On Fri, Jan 22, 2010 at 12:16 AM, Adam Williamson <awilliam@xxxxxxxxxx> wrote: > On Wed, 2010-01-20 at 19:40 +0100, drago01 wrote: >> On Wed, Jan 20, 2010 at 4:15 AM, Adam Williamson <awilliam@xxxxxxxxxx> >> wrote: >> > Hi, everyone. As you may know if you've followed the meetings, FESCo >> has >> > cheerfully punted the privilege escalation policy issue back to us; >> they >> > want us to come up with a draft policy to take back to a FESCo >> meeting. >> >> > * Run an application that listens on a network port lower than 1024 >> > * Mount or unmount anything (excluding automounted hotplugged >> storage >> > devices, and devices explicitly configured by the root user for >> > unprivileged use) >> >> Define "anything" what about fuse mounts? (like sshfs, or those done >> by gvfs) > > Hmm. Should it perhaps talk instead about mounting anything outside of > the user's own home directory? Yes that would cover this cases; but one should not be allowed to mount devices like internal storage without being root. -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
