findmnt: add option to list all fs-independent flags

It might be useful for security auditing purposes list all possible
mount flags/options including default set which are normally not listed.

This patch adds "--vfs-all" option to list all fs-independent flags
on VFS-OPTIONS column, as well as libmount funcionality to accomplish
it.

i.e.:

$ findmnt -o VFS-OPTIONS
VFS-OPTIONS
rw,relatime
rw,nosuid,nodev,noexec,relatime
rw,nosuid,nodev,noexec,relatime
ro,nosuid,nodev,noexec
...

$ findmnt --vfs-all -o VFS-OPTIONS
VFS-OPTIONS
rw,exec,suid,dev,async,loud,nomand,atime,noiversion,diratime,relatime,nostrictatime,nolazytime,symfollow
rw,noexec,nosuid,nodev,async,loud,nomand,atime,noiversion,diratime,relatime,nostrictatime,nolazytime,symfollow
rw,noexec,nosuid,nodev,async,loud,nomand,atime,noiversion,diratime,relatime,nostrictatime,nolazytime,symfollow
ro,noexec,nosuid,nodev,async,loud,nomand,atime,noiversion,diratime,norelatime,nostrictatime,nolazytime,symfollow
...

[kzak@redhat.com: - cleanup coding style and comments]

Signed-off-by: Roberto Bergantinos Corpas <rbergant@redhat.com>
Signed-off-by: Karel Zak <kzak@redhat.com>

diff --git a/libmount/docs/libmount-sections.txt b/libmount/docs/libmount-sections.txt
index da96b75b323c67aebba5f4ec5f9e3e058715f6ea..911dc0a0f0c4c7f5580272f71976985e1529e4d5 100644 (file)
--- a/libmount/docs/libmount-sections.txt
+++ b/libmount/docs/libmount-sections.txt
@@ -245,6 +245,7 @@ mnt_fs_get_usedsize
 mnt_fs_get_userdata
 mnt_fs_get_user_options
 mnt_fs_get_vfs_options
+mnt_fs_get_vfs_options_all
 mnt_fs_is_kernel
 mnt_fs_is_netfs
 mnt_fs_is_pseudofs

diff --git a/libmount/src/fs.c b/libmount/src/fs.c
index d669b61672d3633df33d9babae6a884724d5d61b..a9242099d42f90f02d22cb1ef343b9632bd06e8e 100644 (file)
--- a/libmount/src/fs.c
+++ b/libmount/src/fs.c
@@ -951,6 +951,38 @@ const char *mnt_fs_get_vfs_options(struct libmnt_fs *fs)
        return fs ? fs->vfs_optstr : NULL;
 }
 
+/**
+ * mnt_fs_get_vfs_options_all:
+ * @fs: fstab/mtab entry pointer
+ *
+ * Returns: pointer to newlly allocated string (can be freed by free(3)) or
+ * NULL in case of error.  The string contains all (including defaults) mount
+ * options.
+ */
+char *mnt_fs_get_vfs_options_all(struct libmnt_fs *fs)
+{
+       const struct libmnt_optmap *map = mnt_get_builtin_optmap(MNT_LINUX_MAP);
+       const struct libmnt_optmap *ent;
+       const char *opts = mnt_fs_get_options(fs);
+       char *result = NULL;
+       unsigned long flags = 0;
+
+       if (!opts || mnt_optstr_get_flags(opts, &flags, map))
+               return NULL;
+
+       for (ent = map ; ent && ent->name ; ent++){
+               if (ent->id & flags) { /* non-default value */
+                       if (!(ent->mask & MNT_INVERT))
+                               mnt_optstr_append_option(&result, ent->name, NULL);
+                       else
+                               continue;
+               } else if (ent->mask & MNT_INVERT)
+                       mnt_optstr_append_option(&result, ent->name, NULL);
+       }
+
+       return result;
+}
+
 /**
  * mnt_fs_get_user_options:
  * @fs: fstab/mtab entry pointer

diff --git a/libmount/src/libmount.h.in b/libmount/src/libmount.h.in
index e6710ae017435aeb31f37a99ade47207f47b2625..b7b278d0e3f265bd51e0beb670e24e3cf3d42cc8 100644 (file)
--- a/libmount/src/libmount.h.in
+++ b/libmount/src/libmount.h.in
@@ -471,6 +471,7 @@ extern int mnt_fs_get_option(struct libmnt_fs *fs, const char *name,
 extern const char *mnt_fs_get_fs_options(struct libmnt_fs *fs);
 extern const char *mnt_fs_get_vfs_options(struct libmnt_fs *fs);
 extern const char *mnt_fs_get_user_options(struct libmnt_fs *fs);
+extern char *mnt_fs_get_vfs_options_all(struct libmnt_fs *fs);
 
 extern const char *mnt_fs_get_attributes(struct libmnt_fs *fs);
 extern int mnt_fs_set_attributes(struct libmnt_fs *fs, const char *optstr);

