From: Karel Zak <kzak@redhat.com>
Date: Thu, 23 Mar 2023 19:59:46 +0000 (+0100)
Subject: libmount: fix user/users for superuser
X-Git-Tag: v2.39-rc2~23
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=37d021978c56876b8538d5f63ccd8db17ccfe035;p=thirdparty%2Futil-linux.git

libmount: fix user/users for superuser

Always use MS_SECURE and MS_OWNERSECURE to mount fstab entries where
is specified "user" or "users", although the current user is root.

This bug has never been released (v2.39-rc1 only).

Signed-off-by: Karel Zak <kzak@redhat.com>
---

diff --git a/libmount/src/context_mount.c b/libmount/src/context_mount.c
index 614cf1901b..7bda266825 100644
--- a/libmount/src/context_mount.c
+++ b/libmount/src/context_mount.c
@@ -155,6 +155,8 @@ done:
 static int evaluate_permissions(struct libmnt_context *cxt)
 {
 	struct libmnt_optlist *ol;
+	struct libmnt_opt *opt = NULL;
+
 	unsigned long user_flags = 0;	/* userspace mount flags */
 	int rc;
 
@@ -178,13 +180,44 @@ static int evaluate_permissions(struct libmnt_context *cxt)
 	if (!mnt_context_is_restricted(cxt)) {
 		/*
 		 * superuser mount
+		 *
+		 * Let's convert user, users, owenr and groups to MS_* flags
+		 * to be compatible with non-root execution.
+		 *
+		 * The old deprecated way is to use mnt_optstr_get_flags().
 		 */
 		if (user_flags & (MNT_MS_OWNER | MNT_MS_GROUP))
-			mnt_optlist_remove_flags(ol,
+			rc = mnt_optlist_remove_flags(ol,
 					MNT_MS_OWNER | MNT_MS_GROUP, cxt->map_userspace);
-		DBG(CXT, ul_debugobj(cxt, "perms: superuser"));
+
+		if (!rc && (user_flags & MNT_MS_OWNER))
+			rc = mnt_optlist_insert_flags(ol,
+					MS_OWNERSECURE, cxt->map_linux,
+					MNT_MS_OWNER, cxt->map_userspace);
+
+		if (!rc && (user_flags & MNT_MS_GROUP))
+			rc = mnt_optlist_insert_flags(ol,
+					MS_OWNERSECURE, cxt->map_linux,
+					MNT_MS_GROUP, cxt->map_userspace);
+
+		if (!rc && (user_flags & MNT_MS_USER)
+		    && (opt = mnt_optlist_get_opt(ol, MNT_MS_USER, cxt->map_userspace))
+		    && !mnt_opt_has_value(opt))
+			rc = mnt_optlist_insert_flags(ol, MS_SECURE, cxt->map_linux,
+					MNT_MS_USER, cxt->map_userspace);
+
+		if (!rc && (user_flags & MNT_MS_USERS))
+			rc = mnt_optlist_insert_flags(ol, MS_SECURE, cxt->map_linux,
+					MNT_MS_USERS, cxt->map_userspace);
+
+		DBG(CXT, ul_debugobj(cxt, "perms: superuser [rc=%d]", rc));
+		if (rc)
+			return rc;
+
+		if (user_flags & (MNT_MS_OWNER | MNT_MS_GROUP |
+				  MNT_MS_USER | MNT_MS_USERS))
+			mnt_optlist_merge_opts(ol);
 	} else {
-		struct libmnt_opt *opt;
 
 		/*
 		 * user mount