/**
* mnt_split_optstr:
* @optstr: string with comma separated list of options
* @user: returns newly allocated string with userspace options
* @vfs: returns newly allocated string with VFS options
* @fs: returns newly allocated string with FS options
* @ignore_user: option mask for options that should be ignored
* @ignore_vfs: option mask for options that should be ignored
*
* For example:
*
* mnt_split_optstr(optstr, &u, NULL, NULL, MNT_NOMTAB, 0);
*
* returns all userspace options, the options that does not belong to
* mtab are ignored.
*
* Note that FS options are all options that are undefined in MNT_USERSPACE_MAP
* or MNT_LINUX_MAP.
*
* Returns: 0 on success, or negative number in case of error.
*/
int mnt_split_optstr(const char *optstr, char **user, char **vfs,
char **fs, int ignore_user, int ignore_vfs)
{
char *name, *val, *str = (char *) optstr;
size_t namesz, valsz;
struct libmnt_optmap const *maps[2];
assert(optstr);
if (!optstr)
return -EINVAL;
maps[0] = mnt_get_builtin_optmap(MNT_LINUX_MAP);
maps[1] = mnt_get_builtin_optmap(MNT_USERSPACE_MAP);
if (vfs)
*vfs = NULL;
if (fs)
*fs = NULL;
if (user)
*user = NULL;
while(!mnt_optstr_next_option(&str, &name, &namesz, &val, &valsz)) {
int rc = 0;
const struct libmnt_optmap *ent = NULL;
const struct libmnt_optmap *m =
mnt_optmap_get_entry(maps, 2, name, namesz, &ent);
if (ent && !ent->id)
continue; /* ignore undefined options (comments) */
if (ent && m && m == maps[0] && vfs) {
if (ignore_vfs && (ent->mask & ignore_vfs))
continue;
rc = __mnt_optstr_append_option(vfs, name, namesz,
val, valsz);
} else if (ent && m && m == maps[1] && user) {
if (ignore_user && (ent->mask & ignore_user))
continue;
rc = __mnt_optstr_append_option(user, name, namesz,
val, valsz);
} else if (!m && fs)
rc = __mnt_optstr_append_option(fs, name, namesz,
val, valsz);
if (rc) {
if (vfs)
free(*vfs);
if (fs)
free(*fs);
if (user)
free(*user);
return rc;
}
}
return 0;
}
/**
* mnt_optstr_get_flags:
* @optstr: string with comma separated list of options
* @flags: returns mount flags
* @map: options map
*
* Returns in @flags IDs of options from @optstr as defined in the @map.
*
* For example:
*
* "bind,exec,foo,bar" --returns-> MS_BIND
*
* "bind,noexec,foo,bar" --returns-> MS_BIND|MS_NOEXEC
*
* Note that @flags are not zeroized by this function! This function sets/unsets
* bits in the @flags only.
*
* Returns: 0 on success or negative number in case of error
*/
int mnt_optstr_get_flags(const char *optstr, unsigned long *flags,
const struct libmnt_optmap *map)
{
struct libmnt_optmap const *maps[2];
char *name, *str = (char *) optstr;
size_t namesz = 0, valsz = 0;
int nmaps = 0;
assert(optstr);
if (!optstr || !flags || !map)
return -EINVAL;
maps[nmaps++] = map;
if (map == mnt_get_builtin_optmap(MNT_LINUX_MAP))
/*
* Add userspace map -- the "user" is interpreted as
* MS_NO{EXEC,SUID,DEV}.
*/
maps[nmaps++] = mnt_get_builtin_optmap(MNT_USERSPACE_MAP);
while(!mnt_optstr_next_option(&str, &name, &namesz, NULL, &valsz)) {
const struct libmnt_optmap *ent;
const struct libmnt_optmap *m;
m = mnt_optmap_get_entry(maps, nmaps, name, namesz, &ent);
if (!m || !ent || !ent->id)
continue;
/* ignore name=<value> if options map expects <name> only */
if (valsz && mnt_optmap_entry_novalue(ent))
continue;
if (m == map) { /* requested map */
if (ent->mask & MNT_INVERT)
*flags &= ~ent->id;
else
*flags |= ent->id;
} else if (nmaps == 2 && m == maps[1] && valsz == 0) {
/*
* Special case -- translate "user" (but no user=) to
* MS_ options
*/
if (ent->mask & MNT_INVERT)
continue;
if (ent->id & (MNT_MS_OWNER | MNT_MS_GROUP))
*flags |= MS_OWNERSECURE;
else if (ent->id & (MNT_MS_USER | MNT_MS_USERS))
*flags |= MS_SECURE;
}
}
return 0;
}
/*
* Converts already evalulated and fixed options to the form that is compatible
* with /sbin/mount.type helpers.
