> On Fri, Sep 21, 2007 at 03:18:33PM +0200, Miklos Szeredi wrote:
> > > That's something that shouldn't be solved in the filesystem, but rather
> > > through exact semantics of unprivilegued mounts. Given that an
> > > unprivilegued implies ignoring the device files we can easily allow
> > > users to create them, because they're nothing special anymore.
> >
> > Exacly. And we already have an API for that: mknod(2). It would be
> > quite stupid to introduce _another_ API to do the same. It would mean
> > that all the tools, like mknod(8) would not work with the new API.
> >
> > Or am I misunderstanding your suggestion?
>
> Yes :)
>
> My suggestions is:
>
> - mknod for unprivilegued user is allowed in the following case
>
> (1) mount point is mounted with MNT_NODEV
> (2) mount point is owner by the user doing mknod
Ah, OK. Well, that's what fuse would do with the above change. So
you are basically saying, the change is OK, but we want proper
unprivileged mounts first.
> - and maybe
>
> (3) we have a special mount option to allow it if we don't want
> to allow it for normal unprivilegued mounts for some reason
I'm sure we don't want it by default.
For example if user bind mounts / onto /home/user/myroot (with 'nodev'
of couse), we still don't want mknod to work on that mount, for
obvious reasons.
Miklos
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]