From ff21f476f85ac9855452f4aac43a231c3c1e2ebc Mon Sep 17 00:00:00 2001
From: Roberto Bergantinos Corpas <rbergant@redhat.com>
Date: Tue, 12 Jan 2021 11:58:53 +0100
Subject: [PATCH] findmnt: add option to list all fs-independent flags

It might be useful for security auditing purposes list all possible
mount flags/options including default set which are normally not listed.

This patch adds "--vfs-all" option to list all fs-independent flags
on VFS-OPTIONS column, as well as libmount funcionality to accomplish
it.

i.e.:

$ findmnt -o VFS-OPTIONS
VFS-OPTIONS
rw,relatime
rw,nosuid,nodev,noexec,relatime
rw,nosuid,nodev,noexec,relatime
ro,nosuid,nodev,noexec
...

$ findmnt --vfs-all -o VFS-OPTIONS
VFS-OPTIONS
rw,exec,suid,dev,async,loud,nomand,atime,noiversion,diratime,relatime,nostrictatime,nolazytime,symfollow
rw,noexec,nosuid,nodev,async,loud,nomand,atime,noiversion,diratime,relatime,nostrictatime,nolazytime,symfollow
rw,noexec,nosuid,nodev,async,loud,nomand,atime,noiversion,diratime,relatime,nostrictatime,nolazytime,symfollow
ro,noexec,nosuid,nodev,async,loud,nomand,atime,noiversion,diratime,norelatime,nostrictatime,nolazytime,symfollow
...

[kzak@redhat.com: - cleanup coding style and comments]

Signed-off-by: Roberto Bergantinos Corpas <rbergant@redhat.com>
Signed-off-by: Karel Zak <kzak@redhat.com>
---
 libmount/docs/libmount-sections.txt |  1 +
 libmount/src/fs.c                   | 32 +++++++++++++++++++++++++++++
 libmount/src/libmount.h.in          |  1 +
 libmount/src/libmount.sym           |  4 ++++
 misc-utils/findmnt.8                |  6 ++++++
 misc-utils/findmnt.c                | 12 +++++++++--
 misc-utils/findmnt.h                |  1 +
 7 files changed, 55 insertions(+), 2 deletions(-)

diff --git a/libmount/docs/libmount-sections.txt b/libmount/docs/libmount-sections.txt
index da96b75b3..911dc0a0f 100644
--- a/libmount/docs/libmount-sections.txt
+++ b/libmount/docs/libmount-sections.txt
@@ -245,6 +245,7 @@ mnt_fs_get_usedsize
 mnt_fs_get_userdata
 mnt_fs_get_user_options
 mnt_fs_get_vfs_options
+mnt_fs_get_vfs_options_all
 mnt_fs_is_kernel
 mnt_fs_is_netfs
 mnt_fs_is_pseudofs
diff --git a/libmount/src/fs.c b/libmount/src/fs.c
index d669b6167..a9242099d 100644
--- a/libmount/src/fs.c
+++ b/libmount/src/fs.c
@@ -951,6 +951,38 @@ const char *mnt_fs_get_vfs_options(struct libmnt_fs *fs)
 	return fs ? fs->vfs_optstr : NULL;
 }
 
+/**
+ * mnt_fs_get_vfs_options_all:
+ * @fs: fstab/mtab entry pointer
+ *
+ * Returns: pointer to newlly allocated string (can be freed by free(3)) or
+ * NULL in case of error.  The string contains all (including defaults) mount
+ * options.
+ */
+char *mnt_fs_get_vfs_options_all(struct libmnt_fs *fs)
+{
+	const struct libmnt_optmap *map = mnt_get_builtin_optmap(MNT_LINUX_MAP);
+	const struct libmnt_optmap *ent;
+	const char *opts = mnt_fs_get_options(fs);
+	char *result = NULL;
+	unsigned long flags = 0;
+
+	if (!opts || mnt_optstr_get_flags(opts, &flags, map))
+		return NULL;
+
+	for (ent = map ; ent && ent->name ; ent++){
+		if (ent->id & flags) { /* non-default value */
+			if (!(ent->mask & MNT_INVERT))
+				mnt_optstr_append_option(&result, ent->name, NULL);
+			else
+				continue;
+		} else if (ent->mask & MNT_INVERT)
+			mnt_optstr_append_option(&result, ent->name, NULL);
+	}
+
+	return result;
+}
+
 /**
  * mnt_fs_get_user_options:
  * @fs: fstab/mtab entry pointer
diff --git a/libmount/src/libmount.h.in b/libmount/src/libmount.h.in
index e6710ae01..b7b278d0e 100644
--- a/libmount/src/libmount.h.in
+++ b/libmount/src/libmount.h.in
@@ -471,6 +471,7 @@ extern int mnt_fs_get_option(struct libmnt_fs *fs, const char *name,
 extern const char *mnt_fs_get_fs_options(struct libmnt_fs *fs);
 extern const char *mnt_fs_get_vfs_options(struct libmnt_fs *fs);
 extern const char *mnt_fs_get_user_options(struct libmnt_fs *fs);
+extern char *mnt_fs_get_vfs_options_all(struct libmnt_fs *fs);
 