*/
static int generate_helper_optstr(struct libmnt_context *cxt, char **optstr)
{
struct libmnt_optmap const *maps[1];
char *next, *name, *val;
size_t namesz, valsz;
int rc = 0;
assert(cxt);
assert(cxt->fs);
assert(optstr);
DBG(CXT, mnt_debug_h(cxt, "mount: generate heper mount options"));
*optstr = mnt_fs_strdup_options(cxt->fs);
if (!*optstr)
return -ENOMEM;
if (cxt->flags & MNT_FL_SAVED_USER)
rc = mnt_optstr_set_option(optstr, "user", cxt->orig_user);
if (rc)
goto err;
/* remove userspace options with MNT_NOHLPS flag */
maps[0] = mnt_get_builtin_optmap(MNT_USERSPACE_MAP);
next = *optstr;
while (!mnt_optstr_next_option(&next, &name, &namesz, &val, &valsz)) {
const struct libmnt_optmap *ent;
mnt_optmap_get_entry(maps, 1, name, namesz, &ent);
if (ent && ent->id && (ent->mask & MNT_NOHLPS)) {
next = name;
rc = mnt_optstr_remove_option_at(optstr, name,
val ? val + valsz : name + namesz);
if (rc)
goto err;
}
}
return rc;
err:
free(*optstr);
*optstr = NULL;
return rc;
}
/*
* Note that cxt->fs contains relevant mtab entry!
*/
static int evaluate_permissions(struct libmnt_context *cxt)
{
struct libmnt_table *fstab;
unsigned long u_flags = 0;
const char *tgt, *src, *optstr;
int rc, ok = 0;
struct libmnt_fs *fs;
assert(cxt);
assert(cxt->fs);
assert((cxt->flags & MNT_FL_MOUNTFLAGS_MERGED));
if (!cxt || !cxt->fs)
return -EINVAL;
if (!mnt_context_is_restricted(cxt))
return 0; /* superuser mount */
DBG(CXT, mnt_debug_h(cxt, "umount: evaluating permissions"));
if (!(cxt->flags & MNT_FL_TAB_APPLIED)) {
DBG(CXT, mnt_debug_h(cxt,
"cannot find %s in mtab and you are not root",
mnt_fs_get_target(cxt->fs)));
goto eperm;
}
if (cxt->user_mountflags & MNT_MS_UHELPER) {
/* on uhelper= mount option based helper */
rc = prepare_helper_from_options(cxt, "uhelper");
if (rc)
return rc;
if (cxt->helper)
return 0; /* we'll call /sbin/umount.<uhelper> */
}
/*
* User mounts has to be in /etc/fstab
*/
rc = mnt_context_get_fstab(cxt, &fstab);
if (rc)
return rc;
tgt = mnt_fs_get_target(cxt->fs);
src = mnt_fs_get_source(cxt->fs);
if (mnt_fs_get_bindsrc(cxt->fs)) {
src = mnt_fs_get_bindsrc(cxt->fs);
DBG(CXT, mnt_debug_h(cxt,
"umount: using bind source: %s", src));
}
/* If fstab contains the two lines
* /dev/sda1 /mnt/zip auto user,noauto 0 0
* /dev/sda4 /mnt/zip auto user,noauto 0 0
* then "mount /dev/sda4" followed by "umount /mnt/zip" used to fail.
* So, we must not look for file, but for the pair (dev,file) in fstab.
*/
fs = mnt_table_find_pair(fstab, src, tgt, MNT_ITER_FORWARD);
if (!fs) {
/*
* It's possible that there is /path/file.img in fstab and
* /dev/loop0 in mtab -- then we have to check releation
* between loopdev and the file.
*/
fs = mnt_table_find_target(fstab, tgt, MNT_ITER_FORWARD);
if (fs) {
const char *dev = mnt_fs_get_srcpath(cxt->fs); /* devname from mtab */
if (!dev || !is_associated_fs(dev, fs))
fs = NULL;
}
if (!fs) {
DBG(CXT, mnt_debug_h(cxt,
"umount %s: mtab disagrees with fstab",
tgt));
goto eperm;
}
}
/*
* User mounting and unmounting is allowed only if fstab contains one
* of the options `user', `users' or `owner' or `group'.
*
* The option `users' allows arbitrary users to mount and unmount -
* this may be a security risk.
*
* The options `user', `owner' and `group' only allow unmounting by the
* user that mounted (visible in mtab).
*/
optstr = mnt_fs_get_user_options(fs); /* FSTAB mount options! */
if (!optstr)
goto eperm;
if (mnt_optstr_get_flags(optstr, &u_flags,
mnt_get_builtin_optmap(MNT_USERSPACE_MAP)))
goto eperm;
if (u_flags & MNT_MS_USERS) {
DBG(CXT, mnt_debug_h(cxt,
"umount: promiscuous setting ('users') in fstab"));
return 0;
}
/*
* Check user=<username> setting from mtab if there is user, owner or
* group option in /etc/fstab
*/
if (u_flags & (MNT_MS_USER | MNT_MS_OWNER | MNT_MS_GROUP)) {
char *curr_user = NULL;
char *mtab_user = NULL;
size_t sz;
DBG(CXT, mnt_debug_h(cxt,
"umount: checking user=<username> from mtab"));
curr_user = mnt_get_username(getuid());
if (!curr_user) {
DBG(CXT, mnt_debug_h(cxt, "umount %s: cannot "
"convert %d to username", tgt, getuid()));
goto eperm;
}
/* get options from mtab */
optstr = mnt_fs_get_user_options(cxt->fs);
if (optstr && !mnt_optstr_get_option(optstr,
"user", &mtab_user, &sz) && sz)
ok = !strncmp(curr_user, mtab_user, sz);
}
if (ok) {
DBG(CXT, mnt_debug_h(cxt, "umount %s is allowed", tgt));
return 0;
}
eperm:
DBG(CXT, mnt_debug_h(cxt, "umount is not allowed for you"));
return -EPERM;
}
/*
* this has to be called after mnt_context_evaluate_permissions()
*/
static int fix_optstr(struct libmnt_context *cxt)
{
int rc = 0;
char *next;
char *name, *val;
size_t namesz, valsz;
struct libmnt_fs *fs;
#ifdef HAVE_LIBSELINUX
int se_fix = 0, se_rem = 0;
#endif
assert(cxt);
assert(cxt->fs);
assert((cxt->flags & MNT_FL_MOUNTFLAGS_MERGED));
if (!cxt)
return -EINVAL;
if (!cxt->fs || (cxt->flags & MNT_FL_MOUNTOPTS_FIXED))
return 0;
DBG(CXT, mnt_debug_h(cxt, "mount: fixing optstr"));
fs = cxt->fs;
/* The propagation flags should not be used together with any other
* flags (except MS_REC and MS_SILENT) */
if (cxt->mountflags & MS_PROPAGATION)
cxt->mountflags &= (MS_PROPAGATION | MS_REC | MS_SILENT);
if (!mnt_optstr_get_option(fs->user_optstr, "user", &val, &valsz)) {
if (val) {
cxt->orig_user = strndup(val, valsz);
if (!cxt->orig_user) {
rc = -ENOMEM;
goto done;
}
}
cxt->flags |= MNT_FL_SAVED_USER;
}
/*
* Sync mount options with mount flags
*/
rc = mnt_optstr_apply_flags(&fs->vfs_optstr, cxt->mountflags,
mnt_get_builtin_optmap(MNT_LINUX_MAP));
if (rc)
goto done;
rc = mnt_optstr_apply_flags(&fs->user_optstr, cxt->user_mountflags,
mnt_get_builtin_optmap(MNT_USERSPACE_MAP));
if (rc)
goto done;
next = fs->fs_optstr;
#ifdef HAVE_LIBSELINUX
if (!is_selinux_enabled())
/* Always remove SELinux garbage if SELinux disabled */
se_rem = 1;
else if (cxt->mountflags & MS_REMOUNT)
/*
* Linux kernel < 2.6.39 does not allow to remount with any
* selinux specific mount options.