diff --git a/libmount/src/libmount.sym b/libmount/src/libmount.sym
index 792d11753e24bb2bb367bd76d5555652f8a4b928..e98e44b9c6302d1c3565700702ba0fbc7a7905ad 100644 (file)
--- a/libmount/src/libmount.sym
+++ b/libmount/src/libmount.sym
@@ -356,3 +356,7 @@ MOUNT_2_35 {
        mnt_context_get_target_prefix;
        mnt_context_set_target_prefix;
 } MOUNT_2.34;
+
+MOUNT_2_37 {
+       mnt_fs_get_vfs_options_all;
+} MOUNT_2_35;

diff --git a/misc-utils/findmnt.8 b/misc-utils/findmnt.8
index 86ab6ff9327e32e0b4b1fe27df0297b541ea32e2..6c14633bfa9a4cdd97848a30d9917645c2c1520a 100644 (file)
--- a/misc-utils/findmnt.8
+++ b/misc-utils/findmnt.8
@@ -262,6 +262,12 @@ It's possible to specify source (device) or target (mountpoint) to filter mount
 .TP
 .B \-\-verbose
 Force findmnt to print more information (\fB\-\-verify\fP only for now).
+.TP
+.B \-\-vfs-all
+When used with
+.BR VFS-OPTIONS
+column, print all VFS (fs-independent) flags.  This option is designed for auditing purposes to
+list also default VFS kernel mount options which are normally not listed.
 .SH ENVIRONMENT
 .IP LIBMOUNT_FSTAB=<path>
 overrides the default location of the fstab file

diff --git a/misc-utils/findmnt.c b/misc-utils/findmnt.c
index 43b4dc7d638203da42e469e06cd2f9b79e898a26..294e853eb8d9ed0c36f3ffe4821294b6e2bdbcfd 100644 (file)
--- a/misc-utils/findmnt.c
+++ b/misc-utils/findmnt.c
@@ -545,7 +545,9 @@ static char *get_data(struct libmnt_fs *fs, int num)
                        str = xstrdup(mnt_fs_get_options(fs));
                break;
        case COL_VFS_OPTIONS:
-               if (mnt_fs_get_vfs_options(fs))
+               if (flags & FL_VFS_ALL)
+                       str = mnt_fs_get_vfs_options_all(fs);
+               else if (mnt_fs_get_vfs_options(fs))
                        str = xstrdup(mnt_fs_get_vfs_options(fs));
                break;
        case COL_FS_OPTIONS:
@@ -1262,6 +1264,7 @@ static void __attribute__((__noreturn__)) usage(void)
        fputc('\n', out);
        fputs(_(" -x, --verify           verify mount table content (default is fstab)\n"), out);
        fputs(_("     --verbose          print more details\n"), out);
+       fputs(_("     --vfs-all          print all VFS options\n"), out);
 
        fputs(USAGE_SEPARATOR, out);
        printf(USAGE_HELP_OPTIONS(24));
@@ -1294,7 +1297,8 @@ int main(int argc, char *argv[])
                FINDMNT_OPT_TREE,
                FINDMNT_OPT_OUTPUT_ALL,
                FINDMNT_OPT_PSEUDO,
-               FINDMNT_OPT_REAL
+               FINDMNT_OPT_REAL,
+               FINDMNT_OPT_VFS_ALL
        };
 
        static const struct option longopts[] = {
@@ -1338,6 +1342,7 @@ int main(int argc, char *argv[])
                { "tree",           no_argument,       NULL, FINDMNT_OPT_TREE    },
                { "real",           no_argument,       NULL, FINDMNT_OPT_REAL    },
                { "pseudo",         no_argument,       NULL, FINDMNT_OPT_PSEUDO  },
+               { "vfs-all",        no_argument,       NULL, FINDMNT_OPT_VFS_ALL },
                { NULL, 0, NULL, 0 }
        };
 
@@ -1512,6 +1517,9 @@ int main(int argc, char *argv[])
                case FINDMNT_OPT_REAL:
                        flags |= FL_REAL;
                        break;
+               case FINDMNT_OPT_VFS_ALL:
+                       flags |= FL_VFS_ALL;
+                       break;
 
                case 'h':
                        usage();

diff --git a/misc-utils/findmnt.h b/misc-utils/findmnt.h
index 6388837a08f9878d64c9ab2744dbf211200f4e7d..92d1119ae6d4741ccebdf866ca50de0fce6a5945 100644 (file)
--- a/misc-utils/findmnt.h
+++ b/misc-utils/findmnt.h
@@ -20,6 +20,7 @@ enum {
        FL_VERBOSE      = (1 << 16),
        FL_PSEUDO       = (1 << 17),
        FL_REAL         = (1 << 18),
+       FL_VFS_ALL      = (1 << 19),
 
        /* basic table settings */
        FL_ASCII        = (1 << 20),