On 7/22/23 9:12 AM, Neal Gompa wrote:
On Sat, Jul 22, 2023 at 9:53 AM Florian Weimer <fweimer@xxxxxxxxxx> wrote:
* Matthew Garrett:
a) Does this seem like a good idea?
b) If so, is dealing with it via udev rules the right approach? This way
seems desktop-agnostic
c) Where should it ship, and what should the process be for disabling it
for people who need this functionality?
Maybe a first step would be to disable automounting while the screen is
locked.
Long-term I'd love to see more work put into having FUSE support for
these and leaving the in-kernel fs to stuff we know is trustworthy, but
that's rather more work.
Fedora moved in the opposite direction (from gvfs to unprivileged
mounting via udisks2 IIRC).
Several years ago, SUSE distributions moved to disabling the modules
by default for a number of filesystems, but making it pretty easy to
turn them back on:
https://github.com/openSUSE/suse-module-tools/pull/5
That's approaching it from the wrong angle, IMHO. It's not that you
don't want to be able to mount these filesytems at all, it's that you
don't want let any random unprivileged user do so.
If the system administrator wants to mount $UNCOMMONFS, they should be
able to do so without hassle, but that doesn't mean that a normal user
who got handed a sketchy USB stick at a conference should be able to do
so with no restrictions at all.
-Eric
We could take a similar approach, maybe...?
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
