forked from pool/util-linux
- fix automount with quota (rh#825836)
- mount-new-allow-sloppy-for-non-root.patch - fix wrong mount options for CIFS mounts (bnc#766157) - libmount-don-t-use-nosuid-noexec-nodev-for-cifs-user.patch OBS-URL: https://build.opensuse.org/package/show/Base:System/util-linux?expand=0&rev=138
This commit is contained in:
parent
eae160c0e8
commit
34c9b14737
115
libmount-don-t-use-nosuid-noexec-nodev-for-cifs-user.patch
Normal file
115
libmount-don-t-use-nosuid-noexec-nodev-for-cifs-user.patch
Normal file
@ -0,0 +1,115 @@
|
|||||||
|
From e90e7401d0c318c9dac4a0204e2bca86949b1d32 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Karel Zak <kzak@redhat.com>
|
||||||
|
Date: Thu, 14 Jun 2012 14:19:26 +0200
|
||||||
|
Subject: [PATCH] libmount: don't use nosuid,noexec,nodev for cifs user=foo
|
||||||
|
|
||||||
|
mount -t cifs //127.0.0.1/users /mnt/smb -o user=root,password=linux
|
||||||
|
|
||||||
|
is incorrectly translated to
|
||||||
|
|
||||||
|
mount.cifs -o noexec,nosuid,nodev,user=root,password=linux ...
|
||||||
|
|
||||||
|
The command mount(8) should be sensitive to "user" (without "=<name>")
|
||||||
|
only. The correct cifs command line is:
|
||||||
|
|
||||||
|
mount.cifs -o user=root,password=linux
|
||||||
|
|
||||||
|
Addresses: https://bugzilla.novell.com/show_bug.cgi?id=766157
|
||||||
|
Signed-off-by: Karel Zak <kzak@redhat.com>
|
||||||
|
Signed-off-by: Petr Uzel <petr.uzel@suse.cz>
|
||||||
|
---
|
||||||
|
libmount/src/context_mount.c | 29 +++++++++++++++++++++++++++--
|
||||||
|
libmount/src/optstr.c | 9 +++++----
|
||||||
|
2 files changed, 32 insertions(+), 6 deletions(-)
|
||||||
|
|
||||||
|
Index: util-linux-2.21.2/libmount/src/context_mount.c
|
||||||
|
===================================================================
|
||||||
|
--- util-linux-2.21.2.orig/libmount/src/context_mount.c
|
||||||
|
+++ util-linux-2.21.2/libmount/src/context_mount.c
|
||||||
|
@@ -53,6 +53,15 @@ static int fix_optstr(struct libmnt_cont
|
||||||
|
if (cxt->mountflags & MS_PROPAGATION)
|
||||||
|
cxt->mountflags &= (MS_PROPAGATION | MS_REC | MS_SILENT);
|
||||||
|
|
||||||
|
+ /*
|
||||||
|
+ * The "user" options is our business (so we can modify the option),
|
||||||
|
+ * but exception is command line for /sbin/mount.<type> helpers. Let's
|
||||||
|
+ * save the original user=<name> to call the helpers with unchanged
|
||||||
|
+ * "user" setting.
|
||||||
|
+ *
|
||||||
|
+ * Don't check for MNT_MS_USER in cxt->user_mountflags, the flag maybe
|
||||||
|
+ * removed by evaluate_permissions().
|
||||||
|
+ */
|
||||||
|
if (!mnt_optstr_get_option(fs->user_optstr, "user", &val, &valsz)) {
|
||||||
|
if (val) {
|
||||||
|
cxt->orig_user = strndup(val, valsz);
|
||||||
|
@@ -196,6 +205,10 @@ err:
|
||||||
|
|
||||||
|
/*
|
||||||
|
* this has to be called before fix_optstr()
|
||||||
|
+ *
|
||||||
|
+ * Note that user=<name> maybe be used by some filesystems as filesystem
|
||||||
|
+ * specific option (e.g. cifs). Yes, developers of such filesystems have
|
||||||
|
+ * allocated pretty hot place in hell...
