mount: non-setuid (POSIX file capabilities) support - openslx/kernel-qcow2-util-linux.git

diff options

author	Karel Zak	2009-01-16 12:21:15 +0100
committer	Karel Zak	2009-02-04 12:50:14 +0100
commit	0959f8063bf9b4d576822fe742a2bc9f5d1d1dbc (patch)
tree	23e2bb1b3d58f1613dba0bd77d1cfe8324ed8585 /configure.ac
parent	fdisk: add 0xaf HFS / HFS partition type (diff)
download	kernel-qcow2-util-linux-0959f8063bf9b4d576822fe742a2bc9f5d1d1dbc.tar.gz kernel-qcow2-util-linux-0959f8063bf9b4d576822fe742a2bc9f5d1d1dbc.tar.xz kernel-qcow2-util-linux-0959f8063bf9b4d576822fe742a2bc9f5d1d1dbc.zip

mount: non-setuid (POSIX file capabilities) support

The mount command does not work properly if you replace suid with POSIX file capabilities. We still need to check for non-root mounts and the command has to work in very restricted mode for non-root users. This patch allows you to remove suid bit from mount and umount. Note that you need a system with filesystem capability support, e.g. Fedora 10). # ls -l /bin/mount -rwxr-xr-x 1 root root 65192 2008-11-09 22:59 /bin/mount # getcap /bin/mount /bin/mount = cap_dac_override,cap_sys_admin+ep [kzak@redhat.com: all the above comments] Don't bypass security checks when [u]mount uses POSIX file capabilities rather than setuid root to permit non-root mounts. Signed-off-by: Geoff Johnstone <geoff.johnstone@googlemail.com>

Diffstat (limited to 'configure.ac')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: