2011-01-10 07:31:23 -06:00
|
|
|
/*
|
|
|
|
* mount(8) -- mount a filesystem
|
|
|
|
*
|
|
|
|
* Copyright (C) 2011 Red Hat, Inc. All rights reserved.
|
|
|
|
* Written by Karel Zak <kzak@redhat.com>
|
|
|
|
*
|
|
|
|
* This program is free software; you can redistribute it and/or modify
|
|
|
|
* it under the terms of the GNU General Public License as published by
|
|
|
|
* the Free Software Foundation; either version 2 of the License, or
|
|
|
|
* (at your option) any later version.
|
|
|
|
*
|
|
|
|
* This program is distributed in the hope that it would be useful,
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
* GNU General Public License for more details.
|
|
|
|
*
|
2012-02-22 15:28:48 -06:00
|
|
|
* You should have received a copy of the GNU General Public License along
|
|
|
|
* with this program; if not, write to the Free Software Foundation, Inc.,
|
|
|
|
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
2011-01-10 07:31:23 -06:00
|
|
|
*/
|
|
|
|
|
|
|
|
#include <stdio.h>
|
|
|
|
#include <stdlib.h>
|
|
|
|
#include <errno.h>
|
|
|
|
#include <string.h>
|
|
|
|
#include <getopt.h>
|
|
|
|
#include <unistd.h>
|
|
|
|
#include <sys/types.h>
|
2012-01-11 09:17:06 -06:00
|
|
|
#include <sys/mman.h>
|
2012-01-13 09:29:21 -06:00
|
|
|
#include <sys/stat.h>
|
2012-01-20 07:17:08 -06:00
|
|
|
#include <stdarg.h>
|
2011-01-19 16:51:12 -06:00
|
|
|
#include <libmount.h>
|
2012-08-06 05:45:08 -05:00
|
|
|
#include <ctype.h>
|
2011-01-19 16:51:12 -06:00
|
|
|
|
2011-01-10 07:31:23 -06:00
|
|
|
#include "nls.h"
|
|
|
|
#include "c.h"
|
2011-11-29 10:36:39 -06:00
|
|
|
#include "env.h"
|
2012-01-11 09:17:06 -06:00
|
|
|
#include "strutils.h"
|
2012-04-04 12:49:40 -05:00
|
|
|
#include "closestream.h"
|
2012-11-26 07:30:22 -06:00
|
|
|
#include "canonicalize.h"
|
2011-01-10 07:31:23 -06:00
|
|
|
|
2017-06-22 15:17:14 -05:00
|
|
|
#define XALLOC_EXIT_CODE MNT_EX_SYSERR
|
|
|
|
#include "xalloc.h"
|
|
|
|
|
2017-04-27 07:26:02 -05:00
|
|
|
#define OPTUTILS_EXIT_CODE MNT_EX_USAGE
|
2012-06-16 04:47:07 -05:00
|
|
|
#include "optutils.h"
|
|
|
|
|
2020-08-25 03:48:29 -05:00
|
|
|
static struct ul_env_list *envs_removed;
|
|
|
|
|
2012-01-20 06:47:08 -06:00
|
|
|
static int mk_exit_code(struct libmnt_context *cxt, int rc);
|
|
|
|
|
mount: no exit on EPERM, continue without suid
The current libmount assumes that mount(8) and umount(8) are suid
binaries. For this reason it implements internal rules which
restrict what is allowed for non-root users. Unfortunately, it's
out of reality for some use-cases where root permissions are no
required. Nice example are fuse filesystems.
So, the current situation is to call exit() always when mount, umount or
libmount are unsure with non-root user rights. This patch removes the
exit() call and replaces it with suid permissions drop, after that it
continues as usually. It means after suid-drop all depend on kernel
and no another security rule is used by libmount (simply because any
rule is no more necessary).
Example:
old version:
$ mount -t fuse.sshfs kzak@192.168.111.1:/home/kzak /home/kzak/mnt
mount: only root can use "--types" option
new version:
$ mount -t fuse.sshfs kzak@192.168.111.1:/home/kzak /home/kzak/mnt
kzak@192.168.111.1's password:
$ findmnt /home/kzak/mnt
TARGET SOURCE FSTYPE OPTIONS
/home/kzak/mnt kzak@192.168.111.1:/home/kzak fuse.sshfs rw,nosuid,nodev,relatime,user_id=1000,group_id=1000
$ umount /home/kzak/mnt
$ echo $?
0
Note that fuse user umount is supported since v2.34 due to user_id= in
kernel mount table.
Signed-off-by: Karel Zak <kzak@redhat.com>
2019-11-19 07:58:20 -06:00
|
|
|
static void suid_drop(struct libmnt_context *cxt)
|
2011-01-10 07:31:23 -06:00
|
|
|
{
|
|
|
|
const uid_t ruid = getuid();
|
|
|
|
const uid_t euid = geteuid();
|
|
|
|
|
mount: no exit on EPERM, continue without suid
The current libmount assumes that mount(8) and umount(8) are suid
binaries. For this reason it implements internal rules which
restrict what is allowed for non-root users. Unfortunately, it's
out of reality for some use-cases where root permissions are no
required. Nice example are fuse filesystems.
So, the current situation is to call exit() always when mount, umount or
libmount are unsure with non-root user rights. This patch removes the
exit() call and replaces it with suid permissions drop, after that it
continues as usually. It means after suid-drop all depend on kernel
and no another security rule is used by libmount (simply because any
rule is no more necessary).
Example:
old version:
$ mount -t fuse.sshfs kzak@192.168.111.1:/home/kzak /home/kzak/mnt
mount: only root can use "--types" option
new version:
$ mount -t fuse.sshfs kzak@192.168.111.1:/home/kzak /home/kzak/mnt
kzak@192.168.111.1's password:
$ findmnt /home/kzak/mnt
TARGET SOURCE FSTYPE OPTIONS
/home/kzak/mnt kzak@192.168.111.1:/home/kzak fuse.sshfs rw,nosuid,nodev,relatime,user_id=1000,group_id=1000
$ umount /home/kzak/mnt
$ echo $?
0
Note that fuse user umount is supported since v2.34 due to user_id= in
kernel mount table.
Signed-off-by: Karel Zak <kzak@redhat.com>
2019-11-19 07:58:20 -06:00
|
|
|
if (ruid != 0 && euid == 0) {
|
|
|
|
if (setgid(getgid()) < 0)
|
|
|
|
err(MNT_EX_FAIL, _("setgid() failed"));
|
|
|
|
|
|
|
|
if (setuid(getuid()) < 0)
|
|
|
|
err(MNT_EX_FAIL, _("setuid() failed"));
|
2011-01-10 07:31:23 -06:00
|
|
|
}
|
mount: no exit on EPERM, continue without suid
The current libmount assumes that mount(8) and umount(8) are suid
binaries. For this reason it implements internal rules which
restrict what is allowed for non-root users. Unfortunately, it's
out of reality for some use-cases where root permissions are no
required. Nice example are fuse filesystems.
So, the current situation is to call exit() always when mount, umount or
libmount are unsure with non-root user rights. This patch removes the
exit() call and replaces it with suid permissions drop, after that it
continues as usually. It means after suid-drop all depend on kernel
and no another security rule is used by libmount (simply because any
rule is no more necessary).
Example:
old version:
$ mount -t fuse.sshfs kzak@192.168.111.1:/home/kzak /home/kzak/mnt
mount: only root can use "--types" option
new version:
$ mount -t fuse.sshfs kzak@192.168.111.1:/home/kzak /home/kzak/mnt
kzak@192.168.111.1's password:
$ findmnt /home/kzak/mnt
TARGET SOURCE FSTYPE OPTIONS
/home/kzak/mnt kzak@192.168.111.1:/home/kzak fuse.sshfs rw,nosuid,nodev,relatime,user_id=1000,group_id=1000
$ umount /home/kzak/mnt
$ echo $?
0
Note that fuse user umount is supported since v2.34 due to user_id= in
kernel mount table.
Signed-off-by: Karel Zak <kzak@redhat.com>
2019-11-19 07:58:20 -06:00
|
|
|
|
|
|
|
/* be paranoid and check it, setuid(0) has to fail */
|
|
|
|
if (ruid != 0 && setuid(0) == 0)
|
|
|
|
errx(MNT_EX_FAIL, _("drop permissions failed."));
|
|
|
|
|
|
|
|
mnt_context_force_unrestricted(cxt);
|
2020-08-25 03:48:29 -05:00
|
|
|
|
|
|
|
/* restore "bad" environment variables */
|
|
|
|
if (envs_removed) {
|
|
|
|
env_list_setenv(envs_removed);
|
|
|
|
env_list_free(envs_removed);
|
|
|
|
envs_removed = NULL;
|
|
|
|
}
|
2011-01-10 07:31:23 -06:00
|
|
|
}
|
|
|
|
|
2019-04-16 06:47:17 -05:00
|
|
|
static void __attribute__((__noreturn__)) mount_print_version(void)
|
2011-01-10 07:31:23 -06:00
|
|
|
{
|
|
|
|
const char *ver = NULL;
|
2012-01-23 05:28:05 -06:00
|
|
|
const char **features = NULL, **p;
|
2011-01-10 07:31:23 -06:00
|
|
|
|
|
|
|
mnt_get_library_version(&ver);
|
2012-01-23 05:28:05 -06:00
|
|
|
mnt_get_library_features(&features);
|
|
|
|
|
|
|
|
printf(_("%s from %s (libmount %s"),
|
|
|
|
program_invocation_short_name,
|
|
|
|
PACKAGE_STRING,
|
|
|
|
ver);
|
|
|
|
p = features;
|
|
|
|
while (p && *p) {
|
|
|
|
fputs(p == features ? ": " : ", ", stdout);
|
|
|
|
fputs(*p++, stdout);
|
|
|
|
}
|
|
|
|
fputs(")\n", stdout);
|
2017-04-27 07:26:02 -05:00
|
|
|
exit(MNT_EX_SUCCESS);
|
2011-01-10 07:31:23 -06:00
|
|
|
}
|
|
|
|
|
2011-08-02 04:21:16 -05:00
|
|
|
static int table_parser_errcb(struct libmnt_table *tb __attribute__((__unused__)),
|
2011-06-23 08:07:55 -05:00
|
|
|
const char *filename, int line)
|
|
|
|
{
|
|
|
|
if (filename)
|
2016-03-16 03:55:53 -05:00
|
|
|
warnx(_("%s: parse error at line %d -- ignored"), filename, line);
|
2015-10-15 04:53:44 -05:00
|
|
|
return 1;
|
2011-06-23 08:07:55 -05:00
|
|
|
}
|
|
|
|
|
2012-08-06 05:45:08 -05:00
|
|
|
/*
|
|
|
|
* Replace control chars with '?' to be compatible with coreutils. For more
|
|
|
|
* robust solution use findmnt(1) where we use \x?? hex encoding.
|
|
|
|
*/
|
|
|
|
static void safe_fputs(const char *data)
|
|
|
|
{
|
|
|
|
const char *p;
|
|
|
|
|
|
|
|
for (p = data; p && *p; p++) {
|
|
|
|
if (iscntrl((unsigned char) *p))
|
|
|
|
fputc('?', stdout);
|
|
|
|
else
|
|
|
|
fputc(*p, stdout);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2011-06-23 08:19:37 -05:00
|
|
|
static void print_all(struct libmnt_context *cxt, char *pattern, int show_label)
|
2011-01-10 07:31:23 -06:00
|
|
|
{
|
2011-01-21 17:09:34 -06:00
|
|
|
struct libmnt_table *tb;
|
2011-06-08 04:22:25 -05:00
|
|
|
struct libmnt_iter *itr = NULL;
|
2011-01-21 17:09:34 -06:00
|
|
|
struct libmnt_fs *fs;
|
|
|
|
struct libmnt_cache *cache = NULL;
|
2011-01-10 07:31:23 -06:00
|
|
|
|
2011-06-23 08:19:37 -05:00
|
|
|
if (mnt_context_get_mtab(cxt, &tb))
|
2017-04-27 07:26:02 -05:00
|
|
|
err(MNT_EX_SYSERR, _("failed to read mtab"));
|
2011-01-10 07:31:23 -06:00
|
|
|
|
|
|
|
itr = mnt_new_iter(MNT_ITER_FORWARD);
|
2011-06-23 08:19:37 -05:00
|
|
|
if (!itr)
|
2017-04-27 07:26:02 -05:00
|
|
|
err(MNT_EX_SYSERR, _("failed to initialize libmount iterator"));
|
2011-01-10 07:31:23 -06:00
|
|
|
if (show_label)
|
|
|
|
cache = mnt_new_cache();
|
|
|
|
|
2011-06-23 08:07:55 -05:00
|
|
|
while (mnt_table_next_fs(tb, itr, &fs) == 0) {
|
2011-01-10 07:31:23 -06:00
|
|
|
const char *type = mnt_fs_get_fstype(fs);
|
|
|
|
const char *src = mnt_fs_get_source(fs);
|
2011-03-28 16:28:45 -05:00
|
|
|
const char *optstr = mnt_fs_get_options(fs);
|
2012-01-16 19:17:55 -06:00
|
|
|
char *xsrc = NULL;
|
2011-01-10 07:31:23 -06:00
|
|
|
|
|
|
|
if (type && pattern && !mnt_match_fstype(type, pattern))
|
|
|
|
continue;
|
|
|
|
|
2019-02-05 17:07:54 -06:00
|
|
|
if (!mnt_fs_is_pseudofs(fs) && !mnt_fs_is_netfs(fs))
|
2012-01-16 19:17:55 -06:00
|
|
|
xsrc = mnt_pretty_path(src, cache);
|
2012-08-06 05:45:08 -05:00
|
|
|
printf ("%s on ", xsrc ? xsrc : src);
|
|
|
|
safe_fputs(mnt_fs_get_target(fs));
|
|
|
|
|
2011-01-10 07:31:23 -06:00
|
|
|
if (type)
|
|
|
|
printf (" type %s", type);
|
|
|
|
if (optstr)
|
|
|
|
printf (" (%s)", optstr);
|
|
|
|
if (show_label && src) {
|
|
|
|
char *lb = mnt_cache_find_tag_value(cache, src, "LABEL");
|
|
|
|
if (lb)
|
|
|
|
printf (" [%s]", lb);
|
|
|
|
}
|
|
|
|
fputc('\n', stdout);
|
2011-06-23 09:06:27 -05:00
|
|
|
free(xsrc);
|
2011-01-10 07:31:23 -06:00
|
|
|
}
|
2011-06-23 08:19:37 -05:00
|
|
|
|
2013-08-21 07:38:38 -05:00
|
|
|
mnt_unref_cache(cache);
|
2011-03-30 17:05:01 -05:00
|
|
|
mnt_free_iter(itr);
|
2011-01-10 07:31:23 -06:00
|
|
|
}
|
|
|
|
|
2011-06-23 08:07:55 -05:00
|
|
|
/*
|
|
|
|
* mount -a [-F]
|
|
|
|
*/
|
2011-12-02 11:20:34 -06:00
|
|
|
static int mount_all(struct libmnt_context *cxt)
|
2011-06-09 15:43:51 -05:00
|
|
|
{
|
2011-06-23 08:07:55 -05:00
|
|
|
struct libmnt_iter *itr;
|
|
|
|
struct libmnt_fs *fs;
|
2017-04-27 07:26:02 -05:00
|
|
|
int mntrc, ignored, rc = MNT_EX_SUCCESS;
|
2011-06-23 08:07:55 -05:00
|
|
|
|
2012-02-24 16:03:22 -06:00
|
|
|
int nsucc = 0, nerrs = 0;
|
|
|
|
|
2011-06-23 08:07:55 -05:00
|
|
|
itr = mnt_new_iter(MNT_ITER_FORWARD);
|
|
|
|
if (!itr) {
|
|
|
|
warn(_("failed to initialize libmount iterator"));
|
2017-04-27 07:26:02 -05:00
|
|
|
return MNT_EX_SYSERR;
|
2011-06-23 08:07:55 -05:00
|
|
|
}
|
|
|
|
|
|
|
|
while (mnt_context_next_mount(cxt, itr, &fs, &mntrc, &ignored) == 0) {
|
|
|
|
|
|
|
|
const char *tgt = mnt_fs_get_target(fs);
|
|
|
|
|
|
|
|
if (ignored) {
|
|
|
|
if (mnt_context_is_verbose(cxt))
|
2011-12-01 09:42:42 -06:00
|
|
|
printf(ignored == 1 ? _("%-25s: ignored\n") :
|
|
|
|
_("%-25s: already mounted\n"),
|
2011-06-23 08:07:55 -05:00
|
|
|
tgt);
|
2011-12-02 11:20:34 -06:00
|
|
|
} else if (mnt_context_is_fork(cxt)) {
|
2012-01-20 06:47:08 -06:00
|
|
|
if (mnt_context_is_verbose(cxt))
|
|
|
|
printf("%-25s: mount successfully forked\n", tgt);
|
2011-06-23 08:07:55 -05:00
|
|
|
} else {
|
2017-04-27 07:26:02 -05:00
|
|
|
if (mk_exit_code(cxt, mntrc) == MNT_EX_SUCCESS) {
|
2012-02-24 16:03:22 -06:00
|
|
|
nsucc++;
|
2012-01-20 06:47:08 -06:00
|
|
|
|
2017-04-27 07:26:02 -05:00
|
|
|
/* Note that MNT_EX_SUCCESS return code does
|
2014-04-07 04:53:05 -05:00
|
|
|
* not mean that FS has been really mounted
|
|
|
|
* (e.g. nofail option) */
|
2019-08-28 18:25:57 -05:00
|
|
|
if (mnt_context_get_status(cxt)
|
2014-04-07 04:53:05 -05:00
|
|
|
&& mnt_context_is_verbose(cxt))
|
2012-01-20 06:47:08 -06:00
|
|
|
printf("%-25s: successfully mounted\n", tgt);
|
2012-02-24 16:03:22 -06:00
|
|
|
} else
|
|
|
|
nerrs++;
|
2011-06-23 08:07:55 -05:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2011-12-02 11:20:34 -06:00
|
|
|
if (mnt_context_is_parent(cxt)) {
|
|
|
|
/* wait for mount --fork children */
|
2012-02-24 16:03:22 -06:00
|
|
|
int nchildren = 0;
|
|
|
|
|
|
|
|
nerrs = 0, nsucc = 0;
|
2011-12-02 11:20:34 -06:00
|
|
|
|
|
|
|
rc = mnt_context_wait_for_children(cxt, &nchildren, &nerrs);
|
|
|
|
if (!rc && nchildren)
|
2012-02-24 16:03:22 -06:00
|
|
|
nsucc = nchildren - nerrs;
|
2011-12-02 11:20:34 -06:00
|
|
|
}
|
|
|
|
|
2012-02-24 16:03:22 -06:00
|
|
|
if (nerrs == 0)
|
2017-04-27 07:26:02 -05:00
|
|
|
rc = MNT_EX_SUCCESS; /* all success */
|
2012-02-24 16:03:22 -06:00
|
|
|
else if (nsucc == 0)
|
2017-04-27 07:26:02 -05:00
|
|
|
rc = MNT_EX_FAIL; /* all failed */
|
2012-02-24 16:03:22 -06:00
|
|
|
else
|
2017-04-27 07:26:02 -05:00
|
|
|
rc = MNT_EX_SOMEOK; /* some success, some failed */
|
2012-02-24 16:03:22 -06:00
|
|
|
|
2012-01-30 16:44:31 -06:00
|
|
|
mnt_free_iter(itr);
|
2011-06-23 08:07:55 -05:00
|
|
|
return rc;
|
2011-06-09 15:43:51 -05:00
|
|
|
}
|
|
|
|
|
2019-01-16 08:00:07 -06:00
|
|
|
|
|
|
|
/*
|
|
|
|
* mount -a -o remount
|
|
|
|
*/
|
|
|
|
static int remount_all(struct libmnt_context *cxt)
|
|
|
|
{
|
|
|
|
struct libmnt_iter *itr;
|
|
|
|
struct libmnt_fs *fs;
|
|
|
|
int mntrc, ignored, rc = MNT_EX_SUCCESS;
|
|
|
|
|
|
|
|
int nsucc = 0, nerrs = 0;
|
|
|
|
|
|
|
|
itr = mnt_new_iter(MNT_ITER_FORWARD);
|
|
|
|
if (!itr) {
|
|
|
|
warn(_("failed to initialize libmount iterator"));
|
|
|
|
return MNT_EX_SYSERR;
|
|
|
|
}
|
|
|
|
|
|
|
|
while (mnt_context_next_remount(cxt, itr, &fs, &mntrc, &ignored) == 0) {
|
|
|
|
|
|
|
|
const char *tgt = mnt_fs_get_target(fs);
|
|
|
|
|
|
|
|
if (ignored) {
|
|
|
|
if (mnt_context_is_verbose(cxt))
|
|
|
|
printf(_("%-25s: ignored\n"), tgt);
|
|
|
|
} else {
|
|
|
|
if (mk_exit_code(cxt, mntrc) == MNT_EX_SUCCESS) {
|
|
|
|
nsucc++;
|
|
|
|
|
|
|
|
/* Note that MNT_EX_SUCCESS return code does
|
|
|
|
* not mean that FS has been really mounted
|
|
|
|
* (e.g. nofail option) */
|
|
|
|
if (mnt_context_get_status(cxt)
|
|
|
|
&& mnt_context_is_verbose(cxt))
|
|
|
|
printf("%-25s: successfully remounted\n", tgt);
|
|
|
|
} else
|
|
|
|
nerrs++;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
if (nerrs == 0)
|
|
|
|
rc = MNT_EX_SUCCESS; /* all success */
|
|
|
|
else if (nsucc == 0)
|
|
|
|
rc = MNT_EX_FAIL; /* all failed */
|
|
|
|
else
|
|
|
|
rc = MNT_EX_SOMEOK; /* some success, some failed */
|
|
|
|
|
|
|
|
mnt_free_iter(itr);
|
|
|
|
return rc;
|
|
|
|
}
|
|
|
|
|
2012-10-09 04:56:35 -05:00
|
|
|
static void success_message(struct libmnt_context *cxt)
|
|
|
|
{
|
|
|
|
unsigned long mflags = 0;
|
2013-01-15 08:53:46 -06:00
|
|
|
const char *tgt, *src, *pr = program_invocation_short_name;
|
2012-10-09 04:56:35 -05:00
|
|
|
|
|
|
|
if (mnt_context_helper_executed(cxt)
|
|
|
|
|| mnt_context_get_status(cxt) != 1)
|
|
|
|
return;
|
|
|
|
|
|
|
|
mnt_context_get_mflags(cxt, &mflags);
|
|
|
|
tgt = mnt_context_get_target(cxt);
|
|
|
|
src = mnt_context_get_source(cxt);
|
|
|
|
|
|
|
|
if (mflags & MS_MOVE)
|
2013-01-15 08:53:46 -06:00
|
|
|
printf(_("%s: %s moved to %s.\n"), pr, src, tgt);
|
2012-10-09 04:56:35 -05:00
|
|
|
else if (mflags & MS_BIND)
|
2013-01-28 09:20:24 -06:00
|
|
|
printf(_("%s: %s bound on %s.\n"), pr, src, tgt);
|
2013-01-15 09:09:07 -06:00
|
|
|
else if (mflags & MS_PROPAGATION) {
|
|
|
|
if (src && strcmp(src, "none") != 0 && tgt)
|
|
|
|
printf(_("%s: %s mounted on %s.\n"), pr, src, tgt);
|
|
|
|
|
2013-01-15 08:53:46 -06:00
|
|
|
printf(_("%s: %s propagation flags changed.\n"), pr, tgt);
|
2013-01-15 09:09:07 -06:00
|
|
|
} else
|
2013-01-15 08:53:46 -06:00
|
|
|
printf(_("%s: %s mounted on %s.\n"), pr, src, tgt);
|
2012-10-09 04:56:35 -05:00
|
|
|
}
|
|
|
|
|
2012-01-20 06:14:26 -06:00
|
|
|
#if defined(HAVE_LIBSELINUX) && defined(HAVE_SECURITY_GET_INITIAL_CONTEXT)
|
2020-12-14 08:44:59 -06:00
|
|
|
# include <selinux/selinux.h>
|
|
|
|
# include <selinux/context.h>
|
2012-01-20 06:14:26 -06:00
|
|
|
|
|
|
|
static void selinux_warning(struct libmnt_context *cxt, const char *tgt)
|
|
|
|
{
|
|
|
|
|
|
|
|
if (tgt && mnt_context_is_verbose(cxt) && is_selinux_enabled() > 0) {
|
2021-01-13 06:12:19 -06:00
|
|
|
char *raw = NULL, *def = NULL;
|
2012-01-20 06:14:26 -06:00
|
|
|
|
|
|
|
if (getfilecon(tgt, &raw) > 0
|
|
|
|
&& security_get_initial_context("file", &def) == 0) {
|
|
|
|
|
|
|
|
if (!selinux_file_context_cmp(raw, def))
|
|
|
|
printf(_(
|
|
|
|
"mount: %s does not contain SELinux labels.\n"
|
2020-12-17 15:39:05 -06:00
|
|
|
" You just mounted a file system that supports labels which does not\n"
|
2012-01-20 06:14:26 -06:00
|
|
|
" contain labels, onto an SELinux box. It is likely that confined\n"
|
|
|
|
" applications will generate AVC messages and not be allowed access to\n"
|
|
|
|
" this file system. For more details see restorecon(8) and mount(8).\n"),
|
|
|
|
tgt);
|
|
|
|
}
|
|
|
|
freecon(raw);
|
|
|
|
freecon(def);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
#else
|
2012-01-23 08:31:24 -06:00
|
|
|
# define selinux_warning(_x, _y)
|
2012-01-20 06:14:26 -06:00
|
|
|
#endif
|
|
|
|
|
2013-03-25 07:58:53 -05:00
|
|
|
/*
|
2017-04-27 07:11:50 -05:00
|
|
|
* Returns exit status (MNT_EX_*) and/or prints error message.
|
2012-01-13 09:29:21 -06:00
|
|
|
*/
|
|
|
|
static int mk_exit_code(struct libmnt_context *cxt, int rc)
|
|
|
|
{
|
2017-04-27 07:11:50 -05:00
|
|
|
const char *tgt;
|
|
|
|
char buf[BUFSIZ] = { 0 };
|
2017-04-26 10:27:02 -05:00
|
|
|
|
2017-04-27 07:11:50 -05:00
|
|
|
rc = mnt_context_get_excode(cxt, rc, buf, sizeof(buf));
|
|
|
|
tgt = mnt_context_get_target(cxt);
|
2012-01-13 09:29:21 -06:00
|
|
|
|
2017-04-27 07:11:50 -05:00
|
|
|
if (*buf) {
|
|
|
|
const char *spec = tgt;
|
|
|
|
if (!spec)
|
|
|
|
spec = mnt_context_get_source(cxt);
|
|
|
|
if (!spec)
|
|
|
|
spec = "???";
|
2018-05-10 15:18:53 -05:00
|
|
|
warnx("%s: %s.", spec, buf);
|
2012-01-13 09:29:21 -06:00
|
|
|
}
|
|
|
|
|
2017-04-28 04:03:24 -05:00
|
|
|
if (rc == MNT_EX_SUCCESS && mnt_context_get_status(cxt) == 1) {
|
|
|
|
selinux_warning(cxt, tgt);
|
2012-01-13 09:29:21 -06:00
|
|
|
}
|
2017-04-27 07:11:50 -05:00
|
|
|
return rc;
|
2012-01-13 09:29:21 -06:00
|
|
|
}
|
|
|
|
|
2012-01-23 13:31:23 -06:00
|
|
|
static struct libmnt_table *append_fstab(struct libmnt_context *cxt,
|
|
|
|
struct libmnt_table *fstab,
|
|
|
|
const char *path)
|
|
|
|
{
|
|
|
|
|
|
|
|
if (!fstab) {
|
|
|
|
fstab = mnt_new_table();
|
|
|
|
if (!fstab)
|
2017-04-27 07:26:02 -05:00
|
|
|
err(MNT_EX_SYSERR, _("failed to initialize libmount table"));
|
2012-01-23 13:31:23 -06:00
|
|
|
|
|
|
|
mnt_table_set_parser_errcb(fstab, table_parser_errcb);
|
|
|
|
mnt_context_set_fstab(cxt, fstab);
|
2013-08-21 09:07:51 -05:00
|
|
|
|
|
|
|
mnt_unref_table(fstab); /* reference is handled by @cxt now */
|
2012-01-23 13:31:23 -06:00
|
|
|
}
|
|
|
|
|
|
|
|
if (mnt_table_parse_fstab(fstab, path))
|
2017-04-27 07:26:02 -05:00
|
|
|
errx(MNT_EX_USAGE,_("%s: failed to parse"), path);
|
2012-01-23 13:31:23 -06:00
|
|
|
|
|
|
|
return fstab;
|
|
|
|
}
|
|
|
|
|
2012-11-26 07:30:22 -06:00
|
|
|
/*
|
|
|
|
* Check source and target paths -- non-root user should not be able to
|
2020-08-28 12:16:33 -05:00
|
|
|
* resolve paths which are unreadable for them.
|
2012-11-26 07:30:22 -06:00
|
|
|
*/
|
2020-01-03 03:48:09 -06:00
|
|
|
static int sanitize_paths(struct libmnt_context *cxt)
|
2012-11-26 07:30:22 -06:00
|
|
|
{
|
|
|
|
const char *p;
|
|
|
|
struct libmnt_fs *fs = mnt_context_get_fs(cxt);
|
|
|
|
|
|
|
|
if (!fs)
|
2020-01-03 03:48:09 -06:00
|
|
|
return 0;
|
2012-11-26 07:30:22 -06:00
|
|
|
|
|
|
|
p = mnt_fs_get_target(fs);
|
|
|
|
if (p) {
|
|
|
|
char *np = canonicalize_path_restricted(p);
|
|
|
|
if (!np)
|
2020-01-03 03:48:09 -06:00
|
|
|
return -EPERM;
|
2012-11-26 07:30:22 -06:00
|
|
|
mnt_fs_set_target(fs, np);
|
|
|
|
free(np);
|
|
|
|
}
|
|
|
|
|
|
|
|
p = mnt_fs_get_srcpath(fs);
|
|
|
|
if (p) {
|
|
|
|
char *np = canonicalize_path_restricted(p);
|
|
|
|
if (!np)
|
2020-01-03 03:48:09 -06:00
|
|
|
return -EPERM;
|
2012-11-26 07:30:22 -06:00
|
|
|
mnt_fs_set_source(fs, np);
|
|
|
|
free(np);
|
|
|
|
}
|
2020-01-03 03:48:09 -06:00
|
|
|
return 0;
|
2012-11-26 07:30:22 -06:00
|
|
|
}
|
|
|
|
|
2013-01-15 07:23:54 -06:00
|
|
|
static void append_option(struct libmnt_context *cxt, const char *opt)
|
|
|
|
{
|
2013-05-30 06:29:34 -05:00
|
|
|
if (opt && (*opt == '=' || *opt == '\'' || *opt == '\"' || isblank(*opt)))
|
2017-04-27 07:26:02 -05:00
|
|
|
errx(MNT_EX_USAGE, _("unsupported option format: %s"), opt);
|
2013-01-15 07:23:54 -06:00
|
|
|
if (mnt_context_append_options(cxt, opt))
|
2017-04-27 07:26:02 -05:00
|
|
|
err(MNT_EX_SYSERR, _("failed to append option '%s'"), opt);
|
2013-01-15 07:23:54 -06:00
|
|
|
}
|
|
|
|
|
2014-10-17 01:52:00 -05:00
|
|
|
static int has_remount_flag(struct libmnt_context *cxt)
|
|
|
|
{
|
|
|
|
unsigned long mflags = 0;
|
|
|
|
|
|
|
|
if (mnt_context_get_mflags(cxt, &mflags))
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
return mflags & MS_REMOUNT;
|
|
|
|
}
|
|
|
|
|
2017-06-19 13:52:50 -05:00
|
|
|
static void __attribute__((__noreturn__)) usage(void)
|
2011-01-10 07:31:23 -06:00
|
|
|
{
|
2017-06-19 13:52:50 -05:00
|
|
|
FILE *out = stdout;
|
2011-11-29 11:06:21 -06:00
|
|
|
fputs(USAGE_HEADER, out);
|
|
|
|
fprintf(out, _(
|
2011-01-10 07:31:23 -06:00
|
|
|
" %1$s [-lhV]\n"
|
|
|
|
" %1$s -a [options]\n"
|
2012-07-17 15:02:35 -05:00
|
|
|
" %1$s [options] [--source] <source> | [--target] <directory>\n"
|
2011-01-10 07:31:23 -06:00
|
|
|
" %1$s [options] <source> <directory>\n"
|
|
|
|
" %1$s <operation> <mountpoint> [<target>]\n"),
|
|
|
|
program_invocation_short_name);
|
|
|
|
|
2014-12-22 15:57:17 -06:00
|
|
|
fputs(USAGE_SEPARATOR, out);
|
|
|
|
fputs(_("Mount a filesystem.\n"), out);
|
|
|
|
|
2011-11-29 11:06:21 -06:00
|
|
|
fputs(USAGE_OPTIONS, out);
|
2011-01-10 07:31:23 -06:00
|
|
|
fprintf(out, _(
|
|
|
|
" -a, --all mount all filesystems mentioned in fstab\n"
|
|
|
|
" -c, --no-canonicalize don't canonicalize paths\n"
|
2011-08-15 06:09:42 -05:00
|
|
|
" -f, --fake dry run; skip the mount(2) syscall\n"
|
2012-01-23 13:31:23 -06:00
|
|
|
" -F, --fork fork off for each device (use with -a)\n"
|
|
|
|
" -T, --fstab <path> alternative file to /etc/fstab\n"));
|
2011-08-15 06:09:42 -05:00
|
|
|
fprintf(out, _(
|
2015-08-01 03:23:09 -05:00
|
|
|
" -i, --internal-only don't call the mount.<type> helpers\n"));
|
|
|
|
fprintf(out, _(
|
|
|
|
" -l, --show-labels show also filesystem labels\n"));
|
|
|
|
fprintf(out, _(
|
2011-08-15 06:09:42 -05:00
|
|
|
" -n, --no-mtab don't write to /etc/mtab\n"));
|
|
|
|
fprintf(out, _(
|
2018-02-08 08:46:33 -06:00
|
|
|
" --options-mode <mode>\n"
|
|
|
|
" what to do with options loaded from fstab\n"
|
|
|
|
" --options-source <source>\n"
|
|
|
|
" mount options source\n"
|
|
|
|
" --options-source-force\n"
|
|
|
|
" force use of options from fstab/mtab\n"));
|
|
|
|
fprintf(out, _(
|
2011-08-15 06:09:42 -05:00
|
|
|
" -o, --options <list> comma-separated list of mount options\n"
|
|
|
|
" -O, --test-opts <list> limit the set of filesystems (use with -a)\n"
|
|
|
|
" -r, --read-only mount the filesystem read-only (same as -o ro)\n"
|
|
|
|
" -t, --types <list> limit the set of filesystem types\n"));
|
|
|
|
fprintf(out, _(
|
2012-07-17 15:02:35 -05:00
|
|
|
" --source <src> explicitly specifies source (path, label, uuid)\n"
|
|
|
|
" --target <target> explicitly specifies mountpoint\n"));
|
|
|
|
fprintf(out, _(
|
2019-10-22 06:37:12 -05:00
|
|
|
" --target-prefix <path>\n"
|
|
|
|
" specifies path use for all mountpoints\n"));
|
|
|
|
fprintf(out, _(
|
2015-08-01 03:23:09 -05:00
|
|
|
" -v, --verbose say what is being done\n"));
|
|
|
|
fprintf(out, _(
|
2013-04-05 05:32:34 -05:00
|
|
|
" -w, --rw, --read-write mount the filesystem read-write (default)\n"));
|
2018-04-17 08:52:54 -05:00
|
|
|
fprintf(out, _(
|
|
|
|
" -N, --namespace <ns> perform mount in another namespace\n"));
|
2011-01-10 07:31:23 -06:00
|
|
|
|
2011-11-29 11:06:21 -06:00
|
|
|
fputs(USAGE_SEPARATOR, out);
|
2017-06-29 08:52:16 -05:00
|
|
|
printf(USAGE_HELP_OPTIONS(25));
|
2011-11-29 11:06:21 -06:00
|
|
|
|
2011-08-15 06:09:42 -05:00
|
|
|
fprintf(out, _(
|
2011-01-10 07:31:23 -06:00
|
|
|
"\nSource:\n"
|
|
|
|
" -L, --label <label> synonym for LABEL=<label>\n"
|
|
|
|
" -U, --uuid <uuid> synonym for UUID=<uuid>\n"
|
|
|
|
" LABEL=<label> specifies device by filesystem label\n"
|
2012-04-19 07:40:06 -05:00
|
|
|
" UUID=<uuid> specifies device by filesystem UUID\n"
|
|
|
|
" PARTLABEL=<label> specifies device by partition label\n"
|
2020-06-03 09:53:00 -05:00
|
|
|
" PARTUUID=<uuid> specifies device by partition UUID\n"
|
|
|
|
" ID=<id> specifies device by udev hardware ID\n"));
|
2012-04-19 07:40:06 -05:00
|
|
|
|
2011-08-15 06:09:42 -05:00
|
|
|
fprintf(out, _(
|
2011-01-10 07:31:23 -06:00
|
|
|
" <device> specifies device by path\n"
|
|
|
|
" <directory> mountpoint for bind mounts (see --bind/rbind)\n"
|
2011-08-15 06:09:42 -05:00
|
|
|
" <file> regular file for loopdev setup\n"));
|
2011-01-10 07:31:23 -06:00
|
|
|
|
2011-08-15 06:09:42 -05:00
|
|
|
fprintf(out, _(
|
2011-01-10 07:31:23 -06:00
|
|
|
"\nOperations:\n"
|
|
|
|
" -B, --bind mount a subtree somewhere else (same as -o bind)\n"
|
|
|
|
" -M, --move move a subtree to some other place\n"
|
2011-08-15 06:09:42 -05:00
|
|
|
" -R, --rbind mount a subtree and all submounts somewhere else\n"));
|
|
|
|
fprintf(out, _(
|
2011-01-10 07:31:23 -06:00
|
|
|
" --make-shared mark a subtree as shared\n"
|
|
|
|
" --make-slave mark a subtree as slave\n"
|
|
|
|
" --make-private mark a subtree as private\n"
|
2011-08-15 06:09:42 -05:00
|
|
|
" --make-unbindable mark a subtree as unbindable\n"));
|
|
|
|
fprintf(out, _(
|
2011-01-10 07:31:23 -06:00
|
|
|
" --make-rshared recursively mark a whole subtree as shared\n"
|
|
|
|
" --make-rslave recursively mark a whole subtree as slave\n"
|
|
|
|
" --make-rprivate recursively mark a whole subtree as private\n"
|
2011-08-15 06:09:42 -05:00
|
|
|
" --make-runbindable recursively mark a whole subtree as unbindable\n"));
|
2011-01-10 07:31:23 -06:00
|
|
|
|
2017-06-29 08:52:16 -05:00
|
|
|
printf(USAGE_MAN_TAIL("mount(8)"));
|
2011-01-10 07:31:23 -06:00
|
|
|
|
2017-06-19 13:52:50 -05:00
|
|
|
exit(MNT_EX_SUCCESS);
|
2011-01-10 07:31:23 -06:00
|
|
|
}
|
|
|
|
|
2018-02-01 09:17:37 -06:00
|
|
|
struct flag_str {
