LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Can't disable unused filesystems

Can't disable unused filesystems

Posted Feb 24, 2013 8:49 UTC (Sun) by paulj (subscriber, #341)
In reply to: Can't disable unused filesystems by jmorris42
Parent article: A story of three kernel vulnerabilities

Ah, so I'm not the only frustrated by lots of "disk" icons appearing in nautilus, that are to do with the system, and there not being any reasonably obvious way (either from UI or in /etc) to hide them?

Arg!

(Log in to post comments)

Sure CAN disable unused filesystems =:^)

Posted Mar 12, 2013 3:59 UTC (Tue) by Duncan (guest, #6647) [Link]

On gentoo anyway, turning off such filesystem support, and automount support in general, is easy. Appropriate USE flags and kernel ensure support for this is NOT builtin. Of course whether you consider gentoo "a reasonably obvious way" or not is up to you, but...

My gentoo/kde systems are build without udisks, policykit, etc support, the appropriate USE flags turned off, both due to the heavy dependencies (udisks-1 wanted lvm2, udisks2 wants gparted while I use gptfdisk, I need those installed like I need another hole in my head!). And the kernel is built for the specific system it's on, monolithic, module support turned off. (Tho I did have to package.provided a couple runtime deps, including kdesu, that I didn't need anyway. I could of course have edited and overlaid the ebuilds to kill the runtime deps, but that would have been a repeated edit over many updates. Package.provideing them only need be done once.)

So no automounting or GUI superuser access and for SURE no support for obscure filesystems!

Where specific privlege-required functions are to be used by the GUI user, I configure sudoers to allow the specific command, no more, no less, with or without password required, depending on the need and how locked down the command actually is. Yes, that does require that the user use the commandline for it, but IMO, if a user isn't comfortable using the commandline, they have no business running superuser/privileged commands in the first place.

Of course that's a bit drastic for many, but that's precisely the point, gentoo, being build from source by the user, allows turning off unneeded features at end-user-controlled build-time, as opposed to centralized distro decided "someone might use it so we better enable it" defaults, at /their/ buildtime. If you want automount, turn on the appropriate USE flags, else turn them off and don't even have the otherwise required components installed in the first place. Actually, it's more than that, in effect, over time gentoo STRONGLY ENCOURAGES observance of the security "only install what you actually use" rule, because otherwise you're repeatedly building updates for stuff you don't use anyway, so if you're not actually using it, it quickly becomes simpler to just turn it off and not worry about building it any more.

So yes, there's a "reasonably obvious" way to turn them off... switch to a distro (and desktop, if necessary, but I'd guess gnome on gentoo allows turning it off too, I just don't know for sure as I don't use it) that allows it, if yours doesn't. =:^)

Duncan

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds