Re: [PATCHv2 1/5] VFS: DazukoFS, stackable-fs, file access control

[Jan Engelhardt]

On Friday 2009-02-13 20:31, John Ogness wrote:
>
>If we want to forbid users from being able to do this, I think it
>would be simpler just to fail the mount if it is _not_ specified for
>direct stacking. This forces users to use a syntax that makes it very
>clear what they are doing.
>
>Since mounting to a different directory could cause problems, I think
>it will be good to forbid it. I will make this change for the next
>patch series.

You could write an additional mount helper (and putting that into
/sbin/mount.dazukofs) that does all the security checks:

 - that the device is the same as mountpoint
 - that the device belonging to the underlying '/mnt' is not
   mounted anywhere else (in this namespace, at least)
 - exit(1) otherwise

Sure, it may not protect against all the cases Al can come up with,
but it is better than having nothing.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/