From: Karel Zak Date: Thu, 19 Nov 2020 10:12:06 +0000 (+0100) Subject: umount: ignore --no-canonicalize,-c for non-root users X-Git-Tag: v2.36.2~40 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=0bfa747f0176af4b94a4e1f6f434ddfcd9ce5099;p=thirdparty%2Futil-linux.git umount: ignore --no-canonicalize,-c for non-root users It seems better to ignore this option than drop-permissions and later exit with EPERMs. This change makes umount(8) more compatible with fuser user umounts by systemd where -c is used to reduce overhead etc. Addresses: https://github.com/karelzak/util-linux/issues/1192 Signed-off-by: Karel Zak --- diff --git a/sys-utils/umount.8 b/sys-utils/umount.8 index a66d11961d..a7f6b12e03 100644 --- a/sys-utils/umount.8 +++ b/sys-utils/umount.8 @@ -89,6 +89,10 @@ system calls. These system calls may hang in some cases (for example on NFS if server is not available). The option has to be used with canonical path to the mount point. +This option is silently ignored by +.B umount +for non-root users. + For more details about this option see the .BR mount (8) man page. Note that \fBumount\fR does not pass this option to the diff --git a/sys-utils/umount.c b/sys-utils/umount.c index 056ffb895a..8b7e1ddea3 100644 --- a/sys-utils/umount.c +++ b/sys-utils/umount.c @@ -504,8 +504,17 @@ int main(int argc, char **argv) /* only few options are allowed for non-root users */ - if (mnt_context_is_restricted(cxt) && !strchr("hdilqVv", c)) + if (mnt_context_is_restricted(cxt) && !strchr("hdilqVv", c)) { + + /* Silently ignore options without direct impact to the + * umount operation, but with security sensitive + * side-effects */ + if (strchr("c", c)) + continue; /* ignore */ + + /* drop permissions, continue as regular user */ suid_drop(cxt); + } err_exclusive_options(c, longopts, excl, excl_st);