Andy Lutomirski <luto@xxxxxxxxxxxxxx> wrote: > They can call fsinfo() anyway, or just read /proc/self/mounts. As far as I’m > concerned, if you have CAP_SYS_ADMIN over a mount namespace and LSM policy > lets you mount things, the of course you can get information to basically > anyone who can use that mount namespace. And automounts? You don't need CAP_SYS_ADMIN to trigger one of those, but they still generate events. On the other hand, you need CSA to mount something that has automounts in the first place, and if you're particularly concerned about security, you probably don't want the processes you might be suspicious of having access to things that contain automounts (typically network filesystems). David
