On Thu, Jul 20, 2023 at 07:56:12PM +0200, Marco d'Itri wrote: > Package: src:linux > Severity: normal > > You are totally correct. > Kernel team, please blacklist HFS/HFS+ for automounting.
Isn't this a userland policy decision? udisks will happily trigger a module load for hfsplus if udev has identified it, and I don't think there's a trivial mechanism for the kernel to disable that. I believe the only way for the kernel to disable automounting would be to disable the drivers entirely (which we don't want to do), so this probably needs to be assigned elsewhere rather than being a linux bug. (Or, alternatively, we could move hfs(+) support to FUSE and provide extremely tight seccomp policies around them, and then drop kernel support, but even though this has been talked about a bunch I haven't seen anyone try to implement it)