From: Karel Zak <kzak@redhat.com>
Date: Mon, 9 Oct 2017 10:44:48 +0000 (+0200)
Subject: libmount: use eacess() rather than open() to check mtab/utab
X-Git-Tag: v2.32-rc1~263
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=c08396c7691e1e6a04b6b45892e7e4612ceed8d7;p=thirdparty%2Futil-linux.git

libmount: use eacess() rather than open() to check mtab/utab

The open() syscall is probably the most strong way how to check write
accessibility in all situations, but it's overkill and on some
paranoid systems with enabled audit/selinux. It fills logs with
"Permission denied" entries. Let's use eaccess() if available.

Signed-off-by: Karel Zak <kzak@redhat.com>
---

diff --git a/configure.ac b/configure.ac
index 1899ec3c0f..eebe922591 100644
--- a/configure.ac
+++ b/configure.ac
@@ -391,6 +391,7 @@ AC_CHECK_FUNCS([ \
 	__fpending \
 	secure_getenv \
 	__secure_getenv \
+	eaccess \
 	err \
 	errx \
 	explicit_bzero \
diff --git a/libmount/src/utils.c b/libmount/src/utils.c
index a5617e6c02..711d1683e2 100644
--- a/libmount/src/utils.c
+++ b/libmount/src/utils.c
@@ -647,17 +647,24 @@ done:
 
 static int try_write(const char *filename)
 {
-	int fd, rc = 0;
+	int rc = 0;
 
 	if (!filename)
 		return -EINVAL;
 
-	fd = open(filename, O_RDWR|O_CREAT|O_CLOEXEC,
-			    S_IWUSR|S_IRUSR|S_IRGRP|S_IROTH);
-	if (fd < 0)
+#ifdef HAVE_EACCESS
+	if (eaccess(filename, R_OK|W_OK) != 0)
 		rc = -errno;
-	else
-		close(fd);
+#else
+	{
+		int fd = open(filename, O_RDWR|O_CREAT|O_CLOEXEC,
+			    S_IWUSR|S_IRUSR|S_IRGRP|S_IROTH);
+		if (fd < 0)
+			rc = -errno;
+		else
+			close(fd);
+	}
+#endif
 	return rc;
 }