When creating the "/etc/mtab~" lockfile (specifically 'linktargetfile' in the
lock_mtab function), the file is created with incorrect permissions ('000')
which necessitates root to leverage CAP_DAC_OVERRIDE. If proper file modes (it
would appear 0600 would be sufficient) were used in the open this would
function properly with CAP_DAC_OVERRIDE revoked.
$ sysctl -w kernel.cap-bound=0xf7fd7df5
$ mount -t tmpfs /dev/swap /mnt
can't open lock file /etc/mtab~: Permission denied (use -n flag to override)
Signed-off-by: Flávio Leitner <fleitner@redhat.com> Signed-off-by: Karel Zak <kzak@redhat.com>
projects / util-linux / commit