aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--sbin/mount/mntopts.h4
-rw-r--r--sbin/mount/mount.86
-rw-r--r--sbin/mount/mount.c2
-rw-r--r--sys/sys/mount.h6
-rw-r--r--sys/ufs/ffs/ffs_vfsops.c5
5 files changed, 19 insertions, 4 deletions
diff --git a/sbin/mount/mntopts.h b/sbin/mount/mntopts.h
index 418bf8012232..924ead253890 100644
--- a/sbin/mount/mntopts.h
+++ b/sbin/mount/mntopts.h
@@ -58,6 +58,7 @@ struct mntopt {
#define MOPT_ACLS { "acls", 0, MNT_ACLS, 0 }
#define MOPT_NFS4ACLS { "nfsv4acls", 0, MNT_NFS4ACLS, 0 }
#define MOPT_AUTOMOUNTED { "automounted",0, MNT_AUTOMOUNTED, 0 }
+#define MOPT_UNTRUSTED { "untrusted", 0, MNT_UNTRUSTED, 0 }
/* Control flags. */
#define MOPT_FORCE { "force", 0, MNT_FORCE, 0 }
@@ -93,7 +94,8 @@ struct mntopt {
MOPT_MULTILABEL, \
MOPT_ACLS, \
MOPT_NFS4ACLS, \
- MOPT_AUTOMOUNTED
+ MOPT_AUTOMOUNTED, \
+ MOPT_UNTRUSTED
void getmntopts(const char *, const struct mntopt *, int *, int *);
void rmslashes(char *, char *);
diff --git a/sbin/mount/mount.8 b/sbin/mount/mount.8
index 27b5885240b6..7ff94fb7c165 100644
--- a/sbin/mount/mount.8
+++ b/sbin/mount/mount.8
@@ -355,6 +355,12 @@ Lookups will be done in the mounted file system first.
If those operations fail due to a non-existent file the underlying
directory is then accessed.
All creates are done in the mounted file system.
+.It Cm untrusted
+The file system is untrusted and the kernel should use more
+extensive checks on the file-system's metadata before using it.
+This option is intended to be used when mounting file systems
+from untrusted media such as USB memory sticks or other
+externally-provided media.
.El
.Pp
Any additional options specific to a file system type that is not
diff --git a/sbin/mount/mount.c b/sbin/mount/mount.c
index adab70d5eba5..3f35baccce22 100644
--- a/sbin/mount/mount.c
+++ b/sbin/mount/mount.c
@@ -118,6 +118,7 @@ static struct opt {
{ MNT_GJOURNAL, "gjournal" },
{ MNT_AUTOMOUNTED, "automounted" },
{ MNT_VERIFIED, "verified" },
+ { MNT_UNTRUSTED, "untrusted" },
{ 0, NULL }
};
@@ -972,6 +973,7 @@ flags2opts(int flags)
if (flags & MNT_MULTILABEL) res = catopt(res, "multilabel");
if (flags & MNT_ACLS) res = catopt(res, "acls");
if (flags & MNT_NFS4ACLS) res = catopt(res, "nfsv4acls");
+ if (flags & MNT_UNTRUSTED) res = catopt(res, "untrusted");
return (res);
}
diff --git a/sys/sys/mount.h b/sys/sys/mount.h
index 2a5d4cff2a8b..998538eadd47 100644
--- a/sys/sys/mount.h
+++ b/sys/sys/mount.h
@@ -296,6 +296,7 @@ void __mnt_vnode_markerfree_active(struct vnode **mvp, struct mount *);
#define MNT_NOCLUSTERW 0x0000000080000000ULL /* disable cluster write */
#define MNT_SUJ 0x0000000100000000ULL /* using journaled soft updates */
#define MNT_AUTOMOUNTED 0x0000000200000000ULL /* mounted by automountd(8) */
+#define MNT_UNTRUSTED 0x0000000800000000ULL /* filesys metadata untrusted */
/*
* NFS export related mount flags.
@@ -333,7 +334,8 @@ void __mnt_vnode_markerfree_active(struct vnode **mvp, struct mount *);
MNT_NOCLUSTERW | MNT_SUIDDIR | MNT_SOFTDEP | \
MNT_IGNORE | MNT_EXPUBLIC | MNT_NOSYMFOLLOW | \
MNT_GJOURNAL | MNT_MULTILABEL | MNT_ACLS | \
- MNT_NFS4ACLS | MNT_AUTOMOUNTED | MNT_VERIFIED)
+ MNT_NFS4ACLS | MNT_AUTOMOUNTED | MNT_VERIFIED | \
+ MNT_UNTRUSTED)
/* Mask of flags that can be updated. */
#define MNT_UPDATEMASK (MNT_NOSUID | MNT_NOEXEC | \
@@ -342,7 +344,7 @@ void __mnt_vnode_markerfree_active(struct vnode **mvp, struct mount *);
MNT_NOSYMFOLLOW | MNT_IGNORE | \
MNT_NOCLUSTERR | MNT_NOCLUSTERW | MNT_SUIDDIR | \
MNT_ACLS | MNT_USER | MNT_NFS4ACLS | \
- MNT_AUTOMOUNTED)
+ MNT_AUTOMOUNTED | MNT_UNTRUSTED)
/*
* External filesystem command modifier flags.
diff --git a/sys/ufs/ffs/ffs_vfsops.c b/sys/ufs/ffs/ffs_vfsops.c
index 3174dc4de129..dedcc60a2805 100644
--- a/sys/ufs/ffs/ffs_vfsops.c
+++ b/sys/ufs/ffs/ffs_vfsops.c
@@ -145,7 +145,7 @@ static struct buf_ops ffs_ops = {
static const char *ffs_opts[] = { "acls", "async", "noatime", "noclusterr",
"noclusterw", "noexec", "export", "force", "from", "groupquota",
"multilabel", "nfsv4acls", "fsckpid", "snapshot", "nosuid", "suiddir",
- "nosymfollow", "sync", "union", "userquota", NULL };
+ "nosymfollow", "sync", "union", "userquota", "untrusted", NULL };
static int
ffs_mount(struct mount *mp)
@@ -184,6 +184,9 @@ ffs_mount(struct mount *mp)
return (error);
mntorflags = 0;
+ if (vfs_getopt(mp->mnt_optnew, "untrusted", NULL, NULL) == 0)
+ mntorflags |= MNT_UNTRUSTED;
+
if (vfs_getopt(mp->mnt_optnew, "acls", NULL, NULL) == 0)
mntorflags |= MNT_ACLS;