Description of problem: [RFC PATCH] vfs: add MNT_NOFOLLOW flag to umount(2) From: Miklos Szeredi <mszeredi> Add a new MNT_NOFOLLOW flag to umount(2). This is needed to prevent symlink attacks in unprivileged unmounts (fuse, samba, ncpfs). Additionally, return -EINVAL if an unknown flag is encountered. This makes it possible for the caller to determine if a flag is supported or not (at least on kernels with this patch). Discussion is at: http://patchwork.kernel.org/patch/77169/
Upstream commit: http://git.kernel.org/linus/db1f05bb85d7966b9176e293f3ceead1cb8b5d79
This request was evaluated by Red Hat Product Management for inclusion in a Red Hat Enterprise Linux maintenance release. Product Management has requested further review of this request by Red Hat Engineering, for potential inclusion in a Red Hat Enterprise Linux Update release for currently deployed products. This request is not yet committed for inclusion in an Update release.
This requires an invasive change to the fuse package in order for it to be useful, and since we don't officially support fuse anyway and only provide it as a courtesy to customers and you need to be in the fuse group to even use the affected binary I'm closing this as wontfix
We actually do support FUSE, we just don't currently support any user space file systems that use FUSE in RHEL5.x. That said, I am fine with punting this fix out to RHEL6.x.