1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
|
From: Karel Zak <kzak@redhat.com>
Date: Mon, 25 Jan 2021 11:11:05 +0100
Subject: libmount: allow --read-only for not-root users
The command "mount -r" was supported for non-root users in very old
mount(8) versions. Unfortunately, in this case libmount replaces all
mount options from command line by options from fstab. We need
exception for MS_RDONLY.
Fixes: https://github.com/karelzak/util-linux/issues/1235
Signed-off-by: Karel Zak <kzak@redhat.com>
---
libmount/src/context.c | 31 ++++++++++++++++++++++++-------
1 file changed, 24 insertions(+), 7 deletions(-)
diff --git a/libmount/src/context.c b/libmount/src/context.c
index 46e2010..e4e9f8f 100644
--- a/libmount/src/context.c
+++ b/libmount/src/context.c
@@ -2319,9 +2319,12 @@ end:
return rc;
}
-/* apply @fs to @cxt -- use mnt_context_apply_fstab() if not sure
+/* apply @fs to @cxt;
+ *
+ * @mflags are mount flags as specified on command-line -- used only to save
+ * MS_RDONLY which is allowed for non-root users.
*/
-int mnt_context_apply_fs(struct libmnt_context *cxt, struct libmnt_fs *fs)
+static int apply_fs(struct libmnt_context *cxt, struct libmnt_fs *fs, unsigned long mflags)
{
int rc;
@@ -2333,6 +2336,7 @@ int mnt_context_apply_fs(struct libmnt_context *cxt, struct libmnt_fs *fs)
DBG(CXT, ul_debugobj(cxt, "use default optsmode"));
cxt->optsmode = MNT_OMODE_AUTO;
}
+
}
DBG(CXT, ul_debugobj(cxt, "apply entry:"));
@@ -2360,9 +2364,15 @@ int mnt_context_apply_fs(struct libmnt_context *cxt, struct libmnt_fs *fs)
if (cxt->optsmode & MNT_OMODE_IGNORE)
;
- else if (cxt->optsmode & MNT_OMODE_REPLACE)
+ else if (cxt->optsmode & MNT_OMODE_REPLACE) {
rc = mnt_fs_set_options(cxt->fs, mnt_fs_get_options(fs));
+ /* mount --read-only for non-root users is allowed */
+ if (rc == 0 && (mflags & MS_RDONLY)
+ && mnt_context_is_restricted(cxt)
+ && cxt->optsmode == MNT_OMODE_USER)
+ rc = mnt_fs_append_options(cxt->fs, "ro");
+ }
else if (cxt->optsmode & MNT_OMODE_APPEND)
rc = mnt_fs_append_options(cxt->fs, mnt_fs_get_options(fs));
@@ -2380,7 +2390,7 @@ done:
}
static int apply_table(struct libmnt_context *cxt, struct libmnt_table *tb,
- int direction)
+ int direction, unsigned long mflags)
{
struct libmnt_fs *fs = NULL;
const char *src, *tgt;
@@ -2418,7 +2428,14 @@ static int apply_table(struct libmnt_context *cxt, struct libmnt_table *tb,
if (!fs)
return -MNT_ERR_NOFSTAB; /* not found */
- return mnt_context_apply_fs(cxt, fs);
+ return apply_fs(cxt, fs, mflags);
+}
+
+/* apply @fs to @cxt -- use mnt_context_apply_fstab() if not sure
+ */
+int mnt_context_apply_fs(struct libmnt_context *cxt, struct libmnt_fs *fs)
+{
+ return apply_fs(cxt, fs, 0);
}
/**
@@ -2498,7 +2515,7 @@ int mnt_context_apply_fstab(struct libmnt_context *cxt)
DBG(CXT, ul_debugobj(cxt, "trying to apply fstab (src=%s, target=%s)", src, tgt));
rc = mnt_context_get_fstab(cxt, &tab);
if (!rc)
- rc = apply_table(cxt, tab, MNT_ITER_FORWARD);
+ rc = apply_table(cxt, tab, MNT_ITER_FORWARD, mflags);
}
/* try mtab */
@@ -2510,7 +2527,7 @@ int mnt_context_apply_fstab(struct libmnt_context *cxt)
else
rc = mnt_context_get_mtab(cxt, &tab);
if (!rc)
- rc = apply_table(cxt, tab, MNT_ITER_BACKWARD);
+ rc = apply_table(cxt, tab, MNT_ITER_BACKWARD, mflags);
}
if (!mnt_context_switch_ns(cxt, ns_old))
|
