Filesystem-Independent Mount Options (cont.)

individual labels on the files. It represents the entire filesystem for certain kinds of permission checks, such as during mount or file creation. Individual file labels are still obtained from the xattrs on the files themselves. The context option actually sets the aggregate context that fscontext provides, in addition to supplying the same label for individual files. You can set the default security context for unlabeled files using defcontext= option. This overrides the value set for unlabeled files in the policy and requires a filesystem that supports xattr labeling. The rootcontext= option allows you to explicitly label the root inode of a FS being mounted before that FS or inode becomes visible to userspace. This was found to be useful for things like stateless Linux. The special value @target can be used to assign the current context of the target mountpoint location. Note that the kernel rejects any remount request that includes the context option, even when unchanged from the current context. Warning: the context value might contain commas, in which case the value has to be properly quoted, otherwise mount will interpret the comma as a separator between mount options. Don’t forget that the shell strips off quotes and thus double quoting is required. For example: mount -t tmpfs none /mnt -o \ 'context="system_u:object_r:tmp_t:s0:c127,c456",noexec' For more details, see selinux(8). defaults Use the default options: rw, suid, dev, exec, auto, nouser, and async. Note that the real set of all default mount options depends on the kernel and filesystem type. See the beginning of this section for more details. dev Interpret character or block special devices on the filesystem. nodev Do not interpret character or block special devices on the filesystem. diratime Update directory inode access times on this filesystem. This is the default. (This option is ignored when noatime is set.) nodiratime Do not update directory inode access times on this filesystem. (This option is implied when noatime is set.) dirsync All directory updates within the filesystem should be done synchronously. This affects the following system calls: creat(2), link(2), unlink(2), symlink(2), mkdir(2), rmdir(2), mknod(2) and rename(2). exec Permit execution of binaries and other executable files. noexec Do not permit direct execution of any binaries on the mounted filesystem. group Allow an ordinary user to mount the filesystem if one of that user’s groups matches the group of the device. This option implies the options nosuid and nodev (unless overridden by subsequent options, as in the option line group,dev,suid). iversion Every time the inode is modified, the i_version field will be incremented. noiversion Do not increment the i_version inode field. mand Allow mandatory locks on this filesystem. See fcntl(2). This option was deprecated in Linux 5.15. nomand Do not allow mandatory locks on this filesystem. _netdev The filesystem resides on a device that requires network access (used to prevent the system from attempting to mount these filesystems until the network has been enabled on the system). nofail Do not report errors for this device if it does not exist. relatime Update inode access times relative

This section continues the description of filesystem-independent mount options for the `mount` command. It covers `defaults`, `dev`, `nodev`, `diratime`, `nodiratime`, `dirsync`, `exec`, `noexec`, `group`, `iversion`, `noiversion`, `mand`, `nomand`, `_netdev`, and `nofail`. These options configure default behaviors, device interpretation, directory access time updates, execution permissions, group-based mounting, inode versioning, mandatory locking, network dependency, and error handling during mounting.