-
-
Notifications
You must be signed in to change notification settings - Fork 12.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
nixos: make fstab owner/user/users mount options assert setuid mount/umount #9998
Conversation
This looks nice to me. |
Hm, not sure if we want to promote the use of setuid mount... (See my comment at #9848 (comment)). |
@@ -134,6 +134,22 @@ in | |||
|
|||
config = { | |||
|
|||
assertions = [ | |||
{ assertion = | |||
builtins.any (fs: [] != intersectLists (splitString "," fs.options) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This should be any
, not builtins.any
. Idem for the other uses of builtins.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
More than (u)mount being setuid by default or not, I care about giving
the user the choice, and trusting that the user is smart enough to
make that decision. If a user is asking for something as widespread
as this, I'd say tell them what they need to do to get there, not what
they should be doing instead. I'd wager that NixOS users are above
average and that most understand the implications of setuid.
On security, I still don't see how setuid (u)mount specifically are
less secure than invoking udisks, dbus, logind, and polkit to do the
same task. Let's minimize the amount of code running as root too.
|
…umount Otherwise, the fstab flags will be present, but the mounting abilities won't be granted to non-root users. Fixes NixOS#9848.
8b02e62
to
5b3f0be
Compare
Security: IMHO one advantage is the reduction of code runnable as root to tools/daemons specialized for that. |
👍 gives hint to the user about a quite widespread option in linux systems. |
I'm 👎. I don't think we should introduce a legacy mechanism like setuid mount. It will lead to people giving users bad advice ("if you want to mount a USB stick, just make |
Otherwise, the fstab flags will be present, but the mounting abilities
won't be granted to non-root users. Fixes #9848.