diff --git a/libmount-don-t-use-nosuid-noexec-nodev-for-cifs-user.patch b/libmount-don-t-use-nosuid-noexec-nodev-for-cifs-user.patch new file mode 100644 index 0000000..695f5b9 --- /dev/null +++ b/libmount-don-t-use-nosuid-noexec-nodev-for-cifs-user.patch @@ -0,0 +1,115 @@ +From e90e7401d0c318c9dac4a0204e2bca86949b1d32 Mon Sep 17 00:00:00 2001 +From: Karel Zak +Date: Thu, 14 Jun 2012 14:19:26 +0200 +Subject: [PATCH] libmount: don't use nosuid,noexec,nodev for cifs user=foo + + mount -t cifs //127.0.0.1/users /mnt/smb -o user=root,password=linux + +is incorrectly translated to + + mount.cifs -o noexec,nosuid,nodev,user=root,password=linux ... + +The command mount(8) should be sensitive to "user" (without "=") +only. The correct cifs command line is: + + mount.cifs -o user=root,password=linux + +Addresses: https://bugzilla.novell.com/show_bug.cgi?id=766157 +Signed-off-by: Karel Zak +Signed-off-by: Petr Uzel +--- + libmount/src/context_mount.c | 29 +++++++++++++++++++++++++++-- + libmount/src/optstr.c | 9 +++++---- + 2 files changed, 32 insertions(+), 6 deletions(-) + +Index: util-linux-2.21.2/libmount/src/context_mount.c +=================================================================== +--- util-linux-2.21.2.orig/libmount/src/context_mount.c ++++ util-linux-2.21.2/libmount/src/context_mount.c +@@ -53,6 +53,15 @@ static int fix_optstr(struct libmnt_cont + if (cxt->mountflags & MS_PROPAGATION) + cxt->mountflags &= (MS_PROPAGATION | MS_REC | MS_SILENT); + ++ /* ++ * The "user" options is our business (so we can modify the option), ++ * but exception is command line for /sbin/mount. helpers. Let's ++ * save the original user= to call the helpers with unchanged ++ * "user" setting. ++ * ++ * Don't check for MNT_MS_USER in cxt->user_mountflags, the flag maybe ++ * removed by evaluate_permissions(). ++ */ + if (!mnt_optstr_get_option(fs->user_optstr, "user", &val, &valsz)) { + if (val) { + cxt->orig_user = strndup(val, valsz); +@@ -196,6 +205,10 @@ err: + + /* + * this has to be called before fix_optstr() ++ * ++ * Note that user= maybe be used by some filesystems as filesystem ++ * specific option (e.g. cifs). Yes, developers of such filesystems have ++ * allocated pretty hot place in hell... + */ + static int evaluate_permissions(struct libmnt_context *cxt) + { +@@ -233,10 +246,22 @@ static int evaluate_permissions(struct l + } + + /* +- * Note that MS_OWNERSECURE and MS_SECURE mount options +- * are applied by mnt_optstr_get_flags() from mnt_context_merge_mflags() ++ * MS_OWNERSECURE and MS_SECURE mount options are already ++ * applied by mnt_optstr_get_flags() in mnt_context_merge_mflags() ++ * if "user" (but no user= !) options is set. ++ * ++ * Let's ignore all user= (if is set) requests. + */ ++ if (cxt->user_mountflags & MNT_MS_USER) { ++ size_t valsz = 0; + ++ if (!mnt_optstr_get_option(cxt->fs->user_optstr, ++ "user", NULL, &valsz) && valsz) { ++ ++ DBG(CXT, mnt_debug_h(cxt, "perms: user= detected, ignore")); ++ cxt->user_mountflags &= ~MNT_MS_USER; ++ } ++ } + + /* + * MS_OWNER: Allow owners to mount when fstab contains the +Index: util-linux-2.21.2/libmount/src/optstr.c +=================================================================== +--- util-linux-2.21.2.orig/libmount/src/optstr.c ++++ util-linux-2.21.2/libmount/src/optstr.c +@@ -579,7 +579,7 @@ int mnt_optstr_get_flags(const char *opt + { + struct libmnt_optmap const *maps[2]; + char *name, *str = (char *) optstr; +- size_t namesz = 0; ++ size_t namesz = 0, valsz = 0; + int nmaps = 0; + + assert(optstr); +@@ -596,7 +596,7 @@ int mnt_optstr_get_flags(const char *opt + */ + maps[nmaps++] = mnt_get_builtin_optmap(MNT_USERSPACE_MAP); + +- while(!mnt_optstr_next_option(&str, &name, &namesz, NULL, NULL)) { ++ while(!mnt_optstr_next_option(&str, &name, &namesz, NULL, &valsz)) { + const struct libmnt_optmap *ent; + const struct libmnt_optmap *m; + +@@ -610,9 +610,10 @@ int mnt_optstr_get_flags(const char *opt + else + *flags |= ent->id; + +- } else if (nmaps == 2 && m == maps[1]) { ++ } else if (nmaps == 2 && m == maps[1] && valsz == 0) { + /* +- * Special case -- translate "user" to MS_ options ++ * Special case -- translate "user" (but no user=) to ++ * MS_ options + */ + if (ent->mask & MNT_INVERT) + continue; diff --git a/mount-new-allow-sloppy-for-non-root.patch b/mount-new-allow-sloppy-for-non-root.patch new file mode 100644 index 0000000..c83533b --- /dev/null +++ b/mount-new-allow-sloppy-for-non-root.patch @@ -0,0 +1,25 @@ +From e26de525e21677c680d87f63e4dafbe4859365bf Mon Sep 17 00:00:00 2001 +From: Karel Zak +Date: Thu, 14 Jun 2012 14:43:21 +0200 +Subject: [PATCH] mount: (new) allow sloppy for non-root + +Addresses: https://bugzilla.redhat.com/show_bug.cgi?id=825836 +Signed-off-by: Karel Zak +Signed-off-by: Petr Uzel +--- + sys-utils/mount.c | 2 +- + 1 files changed, 1 insertions(+), 1 deletions(-) + +Index: util-linux-2.21.2/sys-utils/mount.c +=================================================================== +--- util-linux-2.21.2.orig/sys-utils/mount.c ++++ util-linux-2.21.2/sys-utils/mount.c +@@ -732,7 +732,7 @@ int main(int argc, char **argv) + longopts, NULL)) != -1) { + + /* only few options are allowed for non-root users */ +- if (mnt_context_is_restricted(cxt) && !strchr("hlLUVvpri", c)) ++ if (mnt_context_is_restricted(cxt) && !strchr("hlLUVvpris", c)) + exit_non_root(option_to_longopt(c, longopts)); + + switch(c) { diff --git a/util-linux.changes b/util-linux.changes index 747c987..4d78ba9 100644 --- a/util-linux.changes +++ b/util-linux.changes @@ -1,3 +1,11 @@ +------------------------------------------------------------------- +Thu Jun 14 13:04:40 UTC 2012 - puzel@suse.com + +- fix automount with quota (rh#825836) + - mount-new-allow-sloppy-for-non-root.patch +- fix wrong mount options for CIFS mounts (bnc#766157) + - libmount-don-t-use-nosuid-noexec-nodev-for-cifs-user.patch + ------------------------------------------------------------------- Thu May 31 10:04:23 UTC 2012 - sweet_f_a@gmx.de diff --git a/util-linux.spec b/util-linux.spec index 21ab64b..fb64f0b 100644 --- a/util-linux.spec +++ b/util-linux.spec @@ -88,6 +88,8 @@ Source51: blkid.conf Patch1: util-linux-2.12r-fdisk_remove_bogus_warnings.patch Patch2: util-linux-2.20-libmount-deps.patch Patch3: fdisk-tinfo.patch +Patch4: mount-new-allow-sloppy-for-non-root.patch +Patch5: libmount-don-t-use-nosuid-noexec-nodev-for-cifs-user.patch ## ## adjtimex @@ -190,6 +192,8 @@ Files to develop applications using the libmount library. %patch1 -p1 %patch2 -p1 %patch3 -p1 +%patch4 -p1 +%patch5 -p1 # cd adjtimex-*