Am 13.10.2014 um 10:35 schrieb OGAWA Hirofumi: > Richard Weinberger <richard@xxxxxx> writes: > >>> I'm still not sure whether this is right direction or not though, >>> because mount operation is root only and untrusted image should run fsck >>> before. But, also, Oops is clearly unexpected. Hmmm... >> >> This limitation is not true anymore. Plug in a USB stick into a recent >> Linux desktop, it will automatically mount it... Also think of user >> namespaces and FUSE. > > Not really (well, true, some sort though). It is still controlled by root > or capability, right? I.e. still controlled by admin of system. Fact is, I can plugin a USB stick to my buddies Laptop and make it trigger a BUG_ON. :) > I read user namespaces last time, it doesn't allow to mount the block > device by namespace's root. > > FUSE is allowed to mount by true user (I.e. admin can't disallow it)? I > still didn't check it fully. The question is how long these limits will stay... User namespaces uncovered already a pile of issues wrt. to mounting. Thanks, //richard -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
