0959f8063b
The mount command does not work properly if you replace suid with POSIX file capabilities. We still need to check for non-root mounts and the command has to work in very restricted mode for non-root users. This patch allows you to remove suid bit from mount and umount. Note that you need a system with filesystem capability support, e.g. Fedora 10). # ls -l /bin/mount -rwxr-xr-x 1 root root 65192 2008-11-09 22:59 /bin/mount # getcap /bin/mount /bin/mount = cap_dac_override,cap_sys_admin+ep [kzak@redhat.com: all the above comments] Don't bypass security checks when [u]mount uses POSIX file capabilities rather than setuid root to permit non-root mounts. Signed-off-by: Geoff Johnstone <geoff.johnstone@googlemail.com> |
||
---|---|---|
.. | ||
.gitignore | ||
Makefile.am | ||
README.mount | ||
fsprobe.c | ||
fsprobe.h | ||
fsprobe_blkid.c | ||
fsprobe_volumeid.c | ||
fstab.5 | ||
fstab.c | ||
fstab.h | ||
getusername.c | ||
getusername.h | ||
lomount.c | ||
lomount.h | ||
loop.h | ||
losetup.8 | ||
mount.8 | ||
mount.c | ||
mount_constants.h | ||
mount_mntent.c | ||
mount_mntent.h | ||
realpath.c | ||
realpath.h | ||
sundries.c | ||
sundries.h | ||
swap_constants.h | ||
swapoff.8 | ||
swapon.8 | ||
swapon.c | ||
umount.8 | ||
umount.c | ||
xmalloc.c | ||
xmalloc.h |
README.mount
mount/umount for Linux 0.97.3 and later. Authors: Doug Quale <quale@saavik.cs.wisc.edu>, H.J. Lu <hlu@eecs.wsu.edu>, Rick Sladkey <jrs@world.std.com>, Stephen Tweedie <sct@dcs.ed.ac.uk>. Andries Brouwer <aeb@cwi.nl> Adrian Bunk <bunk@stusta.de> Presently in util-linux-ng maintained by Karel Zak <kzak@redhat.com>.