ericonr
/
util-linux
mirror of https://github.com/ericonr/util-linux.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
util-linux/mount
History
Karel Zak 0959f8063b mount: non-setuid (POSIX file capabilities) support 
The mount command does not work properly if you replace suid with
POSIX file capabilities. We still need to check for non-root mounts and
the command has to work in very restricted mode for non-root users.

This patch allows you to remove suid bit from mount and umount. Note
that you need a system with filesystem capability support, e.g.
Fedora 10).

# ls -l /bin/mount
-rwxr-xr-x 1 root root 65192 2008-11-09 22:59 /bin/mount

# getcap /bin/mount
/bin/mount = cap_dac_override,cap_sys_admin+ep

[kzak@redhat.com: all the above comments]


Don't bypass security checks when [u]mount uses POSIX file capabilities
rather than setuid root to permit non-root mounts.

Signed-off-by: Geoff Johnstone <geoff.johnstone@googlemail.com>
 		2009-02-04 12:50:14 +01:00
..
.gitignore build-sys: move pivot_root(8) to sys-utils 2008-11-19 12:38:43 +01:00
Makefile.am mount: fix mount_static_LDADD 2008-12-12 14:04:19 +01:00
README.mount build-sys: rename to -ng, change maintainer name 2007-01-04 13:44:06 +01:00
fsprobe.c mount: clean up SPEC canonicalization 2008-12-19 12:45:20 +01:00
fsprobe.h mount: needs to handle special mountprog even on guessed file systems. 2007-06-28 01:23:49 +02:00
fsprobe_blkid.c mount: fsprobe: use blkid cache only when really necessary 2007-05-17 12:52:40 +02:00
fsprobe_volumeid.c mount: fix typo in volume_id code 2009-01-31 01:50:26 +01:00
fstab.5 mount: cleanup "none" fstype usage 2007-10-04 15:07:30 +02:00
fstab.c umount: cleanup gefs_by_specdir() 2009-01-07 00:18:41 +01:00
fstab.h umount: cleanup gefs_by_specdir() 2009-01-07 00:18:41 +01:00
getusername.c Imported from util-linux-2.9i tarball. 2006-12-07 00:25:37 +01:00
getusername.h Imported from util-linux-2.9i tarball. 2006-12-07 00:25:37 +01:00
lomount.c losetup: add warning about read-only mode 2008-11-18 15:50:38 +01:00
lomount.h umount: improve "-d" option for autoclear loops 2008-07-02 15:01:28 +02:00
loop.h mount: allow auto-destruction of loop devices 2008-02-19 01:05:55 +01:00
losetup.8 losetup: fix typo in losetup.8 2008-04-16 01:32:10 +02:00
mount.8 mount: document newinstance and ptmxmode options to devpts 2009-01-21 13:06:53 +01:00
mount.c mount: non-setuid (POSIX file capabilities) support 2009-02-04 12:50:14 +01:00
mount_constants.h mount: add i_version support 2008-11-27 12:08:44 +01:00
mount_mntent.c remove useless if-before-free tests. 2008-03-12 12:00:39 +01:00
mount_mntent.h build-sys: remove DEFAULT_INCLUDES workaround 2007-01-04 14:39:17 +01:00
realpath.c mount: clean up SPEC canonicalization 2008-12-19 12:45:20 +01:00
realpath.h mount: clean up SPEC canonicalization 2008-12-19 12:45:20 +01:00
sundries.c remove CVS keywords 2008-07-28 11:10:08 +02:00
sundries.h mount: sundries.h add klibc support 2008-07-24 00:52:52 +02:00
swap_constants.h Imported from util-linux-2.9i tarball. 2006-12-07 00:25:37 +01:00
swapoff.8 Imported from util-linux-2.2 tarball. 2006-12-07 00:25:32 +01:00
swapon.8 swapon: readjust the usage summaries 2007-12-03 13:30:00 +01:00
swapon.c swapon: add swap format detection and pagesize check 2008-12-05 12:54:12 +01:00
umount.8 man pages: add "AVAILABILITY" section 2007-07-03 01:17:04 +02:00
umount.c mount: non-setuid (POSIX file capabilities) support 2009-02-04 12:50:14 +01:00
xmalloc.c mount: cleanup error() and die() 2007-10-25 21:50:59 +02:00
xmalloc.h mount: remove useless if-before-my_free, define my_free as a macro 2008-03-12 12:28:50 +01:00

README.mount 

mount/umount for Linux 0.97.3 and later.
Authors:
Doug Quale <quale@saavik.cs.wisc.edu>,
H.J. Lu <hlu@eecs.wsu.edu>,
Rick Sladkey <jrs@world.std.com>,
Stephen Tweedie <sct@dcs.ed.ac.uk>.
Andries Brouwer <aeb@cwi.nl>
Adrian Bunk <bunk@stusta.de>

Presently in util-linux-ng maintained by Karel Zak <kzak@redhat.com>.