ericonr
/
util-linux
mirror of https://github.com/ericonr/util-linux.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
906 Commits 31 Branches 178 Tags 180 MiB
C 85.6%
Shell 9.2%
M4 1.9%
Meson 1.8%
Yacc 0.7%
Other 0.7%
Go to file
Karel Zak 0959f8063b mount: non-setuid (POSIX file capabilities) support 
The mount command does not work properly if you replace suid with
POSIX file capabilities. We still need to check for non-root mounts and
the command has to work in very restricted mode for non-root users.

This patch allows you to remove suid bit from mount and umount. Note
that you need a system with filesystem capability support, e.g.
Fedora 10).

# ls -l /bin/mount
-rwxr-xr-x 1 root root 65192 2008-11-09 22:59 /bin/mount

# getcap /bin/mount
/bin/mount = cap_dac_override,cap_sys_admin+ep

[kzak@redhat.com: all the above comments]


Don't bypass security checks when [u]mount uses POSIX file capabilities
rather than setuid root to permit non-root mounts.

Signed-off-by: Geoff Johnstone <geoff.johnstone@googlemail.com>
 		2009-02-04 12:50:14 +01:00
config build-sys: use dist_man_MANS instead of man_MANS 2007-12-17 10:08:49 +01:00
disk-utils raw: default to /dev/raw/rawctl 2008-12-26 01:13:03 +01:00
docs build-sys: release++ (v2.14) 2008-06-09 13:58:54 +02:00
example.files raw: add file with udev rule example 2007-01-26 20:06:38 +01:00
fdisk fdisk: add 0xaf HFS / HFS partition type 2009-02-04 12:39:02 +01:00
getopt getopt: remove unnecessary ifdefs 2008-11-26 14:25:25 +01:00
hwclock hwclock: clock.h is included more than once 2008-11-26 14:31:19 +01:00
include include: use __BYTE_ORDER rather than AC specific WORDS_BIGENDIAN 2008-12-08 11:16:37 +01:00
lib lib: add __BYTE_ORDER to md5.c 2008-12-08 11:12:30 +01:00
licenses Imported from util-linux-2.9v tarball. 2006-12-07 00:25:39 +01:00
login-utils refresh gitignore 2008-12-12 15:03:18 +01:00
misc-utils namei: add missing options to namei.1 2009-01-27 15:00:35 +01:00
mount mount: non-setuid (POSIX file capabilities) support 2009-02-04 12:50:14 +01:00
partx partx: don't redeclare daddr_t 2008-09-16 11:29:42 +02:00
po build-sys: move pivot_root(8) to sys-utils 2008-11-19 12:38:43 +01:00
schedutils chrt: output buglet when reporting scheduling class 2009-02-03 10:22:07 +01:00
sys-utils rtcwake: add mising .RE to the man page 2009-01-29 17:47:20 +01:00
tests tests: add md5 regression test 2008-12-08 12:36:07 +01:00
text-utils pg: add gettext call for the help string 2008-12-12 15:13:44 +01:00
tools fdisk: rename ENABLE_CMDTAGQ macro 2008-11-26 14:24:52 +01:00
.gitignore build-sys: update .gitignore files 2008-04-14 14:24:03 +02:00
AUTHORS docs: update AUTHORS file 2008-06-09 12:49:40 +02:00
COPYING Imported from util-linux-2.13-pre1 tarball. 2006-12-07 00:26:54 +01:00
DEPRECATED losetup: mark the option -s as deprecated 2008-04-15 15:18:48 +02:00
INSTALL Imported from util-linux-2.13-pre1 tarball. 2006-12-07 00:26:54 +01:00
Makefile.am tools: add checkconfig to top-level Makefile 2008-11-26 13:42:16 +01:00
NEWS build-sys: release++ (v2.14) 2008-06-09 13:58:54 +02:00
README docs: add note about static linking 2008-03-12 14:07:28 +01:00
README.devel docs: cleanup README.devel, add note about coding style and Signed-off-by 2008-04-14 12:51:41 +02:00
README.licensing lscpu: new command 2008-07-18 03:01:49 +02:00
TODO TODO: add request to use nl_langinfo() 2008-12-12 14:41:34 +01:00
autogen.sh build-sys: autogen.sh reports versions of autotools now 2007-09-02 13:43:31 +02:00
configure.ac include: use __BYTE_ORDER rather than AC specific WORDS_BIGENDIAN 2008-12-08 11:16:37 +01:00

README 

                          utils-linux-ng
           (fork of util-linux, based on version 2.13-pre7)

         util-linux is a random collection of Linux utilities

WEB PAGE:

     http://kernel.org/~kzak/util-linux-ng/


MAILING LIST:

      E-MAIL: util-linux-ng@vger.kernel.org
      URL:    http://vger.kernel.org/vger-lists.html#util-linux-ng


DOWNLOAD:

      ftp://ftp.kernel.org/pub/linux/utils/util-linux-ng/


SOURCE CODE:

      Web interface:
          http://git.kernel.org/?p=utils/util-linux-ng/util-linux-ng.git
      Checkout:
          git clone git://git.kernel.org/pub/scm/utils/util-linux-ng/util-linux-ng.git util-linux-ng

NLS (PO TRANSLATIONS):

      PO files are maintained by:
          http://translationproject.org/domain/util-linux-ng.html

NEUTRALITY:

      The stuff in util-linux-ng should be rather distribution-neutral.
      No RPMs/DEBs/... are provided - get yours from your distributor.


VERSION SCHEMA:

      Standard releases:

          <major>.<minor>[.<maint>[.<bugfix>]]

             major = fatal and deep changes
             minor = typical release with new fetures
             maint = maintenance releases; bug fixes only
             bugfix = unplanned releases for critical/security bugs

      Development releases:

         <major>.<minor><suffix>

             suffix = "devel" or "-rc<N>"


COMPILATION:

      See the INSTALL file for more details.

      Notes:
            * use SUID_CFLAGS and SUID_LDFLAGS when you want to define special
              compiler options for typical suid programs, for example:

                  ./configure SUID_CFLAGS="-fpie" SUID_LDFLAGS="-pie"

              This feature is currently supported for chfn, chsh, newgrp,
              write, mount, and umount.


STATIC LINKING:

      Use --enable-static-programs[=LIST] configure option when you want to use
      statically linked programs.

      Note, mount(8) uses get{pw,gr}nam() and getpwuid() functions for
      translation from username and groupname to UID and GID. These functions
      could be implemented by dynamically loaded independent modules (NSS) in
      your libc (e.g. glibc). These modules are not statically linked to mount(8)
      and mount.static is still using dlopen() like dynamically linked version.

      The translation won't be work in environment where is not installed the
      NSS modules.

      For example normal system (NSS modules are available):

              # ./mount.static -v -f -n -ouid=kzak /mnt/foo
              LABEL=/mnt/foo on /mnt/foo type vfat (rw,uid=500)
                                                       ^^^^^^^
      and without NSS modules:

              # chroot . ./mount.static -v -f -n -ouid=kzak /mnt/win
              LABEL=/mnt/win on /mnt/win type vfat (rw,uid=kzak)
                                                       ^^^^^^^^