llowing unprivileged users to just arbitrarily mount file systems is hence a security issue on many levels.
With v256 we are opening this up nonetheless – within limits. Specifically, there's now a small IPC interface where clients can pass an fd to a disk image file to, and get back a mount fd they can attach to a location in the file system. To lock this down securely, a couple of requirements are enforced however.
Lennart Poettering /
npub1rk…qzenj
2024-05-01 06:04:42
in reply to nevent1q…640q
Author Public Key
npub1rk2uxtv6nk262nucavh259t085a8rhzfaj3vjc9jhzvkyav0rnqqxqzenjPublished at
2024-05-01 06:04:42Event JSON
{
"id": "480e212a9020799f2ec56ac6ef1cb35be55d0dffc3c058c8ce44e6c93c895e8e",
"pubkey": "1d95c32d9a9d95a54f98eb2eaa156f3d3a71dc49eca2c960b2b89962758f1cc0",
"created_at": 1714543482,
"kind": 1,
"tags": [
[
"e",
"fd846c8bf03dfda11962d669d96f8268907d96651a408bdb16559d637c5a58e6",
"wss://relay.mostr.pub",
"reply"
],
[
"proxy",
"https://mastodon.social/users/pid_eins/statuses/112364321649876205",
"activitypub"
]
],
"content": "llowing unprivileged users to just arbitrarily mount file systems is hence a security issue on many levels.\n\nWith v256 we are opening this up nonetheless – within limits. Specifically, there's now a small IPC interface where clients can pass an fd to a disk image file to, and get back a mount fd they can attach to a location in the file system. To lock this down securely, a couple of requirements are enforced however.",
"sig": "7ff2c08f36028722ba4f7f59638f20bd378634d65522ad66aced772392bcea399cc7cc1c8a120654affeaaf08de21a0423725423007e08da34757b4822ee0211"
}