From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org X-Spam-Level: X-Spam-Status: No, score=0.0 required=5.0 tests=none autolearn=ham autolearn_force=no version=3.4.4 Received: (qmail 23134 invoked from network); 4 May 2022 15:07:50 -0000 Received: from 9front.inri.net (168.235.81.73) by inbox.vuxu.org with ESMTPUTF8; 4 May 2022 15:07:50 -0000 Received: from mimir.eigenstate.org ([206.124.132.107]) by 9front; Wed May 4 11:06:05 -0400 2022 Received: from abbatoir.myfiosgateway.com (pool-74-108-56-225.nycmny.fios.verizon.net [74.108.56.225]) by mimir.eigenstate.org (OpenSMTPD) with ESMTPSA id 727144ba (TLSv1.2:ECDHE-RSA-AES256-SHA:256:NO) for <9front@9front.org>; Wed, 4 May 2022 08:06:00 -0700 (PDT) Message-ID: <66897DA727B6A2C9488664CCB7009E06@eigenstate.org> To: 9front@9front.org Date: Wed, 04 May 2022 11:05:57 -0400 From: ori@eigenstate.org In-Reply-To: <164813d2-28cb-44dd-2aee-b789ea75ba9a@posixcafe.org> MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit List-ID: <9front.9front.org> List-Help: X-Glyph: ➈ X-Bullshit: SVG over YAML wrapper deep-learning reduce/map-aware generator Subject: Re: [9front] [PATCH] Unmount to remove sharp devices. Reply-To: 9front@9front.org Precedence: bulk Quoth Jacob Moody : > Hello, > > This patch allows processes to unmount sharp devices to prevent itself and its children from accessing > them. This is implemented through an internal rework of how RFNOMNT works, making RFNOMNT a special > case of setting disallowed devices. To replicate the mount blocking functionality of RFNOMNT a special > case is given for blocking devmnt, which also blocks the process and its children from making any mount > calls. > > If everything passes the sniff test I can commit these changes. Diff is here: http://okturing.com/src/13574/body and included > below. > > Thanks, > moody > Very nice -- I'm going to try to apply the patch and port shithub scripts to use it this weekend. Thinking about how I'd use it, I wonder if there's a clean way to remove all devices without disabling mounts, since blacklists are a bit of a pain. Maybe unmount `{awk '/^#[^keep]/{print $1} /dev/drivers} is good enough.