53 lines
2.6 KiB
Diff
53 lines
2.6 KiB
Diff
From 1ade50a36f23fc35abb465aa5b7cfc73b2476328 Mon Sep 17 00:00:00 2001
|
|
From: Martin Wilck <mwilck@suse.com>
|
|
Date: Fri, 1 Feb 2019 12:09:11 +0100
|
|
Subject: [PATCH] Add documentation on blacklisted modules to mount(8) man page
|
|
|
|
Signed-off-by: Martin Wilck <mwilck@suse.com>
|
|
---
|
|
sys-utils/mount.8 | 28 +++++++++++++++++++++++++++-
|
|
1 file changed, 27 insertions(+), 1 deletion(-)
|
|
|
|
--- a/sys-utils/mount.8
|
|
+++ b/sys-utils/mount.8
|
|
@@ -205,6 +205,32 @@ Since util\-linux 2.35, \fBmount\fP does
|
|
For more details, see \fBfstab\fP(5). Only the user that mounted a filesystem can unmount it again. If any user should be able to unmount it, then use \fBusers\fP instead of \fBuser\fP in the \fIfstab\fP line. The \fBowner\fP option is similar to the \fBuser\fP option, with the restriction that the user must be the owner of the special file. This may be useful e.g. for \fI/dev/fd\fP if a login script makes the console user owner of this device. The \fBgroup\fP option is similar, with the restriction that the user must be a member of the group of the special file.
|
|
.sp
|
|
The \fBuser\fP mount option is accepted if no username is specified. If used in the format \fBuser=someone\fP, the option is silently ignored and visible only for external mount helpers (/sbin/mount.<type>) for compatibility with some network filesystems.
|
|
+.SS Blacklisted file systems
|
|
+In the Linux kernel, file system types are implemented as kernel
|
|
+modules. While many of these file systems are well maintained,
|
|
+some of the older and less frequently used ones are not. This
|
|
+poses a security risk, because maliciously crafted file system
|
|
+images might open security holes when mounted either automatically
|
|
+or by an inadvertent user. The
|
|
+.B mount
|
|
+command prints "unsupported file system type 'somefs'" in this case,
|
|
+because it can't distinguish between a really unsupported file system
|
|
+(kernel module non-existent) and a blacklisted file system.
|
|
+
|
|
+Users who need the blacklisted file systems and therefore want
|
|
+to override the blacklisting can either load the blacklisted module
|
|
+directly:
|
|
+.RS
|
|
+
|
|
+.br
|
|
+.BI "modprobe -v" " somefs"
|
|
+.br
|
|
+
|
|
+.RE
|
|
+or override the blacklist configuration by editing files under the
|
|
+.I /etc/modprobe.d
|
|
+directory.
|
|
+
|
|
.SS "Bind mount operation"
|
|
.sp
|
|
Remount part of the file hierarchy somewhere else. The call is:
|
|
@@ -2571,4 +2597,4 @@ For bug reports, use the issue tracker a
|
|
.SH "AVAILABILITY"
|
|
.sp
|
|
The \fBmount\fP command is part of the util\-linux package which can be downloaded from \c
|
|
-.URL "https://www.kernel.org/pub/linux/utils/util\-linux/" "Linux Kernel Archive" "."
|
|
\ No newline at end of file
|
|
+.URL "https://www.kernel.org/pub/linux/utils/util\-linux/" "Linux Kernel Archive" "."
|