RFC: fuse packages
dragoran
dragoran at feuerpokemon.de
Thu Nov 3 10:07:09 UTC 2005
Thorsten Leemhuis wrote:
>Am Samstag, den 29.10.2005, 14:32 -0400 schrieb Jeremy Katz:
>
>
>>On Sat, 2005-10-29 at 19:36 +0200, Thorsten Leemhuis wrote:
>>I'd do one of the following:
>>[...]
>>b) Put the utilities in the fuse package, libs in -libs. There are a
>>number of packages at least in Core which go this route
>>
>>
>Done.
>
>
>
>>> - where store the Docs?
>>>
>>>
>All docs in fuse now, only COPYING.lib in %doc of fuse-libs
>
>
>
>>> - should the devel package named fuse-libs-devel or fuse-devel?
>>>
>>>
>>fuse-devel is the normal pattern
>>
>>
>Changed.
>
>
>
>>>- fuse installs %{_bindir}/fusermount with 4755 -- do we allow that in
>>>extras? And should we add a group "fuse" and allow only members of that
>>>group access to fuse?
>>>
>>>
>>Why does fusermount need to be suid? None of the other mount "helpers"
>>for things like cifs or smb are. They get invoked by mount which is
>>suid and does checking to see if the user should be able to do the mount
>>they're asking for.
>>
>>
>
>This can work this way with fuse, too -- I just tried it with an updated
>version of my package.
>
>But Fuse explicitly wants to allow the user to mount things that are not
>configured in /etc/fstab. I don't really like this but it seems to be
>one of the fuse design goals (AFAICS).
>
>In the default install every user can mount a fuse-filesystem -- e.g.
>with sshfs mount each and every machine that can be reached by the user
>via ssh. That's IMHO to lax.
>
>AFAICS we have three solutions:
>
>1) do it as upstream does (suid root)
>2) create a fusemount group -- only members of that group are allowed to
>mount fuse-filesystems that are not in /etc/fstab
>3) only allow fuse for things listed in /etc/fstab
>
>I tent to do 3) and can also live with 2) (if that's possible -- I
>suppose it is but did not try yet). I don't like 1).
>
>Other opinions?
>
>
>
1) would be the best one if we can make it more secure using the
selinux-policy
If this isn't possible than I would go for 2)
3) is the worse solution... why should I (admin) add fstab lines fore
every ssh host a user can possible want to mount?
More information about the fedora-extras-list
mailing list