*
* Kernel 2.6.39 commits: ff36fe2c845cab2102e4826c1ffa0a6ebf487c65
* 026eb167ae77244458fa4b4b9fc171209c079ba7
* fix this odd behavior, so we don't have to care about it in
* userspace.
*/
se_rem = get_linux_version() < KERNEL_VERSION(2, 6, 39);
else
/* For normal mount we have translate the contexts */
se_fix = 1;
#endif
while (!mnt_optstr_next_option(&next, &name, &namesz, &val, &valsz)) {
if (namesz == 3 && !strncmp(name, "uid", 3))
rc = mnt_optstr_fix_uid(&fs->fs_optstr, val, valsz, &next);
else if (namesz == 3 && !strncmp(name, "gid", 3))
rc = mnt_optstr_fix_gid(&fs->fs_optstr, val, valsz, &next);
#ifdef HAVE_LIBSELINUX
else if ((se_rem || se_fix) &&
namesz >= 7 && (!strncmp(name, "context", 7) ||
!strncmp(name, "fscontext", 9) ||
!strncmp(name, "defcontext", 10) ||
!strncmp(name, "rootcontext", 11) ||
!strncmp(name, "seclabel", 8))) {
if (se_rem) {
/* remove context= option */
next = name;
rc = mnt_optstr_remove_option_at(&fs->fs_optstr,
name,
val ? val + valsz :
name + namesz);
} else if (se_fix && val && valsz)
/* translate selinux contexts */
rc = mnt_optstr_fix_secontext(&fs->fs_optstr,
val, valsz, &next);
}
#endif
if (rc)
goto done;
}
if (!rc && cxt->user_mountflags & MNT_MS_USER)
rc = mnt_optstr_fix_user(&fs->user_optstr);
/* refresh merged optstr */
free(fs->optstr);
fs->optstr = NULL;
fs->optstr = mnt_fs_strdup_options(fs);
done:
cxt->flags |= MNT_FL_MOUNTOPTS_FIXED;
DBG(CXT, mnt_debug_h(cxt, "fixed options [rc=%d]: "
"vfs: '%s' fs: '%s' user: '******', optstr: '%s'", rc,
fs->vfs_optstr, fs->fs_optstr, fs->user_optstr, fs->optstr));
if (rc)
rc = -MNT_ERR_MOUNTOPT;
return rc;
}
/**
* mnt_optstr_apply_flags:
* @optstr: string with comma separated list of options
* @flags: returns mount flags
* @map: options map
*
* Removes/adds options to the @optstr according to flags. For example:
*
* MS_NOATIME and "foo,bar,noexec" --returns-> "foo,bar,noatime"
*
* Returns: 0 on success or negative number in case of error.
*/
int mnt_optstr_apply_flags(char **optstr, unsigned long flags,
const struct libmnt_optmap *map)
{
struct libmnt_optmap const *maps[1];
char *name, *next, *val;
size_t namesz = 0, valsz = 0;
unsigned long fl;
int rc = 0;
assert(optstr);
if (!optstr || !map)
return -EINVAL;
DBG(CXT, mnt_debug("applying 0x%08lu flags to '%s'", flags, *optstr));
maps[0] = map;
next = *optstr;
fl = flags;
/*
* There is a convention that 'rw/ro' flags are always at the beginning of
* the string (although the 'rw' is unnecessary).
