/* * Common routine to check if an unprivileged mount is allowed. * * We export just this part (i.e., without the access control) so that if a * secmodel wants to implement finer grained user mounts it can do so without * copying too much code. More elaborate policies (i.e., specific users allowed * to also create devices and/or introduce set-id binaries, or export * file-systems) will require a different implementation. * * This routine is intended to be called from listener context, and as such * does not take credentials as an argument. */