|
|
|
|
int value;
|
|
|
|
char *str;
|
|
|
|
};
|
|
|
|
|
2018-02-14 07:03:41 -06:00
|
|
|
static int omode2mask(const char *str)
|
2018-02-01 09:17:37 -06:00
|
|
|
{
|
2018-02-14 07:03:41 -06:00
|
|
|
size_t i;
|
|
|
|
|
|
|
|
static const struct flag_str flags[] = {
|
|
|
|
{ MNT_OMODE_IGNORE, "ignore" },
|
|
|
|
{ MNT_OMODE_APPEND, "append" },
|
|
|
|
{ MNT_OMODE_PREPEND, "prepend" },
|
|
|
|
{ MNT_OMODE_REPLACE, "replace" },
|
|
|
|
};
|
|
|
|
|
|
|
|
for (i = 0; i < ARRAY_SIZE(flags); i++) {
|
|
|
|
if (!strcmp(str, flags[i].str))
|
|
|
|
return flags[i].value;
|
2018-02-01 09:17:37 -06:00
|
|
|
}
|
|
|
|
return -EINVAL;
|
|
|
|
}
|
|
|
|
|
2018-02-14 07:03:41 -06:00
|
|
|
static long osrc2mask(const char *str, size_t len)
|
2018-02-01 09:17:37 -06:00
|
|
|
{
|
2018-02-14 07:03:41 -06:00
|
|
|
size_t i;
|
|
|
|
|
|
|
|
static const struct flag_str flags[] = {
|
|
|
|
{ MNT_OMODE_FSTAB, "fstab" },
|
|
|
|
{ MNT_OMODE_MTAB, "mtab" },
|
|
|
|
{ MNT_OMODE_NOTAB, "disable" },
|
|
|
|
};
|
|
|
|
|
|
|
|
for (i = 0; i < ARRAY_SIZE(flags); i++) {
|
|
|
|
if (!strncmp(str, flags[i].str, len) && !flags[i].str[len])
|
|
|
|
return flags[i].value;
|
2018-02-01 09:17:37 -06:00
|
|
|
}
|
2018-02-14 07:03:41 -06:00
|
|
|
return -EINVAL;
|
2018-02-01 09:17:37 -06:00
|
|
|
}
|
|
|
|
|
2018-04-20 10:57:39 -05:00
|
|
|
static pid_t parse_pid(const char *str)
|
|
|
|
{
|
|
|
|
char *end;
|
|
|
|
pid_t ret;
|
|
|
|
|
|
|
|
errno = 0;
|
|
|
|
ret = strtoul(str, &end, 10);
|
|
|
|
|
|
|
|
if (ret < 0 || errno || end == str || (end && *end))
|
|
|
|
return 0;
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
2011-01-10 07:31:23 -06:00
|
|
|
int main(int argc, char **argv)
|
|
|
|
{
|
2017-04-27 07:26:02 -05:00
|
|
|
int c, rc = MNT_EX_SUCCESS, all = 0, show_labels = 0;
|
2011-01-21 17:09:34 -06:00
|
|
|
struct libmnt_context *cxt;
|
2012-01-23 13:31:23 -06:00
|
|
|
struct libmnt_table *fstab = NULL;
|
2012-07-17 15:02:35 -05:00
|
|
|
char *srcbuf = NULL;
|
2011-01-10 07:31:23 -06:00
|
|
|
char *types = NULL;
|
2018-06-01 07:07:53 -05:00
|
|
|
int oper = 0, is_move = 0;
|
2013-01-15 07:23:54 -06:00
|
|
|
int propa = 0;
|
2018-02-01 09:17:37 -06:00
|
|
|
int optmode = 0, optmode_mode = 0, optmode_src = 0;
|
2011-01-10 07:31:23 -06:00
|
|
|
|
2011-11-29 09:58:44 -06:00
|
|
|
enum {
|
|
|
|
MOUNT_OPT_SHARED = CHAR_MAX + 1,
|
|
|
|
MOUNT_OPT_SLAVE,
|
|
|
|
MOUNT_OPT_PRIVATE,
|
|
|
|
MOUNT_OPT_UNBINDABLE,
|
|
|
|
MOUNT_OPT_RSHARED,
|
|
|
|
MOUNT_OPT_RSLAVE,
|
|
|
|
MOUNT_OPT_RPRIVATE,
|
2012-07-17 15:02:35 -05:00
|
|
|
MOUNT_OPT_RUNBINDABLE,
|
|
|
|
MOUNT_OPT_TARGET,
|
2019-10-22 06:37:12 -05:00
|
|
|
MOUNT_OPT_TARGET_PREFIX,
|
2018-02-01 09:17:37 -06:00
|
|
|
MOUNT_OPT_SOURCE,
|
|
|
|
MOUNT_OPT_OPTMODE,
|
|
|
|
MOUNT_OPT_OPTSRC,
|
|
|
|
MOUNT_OPT_OPTSRC_FORCE
|
2011-11-29 09:58:44 -06:00
|
|
|
};
|
|
|
|
|
2011-03-03 08:00:30 -06:00
|
|
|
static const struct option longopts[] = {
|
2017-02-11 14:23:26 -06:00
|
|
|
{ "all", no_argument, NULL, 'a' },
|
|
|
|
{ "fake", no_argument, NULL, 'f' },
|
|
|
|
{ "fstab", required_argument, NULL, 'T' },
|
|
|
|
{ "fork", no_argument, NULL, 'F' },
|
|
|
|
{ "help", no_argument, NULL, 'h' },
|
|
|
|
{ "no-mtab", no_argument, NULL, 'n' },
|
|
|
|
{ "read-only", no_argument, NULL, 'r' },
|
|
|
|
{ "ro", no_argument, NULL, 'r' },
|
|
|
|
{ "verbose", no_argument, NULL, 'v' },
|
|
|
|
{ "version", no_argument, NULL, 'V' },
|
|
|
|
{ "read-write", no_argument, NULL, 'w' },
|
|
|
|
{ "rw", no_argument, NULL, 'w' },
|
|
|
|
{ "options", required_argument, NULL, 'o' },
|
|
|
|
{ "test-opts", required_argument, NULL, 'O' },
|
|
|
|
{ "types", required_argument, NULL, 't' },
|
|
|
|
{ "uuid", required_argument, NULL, 'U' },
|
|
|
|
{ "label", required_argument, NULL, 'L' },
|
|
|
|
{ "bind", no_argument, NULL, 'B' },
|
|
|
|
{ "move", no_argument, NULL, 'M' },
|
|
|
|
{ "rbind", no_argument, NULL, 'R' },
|
|
|
|
{ "make-shared", no_argument, NULL, MOUNT_OPT_SHARED },
|
|
|
|
{ "make-slave", no_argument, NULL, MOUNT_OPT_SLAVE },
|
|
|
|
{ "make-private", no_argument, NULL, MOUNT_OPT_PRIVATE },
|
|
|
|
{ "make-unbindable", no_argument, NULL, MOUNT_OPT_UNBINDABLE },
|
|
|
|
{ "make-rshared", no_argument, NULL, MOUNT_OPT_RSHARED },
|
|
|
|
{ "make-rslave", no_argument, NULL, MOUNT_OPT_RSLAVE },
|
|
|
|
{ "make-rprivate", no_argument, NULL, MOUNT_OPT_RPRIVATE },
|
|
|
|
{ "make-runbindable", no_argument, NULL, MOUNT_OPT_RUNBINDABLE },
|
|
|
|
{ "no-canonicalize", no_argument, NULL, 'c' },
|
|
|
|
{ "internal-only", no_argument, NULL, 'i' },
|
|
|
|
{ "show-labels", no_argument, NULL, 'l' },
|
|
|
|
{ "target", required_argument, NULL, MOUNT_OPT_TARGET },
|
2019-10-22 06:37:12 -05:00
|
|
|
{ "target-prefix", required_argument, NULL, MOUNT_OPT_TARGET_PREFIX },
|
2017-02-11 14:23:26 -06:00
|
|
|
{ "source", required_argument, NULL, MOUNT_OPT_SOURCE },
|
2018-02-01 09:17:37 -06:00
|
|
|
{ "options-mode", required_argument, NULL, MOUNT_OPT_OPTMODE },
|
|
|
|
{ "options-source", required_argument, NULL, MOUNT_OPT_OPTSRC },
|
|
|
|
{ "options-source-force", no_argument, NULL, MOUNT_OPT_OPTSRC_FORCE},
|
2018-02-19 11:58:23 -06:00
|
|
|
{ "namespace", required_argument, NULL, 'N' },
|
2017-02-11 14:23:26 -06:00
|
|
|
{ NULL, 0, NULL, 0 }
|
2011-01-10 07:31:23 -06:00
|
|
|
};
|
|
|
|
|
2017-02-10 05:05:04 -06:00
|
|
|
static const ul_excl_t excl[] = { /* rows and cols in ASCII order */
|
2013-01-15 07:23:54 -06:00
|
|
|
{ 'B','M','R' }, /* bind,move,rbind */
|
2012-07-26 02:26:21 -05:00
|
|
|
{ 'L','U', MOUNT_OPT_SOURCE }, /* label,uuid,source */
|
|
|
|
{ 0 }
|
|
|
|
};
|
|
|
|
int excl_st[ARRAY_SIZE(excl)] = UL_EXCL_STATUS_INIT;
|
|
|
|
|
2020-08-25 03:48:29 -05:00
|
|
|
__sanitize_env(&envs_removed);
|
2011-01-10 07:31:23 -06:00
|
|
|
setlocale(LC_ALL, "");
|
|
|
|
bindtextdomain(PACKAGE, LOCALEDIR);
|
|
|
|
textdomain(PACKAGE);
|
2019-04-16 08:14:13 -05:00
|
|
|
close_stdout_atexit();
|
2011-01-10 07:31:23 -06:00
|
|
|
|
2017-06-22 15:16:14 -05:00
|
|
|
strutils_set_exitcode(MNT_EX_USAGE);
|
|
|
|
|
2011-01-10 07:31:23 -06:00
|
|
|
mnt_init_debug(0);
|
|
|
|
cxt = mnt_new_context();
|
|
|
|
if (!cxt)
|
2017-04-27 07:26:02 -05:00
|
|
|
err(MNT_EX_SYSERR, _("libmount context allocation failed"));
|
2011-01-10 07:31:23 -06:00
|
|
|
|
2011-06-23 08:07:55 -05:00
|
|
|
mnt_context_set_tables_errcb(cxt, table_parser_errcb);
|
|
|
|
|
2018-02-19 11:58:23 -06:00
|
|
|
while ((c = getopt_long(argc, argv, "aBcfFhilL:Mno:O:rRsU:vVwt:T:N:",
|
2011-01-10 07:31:23 -06:00
|
|
|
longopts, NULL)) != -1) {
|
|
|
|
|
|
|
|
/* only few options are allowed for non-root users */
|
2012-07-17 15:02:35 -05:00
|
|
|
if (mnt_context_is_restricted(cxt) &&
|
2014-01-06 02:02:36 -06:00
|
|
|
!strchr("hlLUVvrist", c) &&
|
2012-07-17 15:02:35 -05:00
|
|
|
c != MOUNT_OPT_TARGET &&
|
|
|
|
c != MOUNT_OPT_SOURCE)
|
mount: no exit on EPERM, continue without suid
The current libmount assumes that mount(8) and umount(8) are suid
binaries. For this reason it implements internal rules which
restrict what is allowed for non-root users. Unfortunately, it's
out of reality for some use-cases where root permissions are no
required. Nice example are fuse filesystems.