*/
if (map == mnt_get_builtin_optmap(MNT_LINUX_MAP)) {
const char *o = (fl & MS_RDONLY) ? "ro" : "rw";
if (next &&
(!strncmp(next, "rw", 2) || !strncmp(next, "ro", 2)) &&
(*(next + 2) == '\0' || *(next + 2) == ',')) {
/* already set, be paranoid and fix it */
memcpy(next, o, 2);
} else {
rc = mnt_optstr_prepend_option(optstr, o, NULL);
if (rc)
goto err;
next = *optstr; /* because realloc() */
}
fl &= ~MS_RDONLY;
next += 2;
if (*next == ',')
next++;
}
if (next && *next) {
/*
* scan @optstr and remove options that are missing in
* @flags
*/
while(!mnt_optstr_next_option(&next, &name, &namesz,
&val, &valsz)) {
const struct libmnt_optmap *ent;
if (mnt_optmap_get_entry(maps, 1, name, namesz, &ent)) {
/*
* remove unwanted option (rw/ro is already set)
*/
if (!ent || !ent->id)
continue;
/* ignore name=<value> if options map expects <name> only */
if (valsz && mnt_optmap_entry_novalue(ent))
continue;
if (ent->id == MS_RDONLY ||
(ent->mask & MNT_INVERT) ||
(fl & ent->id) != (unsigned long) ent->id) {
char *end = val ? val + valsz :
name + namesz;
next = name;
rc = mnt_optstr_remove_option_at(
optstr, name, end);
if (rc)
goto err;
}
if (!(ent->mask & MNT_INVERT))
fl &= ~ent->id;
}
}
}
/* add missing options */
if (fl) {
const struct libmnt_optmap *ent;
char *p;
for (ent = map; ent && ent->name; ent++) {
if ((ent->mask & MNT_INVERT)
|| ent->id == 0
|| (fl & ent->id) != (unsigned long) ent->id)
continue;
/* don't add options which require values (e.g. offset=%d) */
p = strchr(ent->name, '=');
if (p) {
if (p > ent->name && *(p - 1) == '[')
p--; /* name[=] */
else
continue; /* name= */
p = strndup(ent->name, p - ent->name);
if (!p) {
rc = -ENOMEM;
goto err;
}
mnt_optstr_append_option(optstr, p, NULL);
free(p);
} else
mnt_optstr_append_option(optstr, ent->name, NULL);
}
}
DBG(CXT, mnt_debug("new optstr '%s'", *optstr));
return rc;
err:
DBG(CXT, mnt_debug("failed to apply flags [rc=%d]", rc));
return rc;
}
/*
* Allocates utab entry (upd->fs) for mount/remount. This function should be
* called *before* mount(2) syscall. The @fs is used as a read-only template.
*
* Returns: 0 on success, negative number on error, 1 if utabs update is
* unnecessary.
*/
static int utab_new_entry(struct libmnt_update *upd, struct libmnt_fs *fs,
unsigned long mountflags)
{
int rc = 0;
const char *o = NULL, *a = NULL;
char *u = NULL;
assert(fs);
assert(upd);
assert(upd->fs == NULL);
assert(!(mountflags & MS_MOVE));
DBG(UPDATE, mnt_debug("prepare utab entry"));
o = mnt_fs_get_user_options(fs);
a = mnt_fs_get_attributes(fs);
upd->fs = NULL;
if (o) {
/* remove non-mtab options */
rc = mnt_optstr_get_options(o, &u,
mnt_get_builtin_optmap(MNT_USERSPACE_MAP),
MNT_NOMTAB);
if (rc)
goto err;
}
if (!u && !a) {
DBG(UPDATE, mnt_debug("utab entry unnecessary (no options)"));
return 1;
}
/* allocate the entry */
upd->fs = mnt_copy_fs(NULL, fs);
if (!upd->fs) {
rc = -ENOMEM;
goto err;
}
rc = mnt_fs_set_options(upd->fs, u);
if (rc)
goto err;
rc = mnt_fs_set_attributes(upd->fs, a);
if (rc)
goto err;
if (!(mountflags & MS_REMOUNT)) {
rc = set_fs_root(upd, fs, mountflags);
if (rc)
goto err;
}
free(u);
DBG(UPDATE, mnt_debug("utab entry OK"));
return 0;
err:
free(u);
mnt_free_fs(upd->fs);
upd->fs = NULL;
return rc;
}
