Re: [patch 0/8] mount ownership and unprivileged mount syscall (v4)
From: Karel Zak
Date: Tue Apr 24 2007 - 20:05:40 EST
On Fri, Apr 20, 2007 at 12:25:32PM +0200, Miklos Szeredi wrote:
> The following extra security measures are taken for unprivileged
> mounts:
>
> - usermounts are limited by a sysctl tunable
> - force "nosuid,nodev" mount options on the created mount
The original userspace "user=" solution also implies the "noexec"
option by default (you can override the default by "exec" option).
It means the kernel based solution is not fully compatible ;-(
Karel
--
Karel Zak <kzak@xxxxxxxxxx>
Red Hat Czech s.r.o.
Purkynova 99/71, 612 45 Brno, Czech Republic
Reg.id: CZ27690016
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/