Introduce a sysctl to enable/disable if non-root users can mount filesystems.

Default: off.
2000-02-16 11:57:45 +00:00 · 2000-02-16 11:57:45 +00:00 · c13f6dd258
commit c13f6dd258
parent c59358ebde
2 changed files with 10 additions and 2 deletions
--- a/sys/kern/vfs_subr.c
+++ b/sys/kern/vfs_subr.c
@ -1,4 +1,4 @@
-/*	$NetBSD: vfs_subr.c,v 1.116 1999/12/15 07:10:32 perseant Exp $	*/
+/*	$NetBSD: vfs_subr.c,v 1.117 2000/02/16 11:57:45 fvdl Exp $	*/

 /*-
 * Copyright (c) 1997, 1998 The NetBSD Foundation, Inc.
@ -124,6 +124,8 @@ int	vttoif_tab[9] = {
 int doforce = 1;		/* 1 => permit forcible unmounting */
 int prtactive = 0;		/* 1 => print out reclaim of active vnodes */

+extern int dovfsusermount;	/* 1 => permit any user to mount filesystems */
+
 /*
 * Insq/Remq for the vnode usage lists.
 */
@ -1753,6 +1755,8 @@ vfs_sysctl(name, namelen, oldp, oldlenp, newp, newlen, p)

 	/* The rest are generic vfs sysctls. */
 	switch (name[1]) {
+	case VFS_USERMOUNT:
+		return sysctl_int(oldp, oldlenp, newp, newlen, &dovfsusermount);
 #if defined(COMPAT_09) || defined(COMPAT_43) || defined(COMPAT_44)
 	case VFS_MAXTYPENUM:
 		/*
--- a/sys/kern/vfs_syscalls.c
+++ b/sys/kern/vfs_syscalls.c
@ -1,4 +1,4 @@
-/*	$NetBSD: vfs_syscalls.c,v 1.149 2000/02/01 01:24:38 assar Exp $	*/
+/*	$NetBSD: vfs_syscalls.c,v 1.150 2000/02/16 11:57:46 fvdl Exp $	*/

 /*
 * Copyright (c) 1989, 1993
@ -78,6 +78,8 @@ static int rename_files __P((const char *, const char *, struct proc *, int));
 void checkdirs __P((struct vnode *));
 int dounmount __P((struct mount *, int, struct proc *));

+int dovfsusermount = 0;
+
 /*
 * Virtual File System System Calls
 */
@ -140,6 +142,8 @@ sys_mount(p, v, retval)
 	struct nameidata nd;
 	struct vfsops *vfs;

+	if (dovfsusermount == 0 && (error = suser(p->p_ucred, &p->p_acflag)))
+		return (error);
 	/*
 	 * Get vnode to be covered
 	 */