Jonathan Stone <jonathan@DSG.Stanford.EDU> writes:
> Like the kernel enforcing non-root mounts get nodev,nosuid, and
> whatever else a well-behaved wrapper enforces. If the "whatever else"
> varies with local policy or taste, the wrapper seems better than
> putting policy hooks into the kernel.

Certianly, I know people who'd want 'noexec' to be a part of any such
flags (though typically I would not).

Some things do require kernel support, though: e.g. I'd like to see a
way to do user-mountable file systems which include nodev,nosuid, but
which the mounting user can do anything do, including create files as
other UIDs and even make them set-id.  (It'd be Nice to be able to
make file system images without needing root.)


cgd
-- 
Chris Demetriou - cgd@netbsd.org - http://www.netbsd.org/People/Pages/cgd.html
Disclaimer: Not speaking for NetBSD, just expressing my own opinion.