The other day I had to change the way a filesystem was mounted to do some administrative tasks (specifically, I turned off the nosuid option). I guess I became distracted because I never re-enabled it until just noticing it recently. I was surprised and a little bit peeved that my /etc/security script would not notice a change in the way filesystems were mounted. Rather than just complain, I modified my own /etc/security's accordingly and decided the modification was something that no one could really argue against, so I'm submitting it here. Fix: The structure of the added commands parallels the existing 'dmesg' check currently in place. Frankly, it's almost exactly the same, just different filenames and another command generating the initial output. The only thing I am unsure of is which is more asthetically pleasing, using 'mount -p' output or taking 'mount' output and running it through a quick sed script to clean out the "writes:" information. At this point, I perfer the more verbose mount-sed combo. Both patches are included. Any contructive comments or criticisms appreciated. The mount-sed combo, Now for the mount-p version, How-To-Repeat: Do anything to your filesystem mounts. /etc/security won't notice.
This seems like a good idea. There aren't any objections logged in the PR, so is someone interested in committing this? http://www.freebsd.org/cgi/query-pr.cgi?pr=17155 Daniel
Responsible Changed From-To: freebsd-bugs->sheldonh I'll take this one. :-)
State Changed From-To: open->analyzed I've committed the mount -p version of your patch in rev 1.38. I chose this version because its output is more useful for cut and paste operations on /etc/fstab. :-) While I'm convinced that there are no problems with this, I'm still going to stick to the rule of thumb that only critical bug fixes should be merged to stable branches immediately. Bug me in a month if I haven't merged this yet. ;-)
State Changed From-To: analyzed->closed MFC'd by asmodai in rev 1.36.2.2 of src/security