|
||||||
|
*/
|
||||||
|
static int evaluate_permissions(struct libmnt_context *cxt)
|
||||||
|
{
|
||||||
|
@@ -233,10 +246,22 @@ static int evaluate_permissions(struct l
|
||||||
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
- * Note that MS_OWNERSECURE and MS_SECURE mount options
|
||||||
|
- * are applied by mnt_optstr_get_flags() from mnt_context_merge_mflags()
|
||||||
|
+ * MS_OWNERSECURE and MS_SECURE mount options are already
|
||||||
|
+ * applied by mnt_optstr_get_flags() in mnt_context_merge_mflags()
|
||||||
|
+ * if "user" (but no user=<name> !) options is set.
|
||||||
|
+ *
|
||||||
|
+ * Let's ignore all user=<name> (if <name> is set) requests.
|
||||||
|
*/
|
||||||
|
+ if (cxt->user_mountflags & MNT_MS_USER) {
|
||||||
|
+ size_t valsz = 0;
|
||||||
|
|
||||||
|
+ if (!mnt_optstr_get_option(cxt->fs->user_optstr,
|
||||||
|
+ "user", NULL, &valsz) && valsz) {
|
||||||
|
+
|
||||||
|
+ DBG(CXT, mnt_debug_h(cxt, "perms: user=<name> detected, ignore"));
|
||||||
|
+ cxt->user_mountflags &= ~MNT_MS_USER;
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
|
||||||
|
/*
|
||||||
|
* MS_OWNER: Allow owners to mount when fstab contains the
|
||||||
|
Index: util-linux-2.21.2/libmount/src/optstr.c
|
||||||
|
===================================================================
|
||||||
|
--- util-linux-2.21.2.orig/libmount/src/optstr.c
|
||||||
|
+++ util-linux-2.21.2/libmount/src/optstr.c
|
||||||
|
@@ -579,7 +579,7 @@ int mnt_optstr_get_flags(const char *opt
|
||||||
|
{
|
||||||
|
struct libmnt_optmap const *maps[2];
|
||||||
|
char *name, *str = (char *) optstr;
|
||||||
|
- size_t namesz = 0;
|
||||||
|
+ size_t namesz = 0, valsz = 0;
|
||||||
|
int nmaps = 0;
|
||||||
|
|
||||||
|
assert(optstr);
|
||||||
|
@@ -596,7 +596,7 @@ int mnt_optstr_get_flags(const char *opt
|
||||||
|
*/
|
||||||
|
maps[nmaps++] = mnt_get_builtin_optmap(MNT_USERSPACE_MAP);
|
||||||
|
|
||||||
|
- while(!mnt_optstr_next_option(&str, &name, &namesz, NULL, NULL)) {
|
||||||
|
+ while(!mnt_optstr_next_option(&str, &name, &namesz, NULL, &valsz)) {
|
||||||
|
const struct libmnt_optmap *ent;
|
||||||
|
const struct libmnt_optmap *m;
|
||||||
|
|
||||||
|
@@ -610,9 +610,10 @@ int mnt_optstr_get_flags(const char *opt
|
||||||
|
else
|
||||||
|
*flags |= ent->id;
|
||||||
|
|
||||||
|
- } else if (nmaps == 2 && m == maps[1]) {
|
||||||
|
+ } else if (nmaps == 2 && m == maps[1] && valsz == 0) {
|
||||||
|
/*
|
||||||
|
- * Special case -- translate "user" to MS_ options
|
||||||
|
+ * Special case -- translate "user" (but no user=) to
|
||||||
|
+ * MS_ options
|
||||||
|
*/
|
||||||
|
if (ent->mask & MNT_INVERT)
|
||||||
|
continue;
|
25
mount-new-allow-sloppy-for-non-root.patch
Normal file
