Richard Weinberger <richard@xxxxxx> writes: > Am 13.10.2014 um 10:35 schrieb OGAWA Hirofumi: >> Richard Weinberger <richard@xxxxxx> writes: >> >>>> I'm still not sure whether this is right direction or not though, >>>> because mount operation is root only and untrusted image should run fsck >>>> before. But, also, Oops is clearly unexpected. Hmmm... >>> >>> This limitation is not true anymore. Plug in a USB stick into a recent >>> Linux desktop, it will automatically mount it... Also think of user >>> namespaces and FUSE. >> >> Not really (well, true, some sort though). It is still controlled by root >> or capability, right? I.e. still controlled by admin of system. > > Fact is, I can plugin a USB stick to my buddies Laptop and make it trigger a BUG_ON. :) > >> I read user namespaces last time, it doesn't allow to mount the block >> device by namespace's root. >> >> FUSE is allowed to mount by true user (I.e. admin can't disallow it)? I >> still didn't check it fully. > > The question is how long these limits will stay... > User namespaces uncovered already a pile of issues wrt. to mounting. Well, anyway, I don't object like that simple patch. My worry is, I feel we need something like online-fsck finally if we tackled fully to avoid issues (I still didn't analyze about this issue seriously and fully), and measurable overheads. And I myself have interest to online/runtime-fsck (i.e. detect and fix) though, I don't have interest to make it generic operations, and I would not have interest to tackle for all FSes... -- OGAWA Hirofumi <hirofumi@xxxxxxxxxxxxxxxxxx> -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
