]> err.no Git - util-linux/commit
projects / util-linux / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 9ca1a11) | patch
mount: non-setuid (POSIX file capabilities) support
authorKarel Zak <kzak@redhat.com>
Fri, 16 Jan 2009 11:21:15 +0000 (12:21 +0100)
committerKarel Zak <kzak@redhat.com>
Wed, 4 Feb 2009 11:50:14 +0000 (12:50 +0100)
commit0959f8063bf9b4d576822fe742a2bc9f5d1d1dbc
tree23e2bb1b3d58f1613dba0bd77d1cfe8324ed8585tree | snapshot
parent9ca1a11bf96f9732037c5027124f84c31bc4d252commit | diff
mount: non-setuid (POSIX file capabilities) support

The mount command does not work properly if you replace suid with
POSIX file capabilities. We still need to check for non-root mounts and
the command has to work in very restricted mode for non-root users.

This patch allows you to remove suid bit from mount and umount. Note
that you need a system with filesystem capability support, e.g.
Fedora 10).

# ls -l /bin/mount
-rwxr-xr-x 1 root root 65192 2008-11-09 22:59 /bin/mount

# getcap /bin/mount
/bin/mount = cap_dac_override,cap_sys_admin+ep

[kzak@redhat.com: all the above comments]

Don't bypass security checks when [u]mount uses POSIX file capabilities
rather than setuid root to permit non-root mounts.

Signed-off-by: Geoff Johnstone <geoff.johnstone@googlemail.com>
mount/mount.c diff | blob | history
mount/umount.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.