 extern const char *mnt_fs_get_attributes(struct libmnt_fs *fs);
 extern int mnt_fs_set_attributes(struct libmnt_fs *fs, const char *optstr);
diff --git a/libmount/src/libmount.sym b/libmount/src/libmount.sym
index 792d11753..e98e44b9c 100644
--- a/libmount/src/libmount.sym
+++ b/libmount/src/libmount.sym
@@ -356,3 +356,7 @@ MOUNT_2_35 {
 	mnt_context_get_target_prefix;
 	mnt_context_set_target_prefix;
 } MOUNT_2.34;
+
+MOUNT_2_37 {
+	mnt_fs_get_vfs_options_all;
+} MOUNT_2_35;
diff --git a/misc-utils/findmnt.8 b/misc-utils/findmnt.8
index 86ab6ff93..6c14633bf 100644
--- a/misc-utils/findmnt.8
+++ b/misc-utils/findmnt.8
@@ -262,6 +262,12 @@ It's possible to specify source (device) or target (mountpoint) to filter mount
 .TP
 .B \-\-verbose
 Force findmnt to print more information (\fB\-\-verify\fP only for now).
+.TP
+.B \-\-vfs-all
+When used with
+.BR VFS-OPTIONS
+column, print all VFS (fs-independent) flags.  This option is designed for auditing purposes to
+list also default VFS kernel mount options which are normally not listed.
 .SH ENVIRONMENT
 .IP LIBMOUNT_FSTAB=<path>
 overrides the default location of the fstab file
diff --git a/misc-utils/findmnt.c b/misc-utils/findmnt.c
index 43b4dc7d6..294e853eb 100644
--- a/misc-utils/findmnt.c
+++ b/misc-utils/findmnt.c
@@ -545,7 +545,9 @@ static char *get_data(struct libmnt_fs *fs, int num)
 			str = xstrdup(mnt_fs_get_options(fs));
 		break;
 	case COL_VFS_OPTIONS:
-		if (mnt_fs_get_vfs_options(fs))
+		if (flags & FL_VFS_ALL)
+			str = mnt_fs_get_vfs_options_all(fs);
+		else if (mnt_fs_get_vfs_options(fs))
 			str = xstrdup(mnt_fs_get_vfs_options(fs));
 		break;
 	case COL_FS_OPTIONS:
@@ -1262,6 +1264,7 @@ static void __attribute__((__noreturn__)) usage(void)
 	fputc('\n', out);
 	fputs(_(" -x, --verify           verify mount table content (default is fstab)\n"), out);
 	fputs(_("     --verbose          print more details\n"), out);
+	fputs(_("     --vfs-all          print all VFS options\n"), out);
 
 	fputs(USAGE_SEPARATOR, out);
 	printf(USAGE_HELP_OPTIONS(24));
@@ -1294,7 +1297,8 @@ int main(int argc, char *argv[])
 		FINDMNT_OPT_TREE,
 		FINDMNT_OPT_OUTPUT_ALL,
 		FINDMNT_OPT_PSEUDO,
-		FINDMNT_OPT_REAL
+		FINDMNT_OPT_REAL,
+		FINDMNT_OPT_VFS_ALL
 	};
 
 	static const struct option longopts[] = {
@@ -1338,6 +1342,7 @@ int main(int argc, char *argv[])
 		{ "tree",	    no_argument,       NULL, FINDMNT_OPT_TREE	 },
 		{ "real",	    no_argument,       NULL, FINDMNT_OPT_REAL	 },
 		{ "pseudo",	    no_argument,       NULL, FINDMNT_OPT_PSEUDO	 },
+		{ "vfs-all",	    no_argument,       NULL, FINDMNT_OPT_VFS_ALL },
 		{ NULL, 0, NULL, 0 }
 	};
 
@@ -1512,6 +1517,9 @@ int main(int argc, char *argv[])
 		case FINDMNT_OPT_REAL:
 			flags |= FL_REAL;
 			break;
+		case FINDMNT_OPT_VFS_ALL:
+			flags |= FL_VFS_ALL;
+			break;
 
 		case 'h':
 			usage();
diff --git a/misc-utils/findmnt.h b/misc-utils/findmnt.h
index 6388837a0..92d1119ae 100644
--- a/misc-utils/findmnt.h
+++ b/misc-utils/findmnt.h
@@ -20,6 +20,7 @@ enum {
 	FL_VERBOSE	= (1 << 16),
 	FL_PSEUDO	= (1 << 17),
 	FL_REAL		= (1 << 18),
+	FL_VFS_ALL	= (1 << 19),
 
 	/* basic table settings */
 	FL_ASCII	= (1 << 20),