From: Lennart Poettering <lennart@poettering.net>
Date: Tue, 7 Mar 2023 10:29:38 +0000 (+0100)
Subject: mountpoint-util: add new fstype_can_umask() helper
X-Git-Tag: v254-rc1~1073^2~1
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=6eda6f7e51e8d25c12279689567008d50274cd1e;p=thirdparty%2Fsystemd.git

mountpoint-util: add new fstype_can_umask() helper
---

diff --git a/src/basic/mountpoint-util.c b/src/basic/mountpoint-util.c
index 27d20f5fe3e..2cb319ba649 100644
--- a/src/basic/mountpoint-util.c
+++ b/src/basic/mountpoint-util.c
@@ -495,6 +495,19 @@ bool fstype_can_norecovery(const char *fstype) {
                           "btrfs");
 }
 
+bool fstype_can_umask(const char *fstype) {
+        int r;
+
+        assert(fstype);
+
+        /* On new kernels we can just ask the kernel */
+        r = mount_option_supported(fstype, "umask", "0077");
+        if (r >= 0)
+                return r;
+
+        return streq(fstype, "vfat");
+}
+
 bool fstype_can_uid_gid(const char *fstype) {
 
         /* All file systems that have a uid=/gid= mount option that fixates the owners of all files and directories,
diff --git a/src/basic/mountpoint-util.h b/src/basic/mountpoint-util.h
index e0c8f6b3564..977e8e738dd 100644
--- a/src/basic/mountpoint-util.h
+++ b/src/basic/mountpoint-util.h
@@ -50,6 +50,7 @@ bool fstype_is_ro(const char *fsype);
 bool fstype_can_discard(const char *fstype);
 bool fstype_can_uid_gid(const char *fstype);
 bool fstype_can_norecovery(const char *fstype);
+bool fstype_can_umask(const char *fstype);
 
 int dev_is_devtmpfs(void);
 
diff --git a/src/shared/dissect-image.c b/src/shared/dissect-image.c
index 59adb324266..2502e3a0eb3 100644
--- a/src/shared/dissect-image.c
+++ b/src/shared/dissect-image.c
@@ -1537,7 +1537,9 @@ int partition_pick_mount_options(
         case PARTITION_XBOOTLDR:
                 flags |= MS_NOSUID|MS_NOEXEC|ms_nosymfollow_supported();
 
-                if (!fstype || streq(fstype, "vfat"))
+                /* The ESP might contain a pre-boot random seed. Let's make this unaccessible to regular
+                 * userspace. ESP/XBOOTLDR is almost certainly VFAT, hence if we don't know assume it is. */
+                if (!fstype || fstype_can_umask(fstype))
                         if (!strextend_with_separator(&options, ",", "umask=0077"))
                                 return -ENOMEM;
                 break;
diff --git a/src/test/test-mountpoint-util.c b/src/test/test-mountpoint-util.c
index d6aa2c7b949..f5481b5d6bf 100644
--- a/src/test/test-mountpoint-util.c
+++ b/src/test/test-mountpoint-util.c
@@ -361,6 +361,11 @@ TEST(fstype_can_norecovery) {
         assert_se(!fstype_can_norecovery("tmpfs"));
 }
 
+TEST(fstype_can_umask) {
+        assert_se(fstype_can_umask("vfat"));
+        assert_se(!fstype_can_umask("tmpfs"));
+}
+
 static int intro(void) {
         /* let's move into our own mount namespace with all propagation from the host turned off, so
          * that /proc/self/mountinfo is static and constant for the whole time our test runs. */