The current libmount assumes that mount(8) and umount(8) are suid
binaries. For this reason it implements internal rules which
restrict what is allowed for non-root users. Unfortunately, it's
out of reality for some use-cases where root permissions are no
required. Nice example are fuse filesystems.
So, the current situation is to call exit() always when mount, umount or
libmount are unsure with non-root user rights. This patch removes the
exit() call and replaces it with suid permissions drop, after that it
continues as usually. It means after suid-drop all depend on kernel
and no another security rule is used by libmount (simply because any
rule is no more necessary).
Example:
old version:
$ mount -t fuse.sshfs kzak@192.168.111.1:/home/kzak /home/kzak/mnt
mount: only root can use "--types" option
new version:
$ mount -t fuse.sshfs kzak@192.168.111.1:/home/kzak /home/kzak/mnt
kzak@192.168.111.1's password:
$ findmnt /home/kzak/mnt
TARGET SOURCE FSTYPE OPTIONS
/home/kzak/mnt kzak@192.168.111.1:/home/kzak fuse.sshfs rw,nosuid,nodev,relatime,user_id=1000,group_id=1000
$ umount /home/kzak/mnt
$ echo $?
0
Note that fuse user umount is supported since v2.34 due to user_id= in
kernel mount table.
Signed-off-by: Karel Zak <kzak@redhat.com>
The --{pid,pgrp,user} options does not have arguments.
Reported-by: Stephane Chazelas <stephane.chazelas@gmail.com>
Signed-off-by: Karel Zak <kzak@redhat.com>
The option [-n] in the code has no any meaning and the value is used
as priority, not incrementally.
Reported-by: Stephane Chazelas <stephane.chazelas@gmail.com>
Signed-off-by: Karel Zak <kzak@redhat.com>
The parse-date.y is used only for hwclock, let's keep it together.
Note that the file (originally from gnulib) has GPLv3 license, so it's
better to make it obvious that we use it really only for hwclock (also
GPL).
Signed-off-by: Karel Zak <kzak@redhat.com>
For example:
# mount --verbose --all -t xfs -o ro
will mount all all XFS filesystems from fstab, but read-only.
Signed-off-by: Karel Zak <kzak@redhat.com>
Add an entry for the HiSilicon aarch64 part tsv110.
Another known alias for this part is TaishanV110, and it can be
found in the Kunpeng920/Hi1620 SoC.
Signed-off-by: John Garry <john.garry@huawei.com>
Let's be more verbose and provide real open() error to make
debugging easier on --verbose.
For example:
$ hwclock --verbose
hwclock from util-linux 2.34.193-6bebea-dirty
System Time: 1570445823.701266
Trying to open: /dev/rtc0
hwclock: cannot open /dev/rtc0: Permission denied <---
No usable clock interface found.
hwclock: Cannot access the Hardware Clock via any known method.
Addresses: https://github.com/karelzak/util-linux/issues/879
Signed-off-by: Karel Zak <kzak@redhat.com>
Sorry detail-oriented people tend to wipe these out if they notice them.
Add in automated tools and lots of excess end-of-line spaces get wiped
out.
Addresses: https://github.com/karelzak/util-linux/pull/849
Signed-off-by: Karel Zak <kzak@redhat.com>
... but I have doubts this change fixes the issue. It seems (on my
system) that \0 is already filtered out by kernel/syslog.
Addresses: https://github.com/karelzak/util-linux/issues/862
Signed-off-by: Karel Zak <kzak@redhat.com>
Add the --keep-caps option to unshare to preserve capabilities that
are granted when creating a new user namespace. This allows the child
process to retain privilege within the new user namespace without also
being UID 0.
We have no way how to print the kernel message buffer in really raw
way. The new option --noescape disables all \x<hex> translations.
Addresses: https://github.com/karelzak/util-linux/issues/858
Signed-off-by: Karel Zak <kzak@redhat.com>
Add the --map-current-user option to unshare. This option maps the
current effective UID and GID in the new user namespace so that the
inner and outer credentials match.
Signed-off-by: James Peach <jpeach@apache.org>
It seems better to silently ignore mount binds on file (= mountpoint
is not a directory).
This patch also fixes use-after-free bug from commit 402006fa6e.
