docs: add CAP_SYS_ADMIN to TODO

author Karel Zak <kzak@redhat.com>

Tue, 22 Aug 2017 09:22:26 +0000 (11:22 +0200)

committer Karel Zak <kzak@redhat.com>

Tue, 22 Aug 2017 09:22:26 +0000 (11:22 +0200)
author Karel Zak <kzak@redhat.com>
Tue, 22 Aug 2017 09:22:26 +0000 (11:22 +0200)
committer Karel Zak <kzak@redhat.com>
Tue, 22 Aug 2017 09:22:26 +0000 (11:22 +0200)
diff --git a/Documentation/TODO b/Documentation/TODO

index 012a000fc299ee19c78cc608b9dd23332160d1ff..968002e754d2bc5d4f3467231a948a42a45cb722 100644 (file)
--- a/Documentation/TODO
+++ b/Documentation/TODO
@@ -85,6 +85,15 @@ bash completion
  libmount (mount/umount)
  -----------------------
  
+ - support CAP_SYS_ADMIN; for mount(2) syscall the CAP_SYS_ADMIN is good
+   enough. Unfortunately, mount(8) does more things like check for filesystem
+   type (but it's usually done by udev, so root perms are unnecessary), create
+   loop devices, write to /run/mount/utab or /etc/mtab, etc.
+
+   It would be nice to improve libmount to check for CAP_SYS_ADMIN if suid not
+   set and allow to use it for simple tasks where no another operation is
+   necessary.
+
   - allow to execute mount(2) in another namespace, something like:
         mount --namespace=/proc/$n/ns/mnt  /dev/sda2 /bar
     see https://bugzilla.redhat.com/show_bug.cgi?id=1199554 for more details.
author	Karel Zak <kzak@redhat.com>
	Tue, 22 Aug 2017 09:22:26 +0000 (11:22 +0200)
committer	Karel Zak <kzak@redhat.com>
	Tue, 22 Aug 2017 09:22:26 +0000 (11:22 +0200)