Some of the autofs miscellaneous device ioctls need to be accessable to user space applications without CAP_SYS_ADMIN to get information about autofs mounts. Start by making the autofs miscellaneous device ioctl header available and allow applications to use version and ismountpoint ioctls. Signed-off-by: Ian Kent <raven@xxxxxxxxxx> Cc: Colin Walters <walters@xxxxxxxxxx> Cc: Ondrej Holy <oholy@xxxxxxxxxx> Cc: stable@xxxxxxxxxxxxxxx --- fs/autofs4/dev-ioctl.c | 12 ++++++++---- include/uapi/linux/Kbuild | 1 + include/uapi/linux/auto_dev-ioctl.h | 2 +- 3 files changed, 10 insertions(+), 5 deletions(-) diff --git a/fs/autofs4/dev-ioctl.c b/fs/autofs4/dev-ioctl.c index 9b58d6e..f8cb3f6 100644 --- a/fs/autofs4/dev-ioctl.c +++ b/fs/autofs4/dev-ioctl.c @@ -628,10 +628,6 @@ static int _autofs_dev_ioctl(unsigned int command, ioctl_fn fn = NULL; int err = 0; - /* only root can play with this */ - if (!capable(CAP_SYS_ADMIN)) - return -EPERM; - cmd_first = _IOC_NR(AUTOFS_DEV_IOCTL_IOC_FIRST); cmd = _IOC_NR(command); @@ -640,6 +636,14 @@ static int _autofs_dev_ioctl(unsigned int command, return -ENOTTY; } + /* Only root can use ioctls other than AUTOFS_DEV_IOCTL_VERSION_CMD + * and AUTOFS_DEV_IOCTL_ISMOUNTPOINT_CMD + */ + if (cmd != AUTOFS_DEV_IOCTL_VERSION_CMD && + cmd != AUTOFS_DEV_IOCTL_ISMOUNTPOINT_CMD && + !capable(CAP_SYS_ADMIN)) + return -EPERM; + /* Copy the parameters into kernel space. */ param = copy_dev_ioctl(user); if (IS_ERR(param)) diff --git a/include/uapi/linux/Kbuild b/include/uapi/linux/Kbuild index 662c592..1f22bbb 100644 --- a/include/uapi/linux/Kbuild +++ b/include/uapi/linux/Kbuild @@ -61,6 +61,7 @@ header-y += atm_zatm.h header-y += audit.h header-y += auto_fs4.h header-y += auto_fs.h +header-y += auto_dev-ioctl.h header-y += auxvec.h header-y += ax25.h header-y += b1lli.h diff --git a/include/uapi/linux/auto_dev-ioctl.h b/include/uapi/linux/auto_dev-ioctl.h index 744b3d0..5558db8 100644 --- a/include/uapi/linux/auto_dev-ioctl.h +++ b/include/uapi/linux/auto_dev-ioctl.h @@ -16,7 +16,7 @@ #define AUTOFS_DEVICE_NAME "autofs" #define AUTOFS_DEV_IOCTL_VERSION_MAJOR 1 -#define AUTOFS_DEV_IOCTL_VERSION_MINOR 0 +#define AUTOFS_DEV_IOCTL_VERSION_MINOR 1 #define AUTOFS_DEV_IOCTL_SIZE sizeof(struct autofs_dev_ioctl) -- To unsubscribe from this list: send the line "unsubscribe autofs" in