From c13f6dd258f94ab8a74145fab78a838bf2241346 Mon Sep 17 00:00:00 2001 From: fvdl Date: Wed, 16 Feb 2000 11:57:45 +0000 Subject: [PATCH] Introduce a sysctl to enable/disable if non-root users can mount filesystems. Default: off. --- sys/kern/vfs_subr.c | 6 +++++- sys/kern/vfs_syscalls.c | 6 +++++- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/sys/kern/vfs_subr.c b/sys/kern/vfs_subr.c index 316c826fe2d3..ee755c4c3111 100644 --- a/sys/kern/vfs_subr.c +++ b/sys/kern/vfs_subr.c @@ -1,4 +1,4 @@ -/* $NetBSD: vfs_subr.c,v 1.116 1999/12/15 07:10:32 perseant Exp $ */ +/* $NetBSD: vfs_subr.c,v 1.117 2000/02/16 11:57:45 fvdl Exp $ */ /*- * Copyright (c) 1997, 1998 The NetBSD Foundation, Inc. @@ -124,6 +124,8 @@ int vttoif_tab[9] = { int doforce = 1; /* 1 => permit forcible unmounting */ int prtactive = 0; /* 1 => print out reclaim of active vnodes */ +extern int dovfsusermount; /* 1 => permit any user to mount filesystems */ + /* * Insq/Remq for the vnode usage lists. */ @@ -1753,6 +1755,8 @@ vfs_sysctl(name, namelen, oldp, oldlenp, newp, newlen, p) /* The rest are generic vfs sysctls. */ switch (name[1]) { + case VFS_USERMOUNT: + return sysctl_int(oldp, oldlenp, newp, newlen, &dovfsusermount); #if defined(COMPAT_09) || defined(COMPAT_43) || defined(COMPAT_44) case VFS_MAXTYPENUM: /* diff --git a/sys/kern/vfs_syscalls.c b/sys/kern/vfs_syscalls.c index 41bc4ea0c586..9ef575a7bd34 100644 --- a/sys/kern/vfs_syscalls.c +++ b/sys/kern/vfs_syscalls.c @@ -1,4 +1,4 @@ -/* $NetBSD: vfs_syscalls.c,v 1.149 2000/02/01 01:24:38 assar Exp $ */ +/* $NetBSD: vfs_syscalls.c,v 1.150 2000/02/16 11:57:46 fvdl Exp $ */ /* * Copyright (c) 1989, 1993 @@ -78,6 +78,8 @@ static int rename_files __P((const char *, const char *, struct proc *, int)); void checkdirs __P((struct vnode *)); int dounmount __P((struct mount *, int, struct proc *)); +int dovfsusermount = 0; + /* * Virtual File System System Calls */ @@ -140,6 +142,8 @@ sys_mount(p, v, retval) struct nameidata nd; struct vfsops *vfs; + if (dovfsusermount == 0 && (error = suser(p->p_ucred, &p->p_acflag))) + return (error); /* * Get vnode to be covered */