From owner-freebsd-fs@FreeBSD.ORG  Sat Jan 31 18:59:47 2004
Return-Path: <owner-freebsd-fs@FreeBSD.ORG>
Delivered-To: freebsd-fs@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 2A94A16A4CE
	for <freebsd-fs@freebsd.org>; Sat, 31 Jan 2004 18:59:47 -0800 (PST)
Received: from fledge.watson.org (fledge.watson.org [204.156.12.50])
	by mx1.FreeBSD.org (Postfix) with ESMTP id E24B043D1D
	for <freebsd-fs@freebsd.org>; Sat, 31 Jan 2004 18:59:45 -0800 (PST)
	(envelope-from robert@fledge.watson.org)
Received: from fledge.watson.org (localhost [127.0.0.1])
	by fledge.watson.org (8.12.10/8.12.10) with ESMTP id i112vHUd017911;
	Sat, 31 Jan 2004 21:57:17 -0500 (EST)
	(envelope-from robert@fledge.watson.org)
Received: from localhost (robert@localhost)i112vH20017908;
	Sat, 31 Jan 2004 21:57:17 -0500 (EST)
	(envelope-from robert@fledge.watson.org)
Date: Sat, 31 Jan 2004 21:57:17 -0500 (EST)
From: Robert Watson <rwatson@freebsd.org>
X-Sender: robert@fledge.watson.org
To: Pawel Jakub Dawidek <nick@garage.freebsd.pl>
In-Reply-To: <20040131133158.GE72053@garage.freebsd.pl>
Message-ID: <Pine.NEB.3.96L.1040131215551.17012C-100000@fledge.watson.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
cc: freebsd-fs@freebsd.org
Subject: Re: Analysis of mounts/unmounts issues.
X-BeenThere: freebsd-fs@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Filesystems <freebsd-fs.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-fs>,
	<mailto:freebsd-fs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-fs>
List-Post: <mailto:freebsd-fs@freebsd.org>
List-Help: <mailto:freebsd-fs-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-fs>,
	<mailto:freebsd-fs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 01 Feb 2004 02:59:47 -0000


On Sat, 31 Jan 2004, Pawel Jakub Dawidek wrote:

> Ok, I got complete solution. 
> 
> While I was looking on mksnap_ffs issue, I've found that we've MNT_USER
> flag to mark file systems mounted by unprivileged users.  This flag is
> not used currently. 
> 
> Patch is here: 
> 
> 	http://garage.freebsd.pl/patches/mount.patch
> 
> Patch made use of MNT_USER flag, so if file system is mounted by
> unprivileged root, it can be unmounted by him as well.  Mount(8) has
> been modified to print 'mounted by <user>' for unprivileged root also. 

I like this much better, and think the fix looks generally good.  I think
leaving mount/umount disabled in jail for now, regardless of the MNT_USER
fix, is a good idea to be on the conservative side, but it might well be
worth continuing to explore usermount in jail in the future.  The risk, as
already observed, is that jail's protections rely in large part on very
careful management of the file system namespace, and mount/umount on that
namespace implies a lot of risk. 

Robert N M Watson             FreeBSD Core Team, TrustedBSD Projects
robert@fledge.watson.org      Senior Research Scientist, McAfee Research