On Sat, 2014-01-25 at 10:37 -0800, Josh Stone wrote: > Ok, sure, you can mount -o nosuid,noexec,nodev ... but this isn't the > default for btrfs subvolume paths AFAIK. It needs to be a conscious > decision in whatever snapshot design we choose. This is definitely an issue with the OSTree design, since everything shares a physical partition (you can choose whatever block storage you want) - it's just hard links. I just filed: https://bugzilla.gnome.org/show_bug.cgi?id=722984 for this. But really, now that KDBus is on the way, we can start using it for system services to replace many setuid binaries, like unix_chkpwd without losing the auditing trail and such that old indirection via dbus-daemon required. That's a subject for a different thread though. -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
