[Bugs] [Bug 1297182] Mounting with "-o noatime" or "-o noexec" causes "nosuid, nodev" to be set as well

bugzilla at redhat.com bugzilla at redhat.com
Wed Jan 18 07:20:03 UTC 2017 

https://bugzilla.redhat.com/show_bug.cgi?id=1297182



--- Comment #14 from Worker Ant <bugzilla-bot at gluster.org> ---
COMMIT: http://review.gluster.org/15766 committed in master by Raghavendra G
(rgowdapp at redhat.com) 
------
commit 90cb8c49787d41a46e5b86d73bdc515f54aff4c0
Author: Csaba Henk <csaba at redhat.com>
Date:   Wed Nov 2 07:22:39 2016 +0100

    fuse: limit fusermount fallback to EPERM cases

    There are two mount mechanims for fuse:
    1) Call mount(2) syscall directly -- implemented by fuse_mount_sys
    2) Call out to fusermount(1) helper utilty to do the mount --
       implemented by fuse_mount_fusermount
       [Note: both libfuse and glusterfs ships a variant of this helper
       utility; named, respectively, fusermount and fusermount-glusterfs.
       The two has diverged, and are not compatible at the moment.]

    The intended use of 1) is privileged mounting, ie. when root
    is invoking the glusterfs client. (It cannot work for non-privileged
    users as the kernel enforces privilege for mount(2), more precisely,
    caller context needs CAP_SYS_ADMIN, see capabilities(7).)

    The intended use of 2) is unprivileged mountig, ie. when
    the glusterfs client is invoked by an unprivileged user.
    The helper utility is a setuid binary, so it can perform
    mount(2) on behalf of the user.

    The main mount routine, gf_fuse_mount, calls fuse_mount_sys first,
    and if that fails, tries also with fuse_mount_fusermount. This
    is what we call "fusermount fallback". However, in the light of
    the above remarks about intended use, this logic should apply if
    the fuse_mount_fusermount fails because of a privilege shortage,
    ie. with error "Operation not permitted" (errno EPERM).

    So far the fallback was unconditional (masking bugs of
    fuser_mount_sys, as it happens in referred BUG). Now we
    add the "errno == EPERM" condition.

    BUG: 1297182
    Change-Id: Ia89d975d1e27fcfa5ab2036ba546aa8fa0d2d1b0
    Signed-off-by: Csaba Henk <csaba at redhat.com>
    Reviewed-on: http://review.gluster.org/15766
    Smoke: Gluster Build System <jenkins at build.gluster.org>
    NetBSD-regression: NetBSD Build System <jenkins at build.gluster.org>
    CentOS-regression: Gluster Build System <jenkins at build.gluster.org>

-- 
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=0P03TBfxL6&a=cc_unsubscribe

More information about the Bugs mailing list