Addresses: https://github.com/karelzak/util-linux/issues/857
Signed-off-by: Karel Zak <kzak@redhat.com>
* '2019wk33' of https://github.com/kerolasa/util-linux:
docs: try to find broken man references and fix them
docs: correct su.1 runuser reference from section 8 to 1
po: remove possibility to translate static option arguments
Adjust the number of the macros ".RS" and ".RE" to be equal.
There is no change in the formatted output.
Signed-off-by: Bjarni Ingi Gislason <bjarniig@rhi.hi.is>
Unfortunately methods I used to find and fix were based on quite manual
process that cannot be easily repeated so I do not see how this fix could be
turned into a tools/checkmans.sh addition. Well, lets hope doing this
manually twice every decade is good enough.
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
These strings are expected to be wrote exactly as they are parsed, so make
translating them impossible. Since mkfs.cramfs -N option arguments need
this treatment use opportunity to slice usage() output to multiple lines.
Addresses: https://bugs.debian.org/907568
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
* by default we assume all is umounted; so O_EXCL is no problem,
otherwise there is bug or race (someone else remounted the device)...
* --force and --no-umount disable O_EXCL
Addresses: https://github.com/karelzak/util-linux/issues/423
Signed-off-by: Karel Zak <kzak@redhat.com>
The <unistd.h> header is included twice in "wdctl.c". Remove one
of these includes to keep "make checkincludes" happy.
Signed-off-by: Patrick Steinhardt <ps@pks.im>
Container type implies the following products:
openvz OpenVZ/Virtuozzo
lxc Linux container implementation by LXC
lxc-libvirt Linux container implementation by libvirt
systemd-nspawn systemd's minimal container implementation, see systemd-nspawn(1)
docker Docker container manager
podman Podman container manager
rkt rkt app container runtime
wsl Windows Subsystem for Linux
References:
https://www.freedesktop.org/software/systemd/man/systemd.unit.htmlhttps://www.freedesktop.org/software/systemd/man/systemd-detect-virt.html#Fix: #840
Signed-off-by: Eric Desrochers <eric.desrochers@canonical.com>
The no follow option will allow user to distinct mount points from symbolic
links pointing to them. Arguably this is pretty pedantic option, mounting a
device or bind mount to a directory via symlink does not have or cause any
issues.
Addresses: https://github.com/karelzak/util-linux/issues/832
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
The current code ignores single-byte non-printable characters.
Reported-by: Marc Deslauriers <marc.deslauriers@canonical.com>
Signed-off-by: Karel Zak <kzak@redhat.com>
It's not obvious from the current docs that you have to explicitly
split command line options and wanted commands.
Addresses: https://github.com/karelzak/util-linux/issues/833
Signed-off-by: Karel Zak <kzak@redhat.com>
With pointer arithmetic clang address sanitizer gives following error this
change addresses. Notice the following happens only when running as root.
sys-utils/lscpu-dmi.c:83:14: runtime error: load of misaligned address
0x55a1d62f3d1d for type 'const uint16_t' (aka 'const unsigned short'), which
requires 2 byte alignment
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
ProtectHome=yes makes /home inaccessible, but we need to open the
directories (mountpoints) read-only.
Addresses: https://github.com/karelzak/util-linux/issues/824
Signed-off-by: Karel Zak <kzak@redhat.com>
- Add --disable-hwclock-cmos configuration argument
- Add USE_HWCLOCK_CMOS (enabled by default for i386/x86_64)
- Add define(USE_HWCLOCK_CMOS)
- Compile hwclock-cmos.c only if USE_HWCLOCK_CMOS is true
- Remove all unnecessary #ifdefs from hwclock-cmos.c
- Add #ifdef USE_HWCLOCK_CMOS around the determine_clock_access_method()
call in hwclock.c
Signed-off-by: Carlos Santos <unixmania@gmail.com>
The device can be inaccessible for non-root user or busy (already used
by another process). In this case it seems better to read information
from /sys.
Note that /sys does not provide struct watchdog_info.options, so we
cannot print list of supported watchdog features.
Addresses: https://github.com/karelzak/util-linux/issues/804
Signed-off-by: Karel Zak <kzak@redhat.com>
Let's use miscdev /dev/watchdog as fallback only. We need (if possible)
cdev /dev/watchdog0 as this device has entry in /sys/class/watchdog.
Signed-off-by: Karel Zak <kzak@redhat.com>