So, the current situation is to call exit() always when mount, umount or
libmount are unsure with non-root user rights. This patch removes the
exit() call and replaces it with suid permissions drop, after that it
continues as usually. It means after suid-drop all depend on kernel
and no another security rule is used by libmount (simply because any
rule is no more necessary).
Example:
old version:
$ mount -t fuse.sshfs kzak@192.168.111.1:/home/kzak /home/kzak/mnt
mount: only root can use "--types" option
new version:
$ mount -t fuse.sshfs kzak@192.168.111.1:/home/kzak /home/kzak/mnt
kzak@192.168.111.1's password:
$ findmnt /home/kzak/mnt
TARGET SOURCE FSTYPE OPTIONS
/home/kzak/mnt kzak@192.168.111.1:/home/kzak fuse.sshfs rw,nosuid,nodev,relatime,user_id=1000,group_id=1000
$ umount /home/kzak/mnt
$ echo $?
0
Note that fuse user umount is supported since v2.34 due to user_id= in
kernel mount table.
Signed-off-by: Karel Zak <kzak@redhat.com>
2019-11-19 07:58:20 -06:00
|
|
|
suid_drop(cxt);
|
2011-01-10 07:31:23 -06:00
|
|
|
|
2012-07-26 02:26:21 -05:00
|
|
|
err_exclusive_options(c, longopts, excl, excl_st);
|
|
|
|
|
2011-01-10 07:31:23 -06:00
|
|
|
switch(c) {
|
|
|
|
case 'a':
|
|
|
|
all = 1;
|
|
|
|
break;
|
|
|
|
case 'c':
|
|
|
|
mnt_context_disable_canonicalize(cxt, TRUE);
|
|
|
|
break;
|
|
|
|
case 'f':
|
|
|
|
mnt_context_enable_fake(cxt, TRUE);
|
|
|
|
break;
|
|
|
|
case 'F':
|
2011-12-02 11:20:34 -06:00
|
|
|
mnt_context_enable_fork(cxt, TRUE);
|
2011-01-10 07:31:23 -06:00
|
|
|
break;
|
|
|
|
case 'i':
|
|
|
|
mnt_context_disable_helpers(cxt, TRUE);
|
|
|
|
break;
|
|
|
|
case 'n':
|
|
|
|
mnt_context_disable_mtab(cxt, TRUE);
|
|
|
|
break;
|
|
|
|
case 'r':
|
2013-01-15 07:23:54 -06:00
|
|
|
append_option(cxt, "ro");
|
2017-04-26 10:27:02 -05:00
|
|
|
mnt_context_enable_rwonly_mount(cxt, FALSE);
|
2011-01-10 07:31:23 -06:00
|
|
|
break;
|
|
|
|
case 'v':
|
|
|
|
mnt_context_enable_verbose(cxt, TRUE);
|
|
|
|
break;
|
|
|
|
case 'w':
|
2013-01-15 07:23:54 -06:00
|
|
|
append_option(cxt, "rw");
|
2017-04-26 10:27:02 -05:00
|
|
|
mnt_context_enable_rwonly_mount(cxt, TRUE);
|
2011-01-10 07:31:23 -06:00
|
|
|
break;
|
|
|
|
case 'o':
|
2020-04-15 06:24:23 -05:00
|
|
|
/* "move" is not supported as option string in libmount
|
|
|
|
* to avoid use in fstab */
|
|
|
|
if (mnt_optstr_get_option(optarg, "move", NULL, 0) == 0) {
|
|
|
|
char *o = xstrdup(optarg);
|
|
|
|
|
|
|
|
mnt_optstr_remove_option(&o, "move");
|
|
|
|
if (o && *o)
|
|
|
|
append_option(cxt, o);
|
|
|
|
oper = is_move = 1;
|
|
|
|
free(o);
|
|
|
|
} else
|
|
|
|
append_option(cxt, optarg);
|
2011-01-10 07:31:23 -06:00
|
|
|
break;
|
|
|
|
case 'O':
|
|
|
|
if (mnt_context_set_options_pattern(cxt, optarg))
|
2017-04-27 07:26:02 -05:00
|
|
|
err(MNT_EX_SYSERR, _("failed to set options pattern"));
|
2011-01-10 07:31:23 -06:00
|
|
|
break;
|
|
|
|
case 'L':
|
2012-07-17 15:02:35 -05:00
|
|
|
xasprintf(&srcbuf, "LABEL=\"%s\"", optarg);
|
|
|
|
mnt_context_disable_swapmatch(cxt, 1);
|
|
|
|
mnt_context_set_source(cxt, srcbuf);
|
|
|
|
free(srcbuf);
|
|
|
|
break;
|
2011-01-10 07:31:23 -06:00
|
|
|
case 'U':
|
2012-07-17 15:02:35 -05:00
|
|
|
xasprintf(&srcbuf, "UUID=\"%s\"", optarg);
|
|
|
|
mnt_context_disable_swapmatch(cxt, 1);
|
|
|
|
mnt_context_set_source(cxt, srcbuf);
|
|
|
|
free(srcbuf);
|
2011-01-10 07:31:23 -06:00
|
|
|
break;
|
|
|
|
case 'l':
|
|
|
|
show_labels = 1;
|
|
|
|
break;
|
|
|
|
case 't':
|
|
|
|
types = optarg;
|
|
|
|
break;
|
2012-01-23 13:31:23 -06:00
|
|
|
case 'T':
|
|
|
|
fstab = append_fstab(cxt, fstab, optarg);
|
|
|
|
break;
|
2011-01-10 07:31:23 -06:00
|
|
|
case 's':
|
|
|
|
mnt_context_enable_sloppy(cxt, TRUE);
|
|
|
|
break;
|
|
|
|
case 'B':
|
2018-06-01 05:11:03 -05:00
|
|
|
oper = 1;
|
|
|
|
append_option(cxt, "bind");
|
2011-01-10 07:31:23 -06:00
|
|
|
break;
|
|
|
|
case 'M':
|
2018-06-01 05:11:03 -05:00
|
|
|
oper = 1;
|
2018-06-01 07:07:53 -05:00
|
|
|
is_move = 1;
|
2011-01-10 07:31:23 -06:00
|
|
|
break;
|
|
|
|
case 'R':
|
2018-06-01 05:11:03 -05:00
|
|
|
oper = 1;
|
|
|
|
append_option(cxt, "rbind");
|
2011-01-10 07:31:23 -06:00
|
|
|
break;
|
2018-02-19 11:58:23 -06:00
|
|
|
case 'N':
|
2018-04-20 10:57:39 -05:00
|
|
|
{
|
|
|
|
char path[PATH_MAX];
|
|
|
|
pid_t pid = parse_pid(optarg);
|
|
|
|
|
|
|
|
if (pid)
|
|
|
|
snprintf(path, sizeof(path), "/proc/%i/ns/mnt", pid);
|
|
|
|
|
|
|
|
if (mnt_context_set_target_ns(cxt, pid ? path : optarg))
|
|
|
|
err(MNT_EX_SYSERR, _("failed to set target namespace to %s"), pid ? path : optarg);
|
2018-02-19 11:58:23 -06:00
|
|
|
break;
|
2018-04-20 10:57:39 -05:00
|
|
|
}
|
2011-11-29 09:58:44 -06:00
|
|
|
case MOUNT_OPT_SHARED:
|
2013-01-15 07:23:54 -06:00
|
|
|
append_option(cxt, "shared");
|
|
|
|
propa = 1;
|
2011-01-10 07:31:23 -06:00
|
|
|
break;
|
2011-11-29 09:58:44 -06:00
|
|
|
case MOUNT_OPT_SLAVE:
|
2013-01-15 07:23:54 -06:00
|
|
|
append_option(cxt, "slave");
|
|
|
|
propa = 1;
|
2011-01-10 07:31:23 -06:00
|
|
|
break;
|
2011-11-29 09:58:44 -06:00
|
|
|
case MOUNT_OPT_PRIVATE:
|
2013-01-15 07:23:54 -06:00
|
|
|
append_option(cxt, "private");
|
|
|
|
propa = 1;
|
2011-01-10 07:31:23 -06:00
|
|
|
break;
|
2011-11-29 09:58:44 -06:00
|
|
|
case MOUNT_OPT_UNBINDABLE:
|
2013-01-15 07:23:54 -06:00
|
|
|
append_option(cxt, "unbindable");
|
|
|
|
propa = 1;
|
2011-01-10 07:31:23 -06:00
|
|
|
break;
|
2011-11-29 09:58:44 -06:00
|
|
|
case MOUNT_OPT_RSHARED:
|
2013-01-15 07:23:54 -06:00
|
|
|
append_option(cxt, "rshared");
|
|
|
|
propa = 1;
|
2011-01-10 07:31:23 -06:00
|
|
|
break;
|
2011-11-29 09:58:44 -06:00
|
|
|
case MOUNT_OPT_RSLAVE:
|
2013-01-15 07:23:54 -06:00
|
|
|
append_option(cxt, "rslave");
|
|
|
|
propa = 1;
|
2011-01-10 07:31:23 -06:00
|
|
|
break;
|
2011-11-29 09:58:44 -06:00
|
|
|
case MOUNT_OPT_RPRIVATE:
|
2013-01-15 07:23:54 -06:00
|
|
|
append_option(cxt, "rprivate");
|
|
|
|
propa = 1;
|
2011-01-10 07:31:23 -06:00
|
|
|
break;
|
2011-11-29 09:58:44 -06:00
|
|
|
case MOUNT_OPT_RUNBINDABLE:
|
2013-01-15 07:23:54 -06:00
|
|
|
append_option(cxt, "runbindable");
|
|
|
|
propa = 1;
|
2011-01-10 07:31:23 -06:00
|
|
|
break;
|
2012-07-17 15:02:35 -05:00
|
|
|
case MOUNT_OPT_TARGET:
|
|
|
|
mnt_context_disable_swapmatch(cxt, 1);
|
|
|
|
mnt_context_set_target(cxt, optarg);
