nixos: make fstab owner/user/users mount options assert setuid mount/umount #9998
Conversation
|
This looks nice to me. |
|
Hm, not sure if we want to promote the use of setuid mount... (See my comment at #9848 (comment)). |
| @@ -134,6 +134,22 @@ in | |||
|
|
|||
| config = { | |||
|
|
|||
| assertions = [ | |||
| { assertion = | |||
| builtins.any (fs: [] != intersectLists (splitString "," fs.options) | |||
There was a problem hiding this comment.
This should be any, not builtins.any. Idem for the other uses of builtins.
There was a problem hiding this comment.
There was a problem hiding this comment.
|
More than (u)mount being setuid by default or not, I care about giving
the user the choice, and trusting that the user is smart enough to
make that decision. If a user is asking for something as widespread
as this, I'd say tell them what they need to do to get there, not what
they should be doing instead. I'd wager that NixOS users are above
average and that most understand the implications of setuid.
On security, I still don't see how setuid (u)mount specifically are
less secure than invoking udisks, dbus, logind, and polkit to do the
same task. Let's minimize the amount of code running as root too.
|
…umount Otherwise, the fstab flags will be present, but the mounting abilities won't be granted to non-root users. Fixes NixOS#9848.
khumba
force-pushed
the
fstab-user-setuid-check
branch
from
8b02e62
to
5b3f0be
Compare
|
Security: IMHO one advantage is the reduction of code runnable as root to tools/daemons specialized for that. |
|
👍 gives hint to the user about a quite widespread option in linux systems. |
|
I'm 👎. I don't think we should introduce a legacy mechanism like setuid mount. It will lead to people giving users bad advice ("if you want to mount a USB stick, just make |
Otherwise, the fstab flags will be present, but the mounting abilities
won't be granted to non-root users. Fixes #9848.