Lines Matching full:mount
18 Non-privileged mount (or user mount):
31 Mount owner:
41 module (fuse.ko), a userspace library (libfuse.*) and a mount utility
55 The filesystem type given to mount(2) can be one of the following:
58 This is the usual way to mount a FUSE filesystem. The first
59 argument of the mount system call may contain an arbitrary string,
64 mount system call is interpreted as the name of the device.
66 Mount options
78 The numeric user id of the mount owner.
81 The numeric group id of the mount owner.
89 'allow_other' mount option.
111 mount -t fusectl none /sys/fs/fuse/connections
132 Only the owner of the mount may read or write these files.
207 Since the mount() system call is a privileged operation, a helper
210 The implication of providing non-privileged mounts is that the mount
214 A) mount owner should not be able to get elevated privileges with the
217 B) mount owner should not get illegitimate access to information from
220 C) mount owner should not be able to induce undesired behavior in
226 A) The mount owner could gain elevated privileges by either:
234 fusermount always adds "nosuid" and "nodev" to the mount options
240 information is otherwise inaccessible to the mount owner, so this
245 C) There are several ways in which the mount owner can induce
248 1) mounting a filesystem over a file or directory which the mount
253 permissions on the mountpoint and only allowing the mount if
254 the mount owner can do unlimited modification (has write
258 2) Even if 1) is solved the mount owner can change the behavior
264 system file, and then accessing a file on the mount owner's
275 monitored or manipulated by the mount owner. Since if the
276 mount owner can ptrace a process, it can do all of the above
277 without using a FUSE mount, the same criteria as used in
282 prevent C/2/i, it is enough to check if mount owner has enough
294 set, the mounting user can add the 'allow_other' mount option which
300 privileged. If any process could access such an 'allow_other' mount