|
|
|
|
break;
|
2019-10-22 06:37:12 -05:00
|
|
|
case MOUNT_OPT_TARGET_PREFIX:
|
|
|
|
mnt_context_set_target_prefix(cxt, optarg);
|
|
|
|
break;
|
2012-07-17 15:02:35 -05:00
|
|
|
case MOUNT_OPT_SOURCE:
|
|
|
|
mnt_context_disable_swapmatch(cxt, 1);
|
|
|
|
mnt_context_set_source(cxt, optarg);
|
|
|
|
break;
|
2018-02-01 09:17:37 -06:00
|
|
|
case MOUNT_OPT_OPTMODE:
|
2018-02-14 07:03:41 -06:00
|
|
|
optmode_mode = omode2mask(optarg);
|
2018-02-01 09:17:37 -06:00
|
|
|
if (optmode_mode == -EINVAL) {
|
|
|
|
warnx(_("bad usage"));
|
|
|
|
errtryhelp(MNT_EX_USAGE);
|
|
|
|
}
|
|
|
|
break;
|
|
|
|
case MOUNT_OPT_OPTSRC:
|
2018-02-14 07:03:41 -06:00
|
|
|
{
|
|
|
|
unsigned long tmp = 0;
|
|
|
|
if (string_to_bitmask(optarg, &tmp, osrc2mask)) {
|
2018-02-01 09:17:37 -06:00
|
|
|
warnx(_("bad usage"));
|
|
|
|
errtryhelp(MNT_EX_USAGE);
|
|
|
|
}
|
2018-02-14 07:03:41 -06:00
|
|
|
optmode_src = tmp;
|
2018-02-01 09:17:37 -06:00
|
|
|
break;
|
2018-02-14 07:03:41 -06:00
|
|
|
}
|
2018-02-01 09:17:37 -06:00
|
|
|
case MOUNT_OPT_OPTSRC_FORCE:
|
|
|
|
optmode |= MNT_OMODE_FORCE;
|
|
|
|
break;
|
2019-04-16 08:14:13 -05:00
|
|
|
|
|
|
|
case 'h':
|
|
|
|
mnt_free_context(cxt);
|
|
|
|
usage();
|
|
|
|
case 'V':
|
|
|
|
mnt_free_context(cxt);
|
|
|
|
mount_print_version();
|
2011-01-10 07:31:23 -06:00
|
|
|
default:
|
2017-04-27 07:26:02 -05:00
|
|
|
errtryhelp(MNT_EX_USAGE);
|
2011-01-10 07:31:23 -06:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
argc -= optind;
|
|
|
|
argv += optind;
|
|
|
|
|
2018-02-01 09:17:37 -06:00
|
|
|
optmode |= optmode_mode | optmode_src;
|
|
|
|
if (optmode) {
|
|
|
|
if (!optmode_mode)
|
|
|
|
optmode |= MNT_OMODE_PREPEND;
|
|
|
|
if (!optmode_src)
|
|
|
|
optmode |= MNT_OMODE_FSTAB | MNT_OMODE_MTAB;
|
|
|
|
mnt_context_set_optsmode(cxt, optmode);
|
|
|
|
}
|
|
|
|
|
2012-10-24 16:59:04 -05:00
|
|
|
if (fstab && !mnt_context_is_nocanonicalize(cxt)) {
|
|
|
|
/*
|
|
|
|
* We have external (context independent) fstab instance, let's
|
|
|
|
* make a connection between the fstab and the canonicalization
|
|
|
|
* cache.
|
|
|
|
*/
|
2013-08-21 07:38:38 -05:00
|
|
|
mnt_table_set_cache(fstab, mnt_context_get_cache(cxt));
|
2012-10-24 16:59:04 -05:00
|
|
|
}
|
|
|
|
|
2012-07-17 15:02:35 -05:00
|
|
|
if (!mnt_context_get_source(cxt) &&
|
|
|
|
!mnt_context_get_target(cxt) &&
|
|
|
|
!argc &&
|
|
|
|
!all) {
|
2017-06-19 13:52:50 -05:00
|
|
|
if (oper || mnt_context_get_options(cxt)) {
|
|
|
|
warnx(_("bad usage"));
|
|
|
|
errtryhelp(MNT_EX_USAGE);
|
|
|
|
}
|
2011-06-23 08:19:37 -05:00
|
|
|
print_all(cxt, types, show_labels);
|
2011-01-10 07:31:23 -06:00
|
|
|
goto done;
|
|
|
|
}
|
|
|
|
|
2013-01-03 00:05:34 -06:00
|
|
|
/* Non-root users are allowed to use -t to print_all(),
|
|
|
|
but not to mount */
|
|
|
|
if (mnt_context_is_restricted(cxt) && types)
|
mount: no exit on EPERM, continue without suid
The current libmount assumes that mount(8) and umount(8) are suid
binaries. For this reason it implements internal rules which
restrict what is allowed for non-root users. Unfortunately, it's
out of reality for some use-cases where root permissions are no
required. Nice example are fuse filesystems.
So, the current situation is to call exit() always when mount, umount or
libmount are unsure with non-root user rights. This patch removes the
exit() call and replaces it with suid permissions drop, after that it
continues as usually. It means after suid-drop all depend on kernel
and no another security rule is used by libmount (simply because any
rule is no more necessary).
Example:
old version:
$ mount -t fuse.sshfs kzak@192.168.111.1:/home/kzak /home/kzak/mnt
mount: only root can use "--types" option
new version:
$ mount -t fuse.sshfs kzak@192.168.111.1:/home/kzak /home/kzak/mnt
kzak@192.168.111.1's password:
$ findmnt /home/kzak/mnt
TARGET SOURCE FSTYPE OPTIONS
/home/kzak/mnt kzak@192.168.111.1:/home/kzak fuse.sshfs rw,nosuid,nodev,relatime,user_id=1000,group_id=1000
$ umount /home/kzak/mnt
$ echo $?
0
Note that fuse user umount is supported since v2.34 due to user_id= in
kernel mount table.
Signed-off-by: Karel Zak <kzak@redhat.com>
2019-11-19 07:58:20 -06:00
|
|
|
suid_drop(cxt);
|
2013-01-03 00:05:34 -06:00
|
|
|
|
2017-06-19 13:52:50 -05:00
|
|
|
if (oper && (types || all || mnt_context_get_source(cxt))) {
|
|
|
|
warnx(_("bad usage"));
|
|
|
|
errtryhelp(MNT_EX_USAGE);
|
|
|
|
}
|
2011-01-10 07:31:23 -06:00
|
|
|
|
2011-06-23 08:07:55 -05:00
|
|
|
if (types && (all || strchr(types, ',') ||
|
|
|
|
strncmp(types, "no", 2) == 0))
|
2011-01-10 07:31:23 -06:00
|
|
|
mnt_context_set_fstype_pattern(cxt, types);
|
|
|
|
else if (types)
|
|
|
|
mnt_context_set_fstype(cxt, types);
|
|
|
|
|
2011-06-09 15:43:51 -05:00
|
|
|
if (all) {
|
|
|
|
/*
|
|
|
|
* A) Mount all
|
|
|
|
*/
|
2019-01-16 08:00:07 -06:00
|
|
|
if (has_remount_flag(cxt))
|
|
|
|
rc = remount_all(cxt);
|
|
|
|
else
|
|
|
|
rc = mount_all(cxt);
|
2011-06-23 08:19:37 -05:00
|
|
|
goto done;
|
2011-06-09 15:43:51 -05:00
|
|
|
|
2012-07-17 15:02:35 -05:00
|
|
|
} else if (argc == 0 && (mnt_context_get_source(cxt) ||
|
|
|
|
mnt_context_get_target(cxt))) {
|
2011-06-09 15:43:51 -05:00
|
|
|
/*
|
2012-07-17 15:02:35 -05:00
|
|
|
* B) mount -L|-U|--source|--target
|
2013-11-19 10:44:21 -06:00
|
|
|
*
|
|
|
|
* non-root may specify source *or* target, but not both
|
2011-06-09 15:43:51 -05:00
|
|
|
*/
|
2012-07-17 15:02:35 -05:00
|
|
|
if (mnt_context_is_restricted(cxt) &&
|
|
|
|
mnt_context_get_source(cxt) &&
|
|
|
|
mnt_context_get_target(cxt))
|
mount: no exit on EPERM, continue without suid
The current libmount assumes that mount(8) and umount(8) are suid
binaries. For this reason it implements internal rules which
restrict what is allowed for non-root users. Unfortunately, it's
out of reality for some use-cases where root permissions are no
required. Nice example are fuse filesystems.
So, the current situation is to call exit() always when mount, umount or
libmount are unsure with non-root user rights. This patch removes the
exit() call and replaces it with suid permissions drop, after that it
continues as usually. It means after suid-drop all depend on kernel
and no another security rule is used by libmount (simply because any
rule is no more necessary).
