[Utopia] Re: Removable devices and fstab

[Nathaniel McCallum <npmccallum gentoo org>]

I think mostly we are on the same page with what we want, but how to get
there is the question.  I'm cc'ing the utopia list so others can join
into this discussion.  

Perhaps the best thing is to provide a better fstab implimentation with
backwards compatibility that could be used across all unix's.  If we
wanted to do that, there are a few things to consider.

What does /dev/sda4 mean?  Is it partition one on a zip drive?  Is it
the fourth partition on a usb key?  Is it the fourth partition on a
hardwired scsi disk?  My point here is that device names are entirely
ambiguous.

Here is a list of things I think we should be able to specify:
   1. rules based on any device and/or filesystem attribute. For ex.:
      a. filesystem uuid
      b. filesystem volume name
      c. unique hardware id of device
      d. number of partitions (ie. device must have only one partition)
      e. size of filesystem (ie. fs must be > 256MB)
      f. device name (backwards compat)
      g. device type (ie. usbkey, cdrom, memcard, etc)
      h. filesystem type (ie. don't mount ntfs volumes)
   2. mount point
      a. static mount point (ie. /mnt/cdrom)
      b. mount point pattern (ie. /mnt/USBKey[0-9]*)

Rules should match the closest situation.  For instance, we should be
able to say "(rule 1) let users mount cdroms except (rule 2) the cdrom
with the uid of 12345" or "(rule 1) Users can't mount usbkeys, except
(rule2) the usbkey with filesystem uuid 12345 and only by user johndoe".

If we were able to specify policy in this maner we get the following
advantages:
   1. Clear separation of policy
   2. No need for dynamic updating (ala fstab-update)
   3. Consistancy of implimentation (everything is in fstab)
   4. Backwards compatibility
   5. Better security model

What are your thoughts?

Nathaniel