. The problem is that adding this would mean that the bsd44=20
security model would be changing mount options as opposed to validating=20
them, which is very gross. It also weakens security as a rogue security=20
model could now do more than just be obstinant and deny access; it could=20
actually weaken security.

kauth doesn't really have a way to say, "This is ok if you change this."=20

Take care,


Content-Type: application/pgp-signature
Content-Disposition: inline

Version: GnuPG v1.4.3 (NetBSD)