mount: should set proper permissions on locktime

When creating the "/etc/mtab~" lockfile (specifically 'linktargetfile'  in the
lock_mtab function), the file is created with incorrect permissions ('000')
which necessitates root to leverage CAP_DAC_OVERRIDE. If proper file modes (it
would appear 0600 would be sufficient) were used in the open this would
function properly with CAP_DAC_OVERRIDE revoked.

  $ sysctl -w kernel.cap-bound=0xf7fd7df5
  $ mount -t tmpfs /dev/swap /mnt
  can't open lock file /etc/mtab~: Permission denied (use -n flag to override)

Signed-off-by: Flávio Leitner <fleitner@redhat.com>
Signed-off-by: Karel Zak <kzak@redhat.com>

diff --git a/mount/fstab.c b/mount/fstab.c
index db90e693386261249ffd4a4962b14534403b1fb3..0e00fc257996013f8cba5ccf40aedb119630ad38 100644 (file)
--- a/mount/fstab.c
+++ b/mount/fstab.c
@@ -558,7 +558,7 @@ lock_mtab (void) {
 
        sprintf(linktargetfile, MOUNTLOCK_LINKTARGET, getpid ());
 
-       i = open (linktargetfile, O_WRONLY|O_CREAT, 0);
+       i = open (linktargetfile, O_WRONLY|O_CREAT, S_IRUSR|S_IWUSR);
        if (i < 0) {
                int errsv = errno;
                /* linktargetfile does not exist (as a file)