diff options
author | Kirk McKusick <mckusick@FreeBSD.org> | 2019-07-01 23:22:26 +0000 |
---|---|---|
committer | Kirk McKusick <mckusick@FreeBSD.org> | 2019-07-01 23:22:26 +0000 |
commit | daba4da81d54d184404ac7b9925cb3fb37cb8116 (patch) | |
tree | 787368cb031c50143d076b9228170ce8010f2a3d /sbin/mount | |
parent | 6c4395e3b55b6b69c533f6878497151d7e9f4285 (diff) | |
download | src-daba4da81d54d184404ac7b9925cb3fb37cb8116.tar.gz src-daba4da81d54d184404ac7b9925cb3fb37cb8116.zip |
Add a new "untrusted" option to the mount command. Its purpose
is to notify the kernel that the file system is untrusted and it
should use more extensive checks on the file-system's metadata
before using it. This option is intended to be used when mounting
file systems from untrusted media such as USB memory sticks or other
externally-provided media.
It will initially be used by the UFS/FFS file system, but should
likely be expanded to be used by other file systems that may appear
on external media like msdosfs, exfat, and ext2fs.
Reviewed by: kib
Sponsored by: Netflix
Differential Revision: https://reviews.freebsd.org/D20786
Notes
Notes:
svn path=/head/; revision=349589
Diffstat (limited to 'sbin/mount')
-rw-r--r-- | sbin/mount/mntopts.h | 4 | ||||
-rw-r--r-- | sbin/mount/mount.8 | 6 | ||||
-rw-r--r-- | sbin/mount/mount.c | 2 |
3 files changed, 11 insertions, 1 deletions
diff --git a/sbin/mount/mntopts.h b/sbin/mount/mntopts.h index 418bf8012232..924ead253890 100644 --- a/sbin/mount/mntopts.h +++ b/sbin/mount/mntopts.h @@ -58,6 +58,7 @@ struct mntopt { #define MOPT_ACLS { "acls", 0, MNT_ACLS, 0 } #define MOPT_NFS4ACLS { "nfsv4acls", 0, MNT_NFS4ACLS, 0 } #define MOPT_AUTOMOUNTED { "automounted",0, MNT_AUTOMOUNTED, 0 } +#define MOPT_UNTRUSTED { "untrusted", 0, MNT_UNTRUSTED, 0 } /* Control flags. */ #define MOPT_FORCE { "force", 0, MNT_FORCE, 0 } @@ -93,7 +94,8 @@ struct mntopt { MOPT_MULTILABEL, \ MOPT_ACLS, \ MOPT_NFS4ACLS, \ - MOPT_AUTOMOUNTED + MOPT_AUTOMOUNTED, \ + MOPT_UNTRUSTED void getmntopts(const char *, const struct mntopt *, int *, int *); void rmslashes(char *, char *); diff --git a/sbin/mount/mount.8 b/sbin/mount/mount.8 index 27b5885240b6..7ff94fb7c165 100644 --- a/sbin/mount/mount.8 +++ b/sbin/mount/mount.8 @@ -355,6 +355,12 @@ Lookups will be done in the mounted file system first. If those operations fail due to a non-existent file the underlying directory is then accessed. All creates are done in the mounted file system. +.It Cm untrusted +The file system is untrusted and the kernel should use more +extensive checks on the file-system's metadata before using it. +This option is intended to be used when mounting file systems +from untrusted media such as USB memory sticks or other +externally-provided media. .El .Pp Any additional options specific to a file system type that is not diff --git a/sbin/mount/mount.c b/sbin/mount/mount.c index adab70d5eba5..3f35baccce22 100644 --- a/sbin/mount/mount.c +++ b/sbin/mount/mount.c @@ -118,6 +118,7 @@ static struct opt { { MNT_GJOURNAL, "gjournal" }, { MNT_AUTOMOUNTED, "automounted" }, { MNT_VERIFIED, "verified" }, + { MNT_UNTRUSTED, "untrusted" }, { 0, NULL } }; @@ -972,6 +973,7 @@ flags2opts(int flags) if (flags & MNT_MULTILABEL) res = catopt(res, "multilabel"); if (flags & MNT_ACLS) res = catopt(res, "acls"); if (flags & MNT_NFS4ACLS) res = catopt(res, "nfsv4acls"); + if (flags & MNT_UNTRUSTED) res = catopt(res, "untrusted"); return (res); } |