From 77a37084898d6df73783a53135a26b4c8b99bf15 Mon Sep 17 00:00:00 2001 From: Karel Zak Date: Thu, 19 Nov 2020 11:12:06 +0100 Subject: [PATCH] umount: ignore --no-canonicalize,-c for non-root users It seems better to ignore this option than drop-permissions and later exit with EPERMs. This change makes umount(8) more compatible with fuser user umounts by systemd where -c is used to reduce overhead etc. Addresses: https://github.com/karelzak/util-linux/issues/1192 Signed-off-by: Karel Zak --- sys-utils/umount.8 | 4 ++++ sys-utils/umount.c | 11 ++++++++++- 2 files changed, 14 insertions(+), 1 deletion(-) diff --git a/sys-utils/umount.8 b/sys-utils/umount.8 index a66d11961d..a7f6b12e03 100644 --- a/sys-utils/umount.8 +++ b/sys-utils/umount.8 @@ -89,6 +89,10 @@ system calls. These system calls may hang in some cases (for example on NFS if server is not available). The option has to be used with canonical path to the mount point. +This option is silently ignored by +.B umount +for non-root users. + For more details about this option see the .BR mount (8) man page. Note that \fBumount\fR does not pass this option to the diff --git a/sys-utils/umount.c b/sys-utils/umount.c index 51755dab0a..2f4742d13d 100644 --- a/sys-utils/umount.c +++ b/sys-utils/umount.c @@ -512,8 +512,17 @@ int main(int argc, char **argv) /* only few options are allowed for non-root users */ - if (mnt_context_is_restricted(cxt) && !strchr("hdilqVv", c)) + if (mnt_context_is_restricted(cxt) && !strchr("hdilqVv", c)) { + + /* Silently ignore options without direct impact to the + * umount operation, but with security sensitive + * side-effects */ + if (strchr("c", c)) + continue; /* ignore */ + + /* drop permissions, continue as regular user */ suid_drop(cxt); + } err_exclusive_options(c, longopts, excl, excl_st); -- 2.47.3