From 3f30dedd56a68ee625bcd82c13f4745d03cbbeb9 Mon Sep 17 00:00:00 2001
From: Karel Zak
Date: Tue, 22 Aug 2017 11:22:26 +0200
Subject: docs: add CAP_SYS_ADMIN to TODO

Signed-off-by: Karel Zak <kzak@redhat.com>
---
 Documentation/TODO | 9 +++++++++
 1 file changed, 9 insertions(+)

(limited to 'Documentation/TODO')

diff --git a/Documentation/TODO b/Documentation/TODO
index 012a000fc..968002e75 100644
--- a/Documentation/TODO
+++ b/Documentation/TODO
@@ -85,6 +85,15 @@ bash completion
 libmount (mount/umount)
 -----------------------
 
+ - support CAP_SYS_ADMIN; for mount(2) syscall the CAP_SYS_ADMIN is good
+   enough. Unfortunately, mount(8) does more things like check for filesystem
+   type (but it's usually done by udev, so root perms are unnecessary), create
+   loop devices, write to /run/mount/utab or /etc/mtab, etc.
+
+   It would be nice to improve libmount to check for CAP_SYS_ADMIN if suid not
+   set and allow to use it for simple tasks where no another operation is
+   necessary.
+
  - allow to execute mount(2) in another namespace, something like:
 	mount --namespace=/proc/$n/ns/mnt  /dev/sda2 /bar
    see https://bugzilla.redhat.com/show_bug.cgi?id=1199554 for more details.
-- 
cgit v1.2.3-55-g7522