https://bugzilla.kernel.org/show_bug.cgi?id=203585 Theodore Tso (tytso@xxxxxxx) changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED CC| |tytso@xxxxxxx Resolution|--- |WILL_NOT_FIX --- Comment #1 from Theodore Tso (tytso@xxxxxxx) --- This is not at all trivial to implement, for a number of reasons: *) The kernel doesn't have access to the username to uid map. It might be in /etc/passwd; but you might also be using LDAP or Yellow Pages for the username->uid map. This could done by adding support for this to each file system which implements this feature request's /sbin/mount.FSTYP, but... *) This also begs the question of how to handle user namespaces. The simplest way of solving this problem may be to change the web application to write its temporary file in some other directory, and let that directory be writable only by the web application's user id, and let that directory be mounted without the noexec flag. If you are using tmpfs, you can mount multiple tmpfs instances, and create a special one which has mount options just for that web application, with an fstab entry like this: tmpfs /run/user/1042 tmpfs rw,nosuid,nodev,relatime,size=2048k,mode=700,uid=1042,gid=1042 0 0 -- You are receiving this mail because: You are watching the assignee of the bug.
