aboutsummaryrefslogtreecommitdiff
path: root/sys/sys
diff options
context:
space:
mode:
authorKirk McKusick <mckusick@FreeBSD.org>2019-07-01 23:22:26 +0000
committerKirk McKusick <mckusick@FreeBSD.org>2019-07-01 23:22:26 +0000
commitdaba4da81d54d184404ac7b9925cb3fb37cb8116 (patch)
tree787368cb031c50143d076b9228170ce8010f2a3d /sys/sys
parent6c4395e3b55b6b69c533f6878497151d7e9f4285 (diff)
downloadsrc-daba4da81d54d184404ac7b9925cb3fb37cb8116.tar.gz
src-daba4da81d54d184404ac7b9925cb3fb37cb8116.zip
Add a new "untrusted" option to the mount command. Its purpose
is to notify the kernel that the file system is untrusted and it should use more extensive checks on the file-system's metadata before using it. This option is intended to be used when mounting file systems from untrusted media such as USB memory sticks or other externally-provided media. It will initially be used by the UFS/FFS file system, but should likely be expanded to be used by other file systems that may appear on external media like msdosfs, exfat, and ext2fs. Reviewed by: kib Sponsored by: Netflix Differential Revision: https://reviews.freebsd.org/D20786
Notes
Notes: svn path=/head/; revision=349589
Diffstat (limited to 'sys/sys')
-rw-r--r--sys/sys/mount.h6
1 files changed, 4 insertions, 2 deletions
diff --git a/sys/sys/mount.h b/sys/sys/mount.h
index 2a5d4cff2a8b..998538eadd47 100644
--- a/sys/sys/mount.h
+++ b/sys/sys/mount.h
@@ -296,6 +296,7 @@ void __mnt_vnode_markerfree_active(struct vnode **mvp, struct mount *);
#define MNT_NOCLUSTERW 0x0000000080000000ULL /* disable cluster write */
#define MNT_SUJ 0x0000000100000000ULL /* using journaled soft updates */
#define MNT_AUTOMOUNTED 0x0000000200000000ULL /* mounted by automountd(8) */
+#define MNT_UNTRUSTED 0x0000000800000000ULL /* filesys metadata untrusted */
/*
* NFS export related mount flags.
@@ -333,7 +334,8 @@ void __mnt_vnode_markerfree_active(struct vnode **mvp, struct mount *);
MNT_NOCLUSTERW | MNT_SUIDDIR | MNT_SOFTDEP | \
MNT_IGNORE | MNT_EXPUBLIC | MNT_NOSYMFOLLOW | \
MNT_GJOURNAL | MNT_MULTILABEL | MNT_ACLS | \
- MNT_NFS4ACLS | MNT_AUTOMOUNTED | MNT_VERIFIED)
+ MNT_NFS4ACLS | MNT_AUTOMOUNTED | MNT_VERIFIED | \
+ MNT_UNTRUSTED)
/* Mask of flags that can be updated. */
#define MNT_UPDATEMASK (MNT_NOSUID | MNT_NOEXEC | \
@@ -342,7 +344,7 @@ void __mnt_vnode_markerfree_active(struct vnode **mvp, struct mount *);
MNT_NOSYMFOLLOW | MNT_IGNORE | \
MNT_NOCLUSTERR | MNT_NOCLUSTERW | MNT_SUIDDIR | \
MNT_ACLS | MNT_USER | MNT_NFS4ACLS | \
- MNT_AUTOMOUNTED)
+ MNT_AUTOMOUNTED | MNT_UNTRUSTED)
/*
* External filesystem command modifier flags.