On Mar 11, Wolfgang Solfrank wrote
> [...]
> Another option (more obvious to me at least) would be to inherit the noexec
> attribute from the source.  One disadvantage I can see with this is that
> the code for it would have to be in all the various loopback mounts (nullfs,
> unionfs, ...) and cannot be placed in the filesystem independent code
> before calling the fs-specific mount.

Another disavantage is that this doesn't work for mount_ffs, mount_msdos, ...
If the target directory is owned by the user and files in it can be executed,
then mount_null doesn't allow more things than it should.

--
Manuel Bouyer, LIP6, Universite Paris VI.           Manuel.Bouyer@lip6.fr
--