It's possible that the user is trying to mount onto a directory to which
he doesn't have execute perms. If that's the case then the mount will
currently fail. Fix this by reenabling CAP_DAC_READ_SEARCH before
calling mount(2). That will ensure that the kernel's permissions check
for this is bypassed.
Reported-by: Erik Logtenberg <erik@xxxxxxxxxxxxx>
Signed-off-by: Jeff Layton <jlayton@xxxxxxxxx>
---
mount.cifs.c | 10 ++++++++--
1 files changed, 8 insertions(+), 2 deletions(-)
diff --git a/mount.cifs.c b/mount.cifs.c
index 3a2b539..8e1e32b 100644
--- a/mount.cifs.c
+++ b/mount.cifs.c
@@ -1898,8 +1898,13 @@ mount_retry:
else
fstype = cifs_fstype;
- if (!parsed_info->fakemnt
- && mount(dev_name, ".", fstype, parsed_info->flags, options)) {
+ if (!parsed_info->fakemnt) {
+ toggle_dac_capability(0, 1);
+ rc = mount(dev_name, ".", fstype, parsed_info->flags, options);
+ toggle_dac_capability(0, 0);
+ if (rc == 0)
+ goto do_mtab;
+
switch (errno) {
case ECONNREFUSED:
case EHOSTUNREACH:
@@ -1934,6 +1939,7 @@ mount_retry:
goto mount_exit;
}
+do_mtab:
if (!parsed_info->nomtab && !mtab_unusable())
rc = add_mtab(orig_dev, mountpoint, parsed_info->flags, fstype);
--
1.7.4
--
To unsubscribe from this list: send the line "unsubscribe linux-cifs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
