From: bugzilla-daemon@bugzilla.kernel.org
To: linux-ext4@vger.kernel.org
Subject: [Bug 203585] Feature Request for filesystems that support noexec/exec mount options
Date: Sun, 12 May 2019 18:12:14 +0000 [thread overview]
Message-ID: <bug-203585-13602-cSpE0mTG0w@https.bugzilla.kernel.org/> (raw)
In-Reply-To: <bug-203585-13602@https.bugzilla.kernel.org/>
https://bugzilla.kernel.org/show_bug.cgi?id=203585
--- Comment #2 from Thomas Spear (Speeddymon@gmail.com) ---
Thanks for updating so quickly.
An acceptable workaround for the uid mapping would be to just list the uids in
the fstab.
I appreciate the suggestion to modify the web app, and yes it would be great if
we could. Unfortunately its a 3rd party app with vendor support, and its hard
coded to write to the root of /tmp -- we can't even get it to write to a
folder, though I am considering suggesting a chrooted environment for the app
so that we can virtualize the access to /tmp that way.
I saw mention of getting around it by using bind mounts over on stack overflow,
but that would also require the ability to make it write somewhere other than
/tmp.
The app team is trying to push for acceptance of the risk of removing noexec
from /tmp (RHEL7 defaults to noexec for /tmp so its a change to the current
policy), but everything I've ever understood about /tmp being world writable
tells me that noexec on /tmp is a sane default and should be left that way.
Anyways, I could see having noexec_user= for exec filesystems being useful in a
variety of circumstances, but the rest of the request is a bit niche, so I
don't guess it would get much support from the community.
Thanks again for the help.
--
You are receiving this mail because:
You are watching the assignee of the bug.
prev parent reply other threads:[~2019-05-12 18:12 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-05-12 17:21 [Bug 203585] New: Feature Request for filesystems that support noexec/exec mount options bugzilla-daemon
2019-05-12 17:46 ` [Bug 203585] " bugzilla-daemon
2019-05-12 18:12 ` bugzilla-daemon [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=bug-203585-13602-cSpE0mTG0w@https.bugzilla.kernel.org/ \
--to=bugzilla-daemon@bugzilla.kernel.org \
--cc=linux-ext4@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.