25
mount-new-allow-sloppy-for-non-root.patch
Normal file
@ -0,0 +1,25 @@
|
|||||||
|
From e26de525e21677c680d87f63e4dafbe4859365bf Mon Sep 17 00:00:00 2001
|
||||||
|
From: Karel Zak <kzak@redhat.com>
|
||||||
|
Date: Thu, 14 Jun 2012 14:43:21 +0200
|
||||||
|
Subject: [PATCH] mount: (new) allow sloppy for non-root
|
||||||
|
|
||||||
|
Addresses: https://bugzilla.redhat.com/show_bug.cgi?id=825836
|
||||||
|
Signed-off-by: Karel Zak <kzak@redhat.com>
|
||||||
|
Signed-off-by: Petr Uzel <petr.uzel@suse.cz>
|
||||||
|
---
|
||||||
|
sys-utils/mount.c | 2 +-
|
||||||
|
1 files changed, 1 insertions(+), 1 deletions(-)
|
||||||
|
|
||||||
|
Index: util-linux-2.21.2/sys-utils/mount.c
|
||||||
|
===================================================================
|
||||||
|
--- util-linux-2.21.2.orig/sys-utils/mount.c
|
||||||
|
+++ util-linux-2.21.2/sys-utils/mount.c
|
||||||
|
@@ -732,7 +732,7 @@ int main(int argc, char **argv)
|
||||||
|
longopts, NULL)) != -1) {
|
||||||
|
|
||||||
|
/* only few options are allowed for non-root users */
|
||||||
|
- if (mnt_context_is_restricted(cxt) && !strchr("hlLUVvpri", c))
|
||||||
|
+ if (mnt_context_is_restricted(cxt) && !strchr("hlLUVvpris", c))
|
||||||
|
exit_non_root(option_to_longopt(c, longopts));
|
||||||
|
|
||||||
|
switch(c) {
|
@ -1,3 +1,11 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Thu Jun 14 13:04:40 UTC 2012 - puzel@suse.com
|
||||||
|
|
||||||
|
- fix automount with quota (rh#825836)
|
||||||
|
- mount-new-allow-sloppy-for-non-root.patch
|
||||||
|
- fix wrong mount options for CIFS mounts (bnc#766157)
|
||||||
|
- libmount-don-t-use-nosuid-noexec-nodev-for-cifs-user.patch
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Thu May 31 10:04:23 UTC 2012 - sweet_f_a@gmx.de
|
Thu May 31 10:04:23 UTC 2012 - sweet_f_a@gmx.de
|
||||||
|
|
||||||
|
@ -88,6 +88,8 @@ Source51: blkid.conf
|
|||||||
Patch1: util-linux-2.12r-fdisk_remove_bogus_warnings.patch
|
Patch1: util-linux-2.12r-fdisk_remove_bogus_warnings.patch
|
||||||
Patch2: util-linux-2.20-libmount-deps.patch
|
Patch2: util-linux-2.20-libmount-deps.patch
|
||||||
Patch3: fdisk-tinfo.patch
|
Patch3: fdisk-tinfo.patch
|
||||||
|
Patch4: mount-new-allow-sloppy-for-non-root.patch
|
||||||
|
Patch5: libmount-don-t-use-nosuid-noexec-nodev-for-cifs-user.patch
|
||||||
|
|
||||||
##
|
##
|
||||||
## adjtimex
|
## adjtimex
|
||||||
@ -190,6 +192,8 @@ Files to develop applications using the libmount library.
|
|||||||
%patch1 -p1
|
%patch1 -p1
|
||||||
%patch2 -p1
|
%patch2 -p1
|
||||||
%patch3 -p1
|
%patch3 -p1
|
||||||
|
%patch4 -p1
|
||||||
|
%patch5 -p1
|
||||||
|
|
||||||
#
|
#
|
||||||
cd adjtimex-*
|
cd adjtimex-*
|
||||||
|
Loading…
Reference in New Issue
Block a user