On Wed, Sep 06, 2023 at 05:06:29PM +0200, Christian Brauner wrote: > So adding another RFE to libmount to add support for a global allowlist > or denylist of filesystems and refuse to mount anything else might also > be a good thing. Actually, might go and do this now. > > So that we can slowly move userspace towards a smaller set of > filesystems and then distros can start turning off more and more > filesystems. A global list is good, maintaining it in util-linux is stupid. This needs to be in the kernel as that's where we have all the data. IMHO a flag in struct file_system_type thast gets exposed in /proc/filesystems and maybe even a flag to the new mount API to tell "this is an automount" and refuse it it the trusted flag is not set will work much better. That way we can also easily upgrade/downgrade the status of a file system as needed.
