fstab:
//rhel73/myshare/sub/path /mnt cifs
after mount in mountinfo:
# grep cifs /proc/self/mountinfo
47 39 0:40 /sub/path /mnt rw,relatime shared:60 - cifs //rhel73/myshare/sub/path ...
^^^^^^^^^
or:
# grep cifs /proc/self/mountinfo
47 39 0:40 / /mnt rw,relatime shared:60 - cifs //rhel73/myshare/sub/path ...
^
That is so since on kernel cifs code, cifs_get_root (which returns the
entry associated with mnt_root) return s_root if
CIFS_MOUNT_USE_PREFIX_PATH is set, no questions asked.
This situation can occurr often on CIFS mounts, as CIFS servers limit
frequently scope of access to the root path.
[kzak@redhat.com: - add more info to the commit message,
- clean up variable names]
Addresses: https://bugzilla.redhat.com/show_bug.cgi?id=1826719
Signed-off-by: Roberto Bergantinos Corpas <rbergant@redhat.com>
Signed-off-by: Karel Zak <kzak@redhat.com>
Before ecfeae90a2 ("libmount: Ensure utab.lock mode 644"), you could do
something like:
irc:/tmp umount --version
umount from util-linux 2.27.1 (libmount 2.27.0: selinux, assert, debug)
irc:/tmp mkdir foo bar
irc:/tmp unshare -Urm
irc:/tmp mount --bind foo bar
irc:/tmp umount bar
irc:/tmp echo $?
0
However, afterwards, you get:
/tmp unshare -Urm
/tmp mount --bind foo bar
/tmp umount bar
umount: /tmp/bar: filesystem was unmounted, but failed to update userspace mount table.
Because of the chmod failing:
fchmod(3, 0644) = -1 EPERM (Operation not permitted)
Let's figure out whether the chmod is necessary before doing it, and only
do it if it is necessary. This won't fix cases where the system is already
broken, but at least on healthy systems umount will behave as before.
Signed-off-by: Tycho Andersen <tycho@tycho.ws>
* 'clang' of https://github.com/neheb/util-linux:
[clang-tidy] fix misleading identation
[clang-tidy] use ceil
[clang-tidy] fix wrong *cmp usage
[clang-tidy] do not use else after return
[clang-tidy] do not return in void functions
[clang-tidy] fix mismatching declarations
Currently, umount /foo results in a statfs("/foo") call, which triggers
autofs. This can create another mountpoint on /foo, which is then unmounted
later instead of the actual /foo at the time umount was called.
This is especially an issue for umount -R /bar, which just fails with
-EBUSY as the accidental mountpoint is never accounted for and so it tries
to umount /bar before /bar/someautofs.
Replace the direct statfs call with open(path, O_PATH) + fstatfs, which sees
the autofs mount directly, without triggering it.
The classic mount(8) behavior is to try read-only on write-protected devices
if the first mount syscall attempt ends with EACCES.
It seems we can implement this feature also for EBUSY if the same mount source
is already mounted with "ro" superblock option.
The typical use-case is iso image (always read-only) mounted on two places.
Addresses: https://bugzilla.redhat.com/show_bug.cgi?id=1809124
Signed-off-by: Karel Zak <kzak@redhat.com>
libmount returns EPERM for all X- and x- mount options for non-root
users when evaluate X-mount.mkdir. It's bug, we need to be sensitive
to only X-mount.mkdir and only if the target directory is missing.
Addresses: https://github.com/karelzak/util-linux/issues/941
Signed-off-by: Karel Zak <kzak@redhat.com>
A new API was added to libcryptsetup to make use of the kernel's new
CONFIG_DM_VERITY_VERIFY_ROOTHASH_SIG feature, which allows to sign
root hashes. Add a verity.roothashsig option to use it.
Device reuse will be allowed only if signatures are used by all, or
by none.
Since v2.35 mount(8) drops suid on -EPERM and repeat necessary actions
before mount(2) syscall. This patch also improves this behavior for
X-mount.mkdir too.
mount(8):
* return -EPERM on sanitize_paths() rather than call err()
* call suid_drop() on failed sanitize_paths()
* update man page
libmount:
* mnt_context_prepare_target() refactoring
* return -EPERM when in restricted mode for X-mount.mkdir
Fixed version:
/home/kzak/mnt-foo sr.net.home:/home/kzak fuse.sshfs noauto,X-mount.mkdir
$ mount /home/kzak/mnt-foo
kzak@sr.net.home's password:
$ /home/projects/util-linux/util-linux findmnt /home/kzak/mnt-foo
TARGET SOURCE FSTYPE OPTIONS
/home/kzak/mnt-foo sr.net.home:/home/kzak fuse.sshfs rw,nosuid,nodev,relatime,user_id=1000,group_id=1000
Addresses: https://github.com/systemd/systemd/issues/14418
Signed-off-by: Karel Zak <kzak@redhat.com>
Allow users to point mount to a file to read the roothash, in addition
to passing it inline.
