RFC: fuse packages

dragoran dragoran at feuerpokemon.de
Thu Nov 3 10:07:09 UTC 2005 

Thorsten Leemhuis wrote:

>Am Samstag, den 29.10.2005, 14:32 -0400 schrieb Jeremy Katz:
>  
>
>>On Sat, 2005-10-29 at 19:36 +0200, Thorsten Leemhuis wrote:
>>I'd do one of the following:
>>[...]
>>b) Put the utilities in the fuse package, libs in -libs.  There are a
>>number of packages at least in Core which go this route
>>    
>>
>Done.
>
>  
>
>>> - where store the Docs? 
>>>      
>>>
>All docs in fuse now, only COPYING.lib in %doc of fuse-libs
>
>  
>
>>> - should the devel package named fuse-libs-devel or fuse-devel?
>>>      
>>>
>>fuse-devel is the normal pattern 
>>    
>>
>Changed.
>
>  
>
>>>- fuse installs %{_bindir}/fusermount with 4755 -- do we allow that in
>>>extras? And should we add a group "fuse" and allow only members of that
>>>group access to fuse?
>>>      
>>>
>>Why does fusermount need to be suid?  None of the other mount "helpers"
>>for things like cifs or smb are.  They get invoked by mount which is
>>suid and does checking to see if the user should be able to do the mount
>>they're asking for.  
>>    
>>
>
>This can work this way with fuse, too -- I just tried it with an updated
>version of my package.
>
>But Fuse explicitly wants to allow the user to mount things that are not
>configured in /etc/fstab. I don't really like this but it seems to be
>one of the fuse design goals (AFAICS). 
>
>In the default install every user can mount a fuse-filesystem -- e.g.
>with sshfs mount each and every machine that can be reached by the user
>via ssh. That's IMHO to lax. 
>
>AFAICS we have three solutions:
>
>1) do it as upstream does (suid root)
>2) create a fusemount group -- only members of that group are allowed to
>mount fuse-filesystems that are not in /etc/fstab
>3) only allow fuse for things listed in /etc/fstab
>
>I tent to do 3) and can also live with 2) (if that's possible -- I
>suppose it is but did not try yet). I don't like 1).
>
>Other opinions?
>
>  
>
1) would be the best one if we can make it more secure using the 
selinux-policy
If this isn't possible than I would go for 2)
3) is the worse solution... why should I (admin) add fstab lines fore 
every ssh host a user can possible want to mount?

More information about the fedora-extras-list mailing list