From 96963e5615caf96d487da920f0c94e3063b80317 Mon Sep 17 00:00:00 2001 From: nl6720 Date: Wed, 8 Jan 2025 16:19:33 +0200 Subject: [PATCH] dissect-image: mount the ESP with fmask=0177 (#35871) Avoid showing the files on the ESP (i.e. a FAT formatted volume) as executable by removing the execute permission from them. IMO this makes the colored output of `ls` more sensible since the file system will be mounted with `noexec` anyway. Add a `fstype_can_fmask_dmask` function that checks if a file system type can use the `fmask` and `dmask` mount options. This replaces `fstype_can_umask` since it was only used in `partition_pick_mount_options` which only cares about the file system support for fmask & dmask now. It somewhat reduces the coverage of the feature since there are more file systems that support umask as opposed to those supporting dmask & dmask, but it should not be much of an issue since fmask & dmask are supported by vfat, exfat and ntfs3. --- src/basic/mountpoint-util.c | 4 ++-- src/basic/mountpoint-util.h | 2 +- src/shared/dissect-image.c | 4 ++-- src/test/test-mountpoint-util.c | 6 +++--- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/src/basic/mountpoint-util.c b/src/basic/mountpoint-util.c index e8471d59746..15655cc075d 100644 --- a/src/basic/mountpoint-util.c +++ b/src/basic/mountpoint-util.c @@ -560,13 +560,13 @@ const char* fstype_norecovery_option(const char *fstype) { return mount_option_supported(fstype, "norecovery", NULL) > 0 ? "norecovery" : NULL; } -bool fstype_can_umask(const char *fstype) { +bool fstype_can_fmask_dmask(const char *fstype) { assert(fstype); /* Use a curated list as first check, to avoid calling fsopen() which might load kmods, which might * not be allowed in our MAC context. If we don't know ourselves, on new kernels we can just ask the * kernel. */ - return streq(fstype, "vfat") || mount_option_supported(fstype, "umask", "0077") > 0; + return streq(fstype, "vfat") || (mount_option_supported(fstype, "fmask", "0177") > 0 && mount_option_supported(fstype, "dmask", "0077") > 0); } bool fstype_can_uid_gid(const char *fstype) { diff --git a/src/basic/mountpoint-util.h b/src/basic/mountpoint-util.h index c01f2909527..f506e01a417 100644 --- a/src/basic/mountpoint-util.h +++ b/src/basic/mountpoint-util.h @@ -62,7 +62,7 @@ bool fstype_is_blockdev_backed(const char *fstype); bool fstype_is_ro(const char *fsype); bool fstype_can_discard(const char *fstype); bool fstype_can_uid_gid(const char *fstype); -bool fstype_can_umask(const char *fstype); +bool fstype_can_fmask_dmask(const char *fstype); const char* fstype_norecovery_option(const char *fstype); diff --git a/src/shared/dissect-image.c b/src/shared/dissect-image.c index 937b678db41..ce1fa3a3d4e 100644 --- a/src/shared/dissect-image.c +++ b/src/shared/dissect-image.c @@ -1891,8 +1891,8 @@ int partition_pick_mount_options( /* The ESP might contain a pre-boot random seed. Let's make this unaccessible to regular * userspace. ESP/XBOOTLDR is almost certainly VFAT, hence if we don't know assume it is. */ - if (!fstype || fstype_can_umask(fstype)) - if (!strextend_with_separator(&options, ",", "umask=0077")) + if (!fstype || fstype_can_fmask_dmask(fstype)) + if (!strextend_with_separator(&options, ",", "fmask=0177,dmask=0077")) return -ENOMEM; break; diff --git a/src/test/test-mountpoint-util.c b/src/test/test-mountpoint-util.c index 07c0480bce1..89093d02124 100644 --- a/src/test/test-mountpoint-util.c +++ b/src/test/test-mountpoint-util.c @@ -389,9 +389,9 @@ TEST(fstype_can_norecovery) { ASSERT_NULL(fstype_norecovery_option("tmpfs")); } -TEST(fstype_can_umask) { - assert_se(fstype_can_umask("vfat")); - assert_se(!fstype_can_umask("tmpfs")); +TEST(fstype_can_fmask_dmask) { + assert_se(fstype_can_fmask_dmask("vfat")); + assert_se(!fstype_can_fmask_dmask("tmpfs")); } TEST(path_get_mnt_id_at_null) { -- 2.47.3