diff options
author | Karel Zak | 2009-01-16 12:21:15 +0100 |
---|---|---|
committer | Karel Zak | 2009-02-04 12:50:14 +0100 |
commit | 0959f8063bf9b4d576822fe742a2bc9f5d1d1dbc (patch) | |
tree | 23e2bb1b3d58f1613dba0bd77d1cfe8324ed8585 /configure.ac | |
parent | fdisk: add 0xaf HFS / HFS partition type (diff) | |
download | kernel-qcow2-util-linux-0959f8063bf9b4d576822fe742a2bc9f5d1d1dbc.tar.gz kernel-qcow2-util-linux-0959f8063bf9b4d576822fe742a2bc9f5d1d1dbc.tar.xz kernel-qcow2-util-linux-0959f8063bf9b4d576822fe742a2bc9f5d1d1dbc.zip |
mount: non-setuid (POSIX file capabilities) support
The mount command does not work properly if you replace suid with
POSIX file capabilities. We still need to check for non-root mounts and
the command has to work in very restricted mode for non-root users.
This patch allows you to remove suid bit from mount and umount. Note
that you need a system with filesystem capability support, e.g.
Fedora 10).
# ls -l /bin/mount
-rwxr-xr-x 1 root root 65192 2008-11-09 22:59 /bin/mount
# getcap /bin/mount
/bin/mount = cap_dac_override,cap_sys_admin+ep
[kzak@redhat.com: all the above comments]
Don't bypass security checks when [u]mount uses POSIX file capabilities
rather than setuid root to permit non-root mounts.
Signed-off-by: Geoff Johnstone <geoff.johnstone@googlemail.com>
Diffstat (limited to 'configure.ac')
0 files changed, 0 insertions, 0 deletions