Allows a volume managed by a systemd mount unit to be updated without
changing the mount unit content itself, for easier and more user friendly
servicing.
The following new options are added:
verity.hashdevice
verity.roothash
verity.hashoffset
The source path will be used as a dm-verity object, and will be
opened using libcryptsetup APIs.
A new --with-cryptsetup build-time option is added, which adds a
dependency on libcryptsetup. To ease bootstrapping, given libcryptsetup
build-depends on util-linux for libuuid, if --with-cryptsetup=yes but
libcryptsetup is not installed only a warning will be printed at
configure time rather than an error. This way stage0/first stage/ring0
builds can use the same configure options but avoid installing
cryptsetup to get a working base set, and then rebuild util-linux in
the next step of the boostrapping process.
If verity options are selected but cannot be fullfilled due to lack of
dependencies, mounting a volume will fail even if using a loop device
would work as a fallback, to avoid silently skipping integrity checks.
The current libmount assumes that mount(8) and umount(8) are suid
binaries. For this reason it implements internal rules which
restrict what is allowed for non-root users. Unfortunately, it's
out of reality for some use-cases where root permissions are no
required. Nice example are fuse filesystems.
So, the current situation is to call exit() always when mount, umount or
libmount are unsure with non-root user rights. This patch removes the
exit() call and replaces it with suid permissions drop, after that it
continues as usually. It means after suid-drop all depend on kernel
and no another security rule is used by libmount (simply because any
rule is no more necessary).
Example:
old version:
$ mount -t fuse.sshfs kzak@192.168.111.1:/home/kzak /home/kzak/mnt
mount: only root can use "--types" option
new version:
$ mount -t fuse.sshfs kzak@192.168.111.1:/home/kzak /home/kzak/mnt
kzak@192.168.111.1's password:
$ findmnt /home/kzak/mnt
TARGET SOURCE FSTYPE OPTIONS
/home/kzak/mnt kzak@192.168.111.1:/home/kzak fuse.sshfs rw,nosuid,nodev,relatime,user_id=1000,group_id=1000
$ umount /home/kzak/mnt
$ echo $?
0
Note that fuse user umount is supported since v2.34 due to user_id= in
kernel mount table.
Signed-off-by: Karel Zak <kzak@redhat.com>
Since 34333e5244 we apply fstab options
manually by mnt_context_apply_fs() on --all. The function does not
work correctly when optsmode is zero.
Signed-off-by: Karel Zak <kzak@redhat.com>
For example:
# mount --verbose --all -t xfs -o ro
will mount all all XFS filesystems from fstab, but read-only.
Signed-off-by: Karel Zak <kzak@redhat.com>
The current implementation works, but the remount operation is done in
the cloned context and the original context (and calling application)
has no information about the final status/errors. This is mistake.
This new implementation works like mnt_context_next_mount(), it means
the same context (as used by application) is reused for all remounts.
The original setting is restored by mnt_context_apply_template().
Signed-off-by: Karel Zak <kzak@redhat.com>
This commit adds new functions to save and reuse the current FS
setting (mount options from command line, etc) after context reset.
It's usable for example in "mount --all" when we use the same context
for more times for more mount operations.
Signed-off-by: Karel Zak <kzak@redhat.com>
* don't ignore strdup() result
* cleanup mnt_context_prepare_helper() to have only one return point
(due to mnt_context_switch_ns())
* add mnt_context_prepare_helper() test program
Signed-off-by: Karel Zak <kzak@redhat.com>
* add set/get functions to context
* use prefix to detect already mounted filesystems
* use prefix when prepare target path
Signed-off-by: Karel Zak <kzak@redhat.com>
The current solution is to use /proc/mounts if previous attempt to
open /proc/self/mountinfo failed. The fallback should not be used when
mount table path is explicitly specified by application. The default
is NULL, only in this case libmount should be try to be smart.
Reported-by: Alasdair G Kergon <agk@redhat.com>
Signed-off-by: Karel Zak <kzak@redhat.com>
Add libselinux dependency to libmount if it is compiled
with selinux support.
Without this fix, 'pkg-config --libs --static mount' doesn't
show libselinux related options.
Signed-off-by: Masami Hiramatsu <mhiramat@kernel.org>
Sorry detail-oriented people tend to wipe these out if they notice them.
Add in automated tools and lots of excess end-of-line spaces get wiped
out.
Addresses: https://github.com/karelzak/util-linux/pull/849
Signed-off-by: Karel Zak <kzak@redhat.com>
Gabriel de Perthuis
Karel Zak
Roberto Bergantinos Corpas
Tycho Andersen
Rosen Penev
Fabian Vogt
Luca Boccassi
Masami Hiramatsu
Darsey Litzenberger
Elliott Mitchell