On Sun, Jul 23, 2023 at 11:08 AM Eric Sandeen <esandeen@xxxxxxxxxx> wrote: > > On 7/22/23 9:12 AM, Neal Gompa wrote: > > On Sat, Jul 22, 2023 at 9:53 AM Florian Weimer <fweimer@xxxxxxxxxx> wrote: > >> > >> * Matthew Garrett: > >> > >>> a) Does this seem like a good idea? > >>> b) If so, is dealing with it via udev rules the right approach? This way > >>> seems desktop-agnostic > >>> c) Where should it ship, and what should the process be for disabling it > >>> for people who need this functionality? > >> > >> Maybe a first step would be to disable automounting while the screen is > >> locked. > >> > >>> Long-term I'd love to see more work put into having FUSE support for > >>> these and leaving the in-kernel fs to stuff we know is trustworthy, but > >>> that's rather more work. > >> > >> Fedora moved in the opposite direction (from gvfs to unprivileged > >> mounting via udisks2 IIRC). > >> > > > > Several years ago, SUSE distributions moved to disabling the modules > > by default for a number of filesystems, but making it pretty easy to > > turn them back on: > > https://github.com/openSUSE/suse-module-tools/pull/5 > > That's approaching it from the wrong angle, IMHO. It's not that you > don't want to be able to mount these filesytems at all, it's that you > don't want let any random unprivileged user do so. > > If the system administrator wants to mount $UNCOMMONFS, they should be > able to do so without hassle, but that doesn't mean that a normal user > who got handed a sketchy USB stick at a conference should be able to do > so with no restrictions at all. > So then some kind of configuration to udisks2 to have a similar effect? -- 真実はいつも一つ!/ Always, there's only one truth! _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