Example:
old version:
$ mount -t fuse.sshfs kzak@192.168.111.1:/home/kzak /home/kzak/mnt
mount: only root can use "--types" option
new version:
$ mount -t fuse.sshfs kzak@192.168.111.1:/home/kzak /home/kzak/mnt
kzak@192.168.111.1's password:
$ findmnt /home/kzak/mnt
TARGET SOURCE FSTYPE OPTIONS
/home/kzak/mnt kzak@192.168.111.1:/home/kzak fuse.sshfs rw,nosuid,nodev,relatime,user_id=1000,group_id=1000
$ umount /home/kzak/mnt
$ echo $?
0
Note that fuse user umount is supported since v2.34 due to user_id= in
kernel mount table.
Signed-off-by: Karel Zak <kzak@redhat.com>
2019-11-19 07:58:20 -06:00
|
|
|
suid_drop(cxt);
|
2011-01-10 07:31:23 -06:00
|
|
|
|
2013-11-19 10:44:21 -06:00
|
|
|
} else if (argc == 1 && (!mnt_context_get_source(cxt) ||
|
|
|
|
!mnt_context_get_target(cxt))) {
|
2011-06-09 15:43:51 -05:00
|
|
|
/*
|
2012-07-17 15:02:35 -05:00
|
|
|
* C) mount [-L|-U|--source] <target>
|
2013-11-19 10:44:21 -06:00
|
|
|
* mount [--target <dir>] <source>
|
2011-06-09 15:43:51 -05:00
|
|
|
* mount <source|target>
|
2012-07-17 15:02:35 -05:00
|
|
|
*
|
|
|
|
* non-root may specify source *or* target, but not both
|
2013-11-19 10:44:21 -06:00
|
|
|
*
|
|
|
|
* It does not matter for libmount if we set source or target
|
|
|
|
* here (the library is able to swap it), but it matters for
|
|
|
|
* sanitize_paths().
|
2011-06-09 15:43:51 -05:00
|
|
|
*/
|
2013-11-19 10:44:21 -06:00
|
|
|
int istag = mnt_tag_is_valid(argv[0]);
|
|
|
|
|
|
|
|
if (istag && mnt_context_get_source(cxt))
|
|
|
|
/* -L, -U or --source together with LABEL= or UUID= */
|
2017-04-27 07:26:02 -05:00
|
|
|
errx(MNT_EX_USAGE, _("source specified more than once"));
|
2013-11-19 10:44:21 -06:00
|
|
|
else if (istag || mnt_context_get_target(cxt))
|
|
|
|
mnt_context_set_source(cxt, argv[0]);
|
|
|
|
else
|
|
|
|
mnt_context_set_target(cxt, argv[0]);
|
|
|
|
|
2012-07-17 15:02:35 -05:00
|
|
|
if (mnt_context_is_restricted(cxt) &&
|
2013-11-19 10:44:21 -06:00
|
|
|
mnt_context_get_source(cxt) &&
|
|
|
|
mnt_context_get_target(cxt))
|
mount: no exit on EPERM, continue without suid
The current libmount assumes that mount(8) and umount(8) are suid
binaries. For this reason it implements internal rules which
restrict what is allowed for non-root users. Unfortunately, it's
out of reality for some use-cases where root permissions are no
required. Nice example are fuse filesystems.
So, the current situation is to call exit() always when mount, umount or
libmount are unsure with non-root user rights. This patch removes the
exit() call and replaces it with suid permissions drop, after that it
continues as usually. It means after suid-drop all depend on kernel
and no another security rule is used by libmount (simply because any
rule is no more necessary).
Example:
old version:
$ mount -t fuse.sshfs kzak@192.168.111.1:/home/kzak /home/kzak/mnt
mount: only root can use "--types" option
new version:
$ mount -t fuse.sshfs kzak@192.168.111.1:/home/kzak /home/kzak/mnt
kzak@192.168.111.1's password:
$ findmnt /home/kzak/mnt
TARGET SOURCE FSTYPE OPTIONS
/home/kzak/mnt kzak@192.168.111.1:/home/kzak fuse.sshfs rw,nosuid,nodev,relatime,user_id=1000,group_id=1000
$ umount /home/kzak/mnt
$ echo $?
0
Note that fuse user umount is supported since v2.34 due to user_id= in
kernel mount table.
Signed-off-by: Karel Zak <kzak@redhat.com>
2019-11-19 07:58:20 -06:00
|
|
|
suid_drop(cxt);
|
2012-07-17 15:02:35 -05:00
|
|
|
|
|
|
|
} else if (argc == 2 && !mnt_context_get_source(cxt)
|
|
|
|
&& !mnt_context_get_target(cxt)) {
|
2011-06-09 15:43:51 -05:00
|
|
|
/*
|
|
|
|
* D) mount <source> <target>
|
|
|
|
*/
|
2011-01-10 07:31:23 -06:00
|
|
|
if (mnt_context_is_restricted(cxt))
|
mount: no exit on EPERM, continue without suid
The current libmount assumes that mount(8) and umount(8) are suid
binaries. For this reason it implements internal rules which
restrict what is allowed for non-root users. Unfortunately, it's
out of reality for some use-cases where root permissions are no
required. Nice example are fuse filesystems.
So, the current situation is to call exit() always when mount, umount or
libmount are unsure with non-root user rights. This patch removes the
exit() call and replaces it with suid permissions drop, after that it
continues as usually. It means after suid-drop all depend on kernel
and no another security rule is used by libmount (simply because any
rule is no more necessary).
Example:
old version:
$ mount -t fuse.sshfs kzak@192.168.111.1:/home/kzak /home/kzak/mnt
mount: only root can use "--types" option
new version:
$ mount -t fuse.sshfs kzak@192.168.111.1:/home/kzak /home/kzak/mnt
kzak@192.168.111.1's password:
$ findmnt /home/kzak/mnt
TARGET SOURCE FSTYPE OPTIONS
/home/kzak/mnt kzak@192.168.111.1:/home/kzak fuse.sshfs rw,nosuid,nodev,relatime,user_id=1000,group_id=1000
$ umount /home/kzak/mnt
$ echo $?
0
Note that fuse user umount is supported since v2.34 due to user_id= in
kernel mount table.
Signed-off-by: Karel Zak <kzak@redhat.com>
2019-11-19 07:58:20 -06:00
|
|
|
suid_drop(cxt);
|
2013-11-19 10:44:21 -06:00
|
|
|
|
2011-01-10 07:31:23 -06:00
|
|
|
mnt_context_set_source(cxt, argv[0]);
|
|
|
|
mnt_context_set_target(cxt, argv[1]);
|
2012-07-17 15:02:35 -05:00
|
|
|
|
2017-06-19 13:52:50 -05:00
|
|
|
} else {
|
|
|
|
warnx(_("bad usage"));
|
|
|
|
errtryhelp(MNT_EX_USAGE);
|
|
|
|
}
|
2011-01-10 07:31:23 -06:00
|
|
|
|
2020-01-03 03:48:09 -06:00
|
|
|
if (mnt_context_is_restricted(cxt) && sanitize_paths(cxt) != 0)
|
|
|
|
suid_drop(cxt);
|
2012-11-26 07:30:22 -06:00
|
|
|
|
2018-06-01 07:07:53 -05:00
|
|
|
if (is_move)
|
|
|
|
/* "move" as option string is not supported by libmount */
|
|
|
|
mnt_context_set_mflags(cxt, MS_MOVE);
|
|
|
|
|
2014-10-17 01:52:00 -05:00
|
|
|
if ((oper && !has_remount_flag(cxt)) || propa)
|
|
|
|
/* For --make-* or --bind is fstab/mtab unnecessary */
|
2012-01-16 07:35:10 -06:00
|
|
|
mnt_context_set_optsmode(cxt, MNT_OMODE_NOTAB);
|
|
|
|
|
2011-02-02 14:19:14 -06:00
|
|
|
rc = mnt_context_mount(cxt);
|
mount: no exit on EPERM, continue without suid
The current libmount assumes that mount(8) and umount(8) are suid
binaries. For this reason it implements internal rules which
restrict what is allowed for non-root users. Unfortunately, it's
out of reality for some use-cases where root permissions are no
required. Nice example are fuse filesystems.
So, the current situation is to call exit() always when mount, umount or
libmount are unsure with non-root user rights. This patch removes the
exit() call and replaces it with suid permissions drop, after that it
continues as usually. It means after suid-drop all depend on kernel
and no another security rule is used by libmount (simply because any
rule is no more necessary).
Example:
old version:
$ mount -t fuse.sshfs kzak@192.168.111.1:/home/kzak /home/kzak/mnt
mount: only root can use "--types" option
new version:
$ mount -t fuse.sshfs kzak@192.168.111.1:/home/kzak /home/kzak/mnt
kzak@192.168.111.1's password:
$ findmnt /home/kzak/mnt
TARGET SOURCE FSTYPE OPTIONS
/home/kzak/mnt kzak@192.168.111.1:/home/kzak fuse.sshfs rw,nosuid,nodev,relatime,user_id=1000,group_id=1000
$ umount /home/kzak/mnt
$ echo $?
0
Note that fuse user umount is supported since v2.34 due to user_id= in
kernel mount table.
Signed-off-by: Karel Zak <kzak@redhat.com>
2019-11-19 07:58:20 -06:00
|
|
|
|
|
|
|
if (rc == -EPERM
|
|
|
|
&& mnt_context_is_restricted(cxt)
|
|
|
|
&& !mnt_context_syscall_called(cxt)) {
|
|
|
|
/* Try it again without permissions */
|
|
|
|
suid_drop(cxt);
|
|
|
|
rc = mnt_context_mount(cxt);
|
|
|
|
}
|
2012-01-13 09:29:21 -06:00
|
|
|
rc = mk_exit_code(cxt, rc);
|
|
|
|
|
2017-04-27 07:26:02 -05:00
|
|
|
if (rc == MNT_EX_SUCCESS && mnt_context_is_verbose(cxt))
|
2012-10-09 04:56:35 -05:00
|
|
|
success_message(cxt);
|
2011-01-10 07:31:23 -06:00
|
|
|
done:
|
|
|
|
mnt_free_context(cxt);
|
2020-08-25 03:48:29 -05:00
|
|
|
env_list_free(envs_removed);
|
2011-01-10 07:31:23 -06:00
|
|
|
return rc;
|
|
|
|
}
|