git: 195f1b124da4 - main - vfs_mount.c: fix vfs_domount() for PRIV_VFS_MOUNT_EXPORTED
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Fri, 16 Dec 2022 21:02:29 UTC
The branch main has been updated by rmacklem:
URL: https://cgit.FreeBSD.org/src/commit/?id=195f1b124da4bf73d951cd251dffd9485672fe0a
commit 195f1b124da4bf73d951cd251dffd9485672fe0a
Author: Rick Macklem <rmacklem@FreeBSD.org>
AuthorDate: 2022-12-16 21:01:23 +0000
Commit: Rick Macklem <rmacklem@FreeBSD.org>
CommitDate: 2022-12-16 21:01:23 +0000
vfs_mount.c: fix vfs_domount() for PRIV_VFS_MOUNT_EXPORTED
It appears that, prior to r158857 vfs_domount() checked
suser() when MNT_EXPORTED was specified.
r158857 appears to have broken this, since MNT_EXPORTED
was no longer set when mountd.c was converted to use nmount(2).
r164033 replaced the suser() check with
priv_check(td, PRIV_VFS_MOUNT_EXPORTED), which does the
same thing (ie. checks for effective uid == 0 assuming suses_enabled
is set).
This patch restores this check by setting MNT_EXPORTED when the
"export" mount option is specified to nmount().
I think this is reasonable since only mountd(8) should be setting
exports and I doubt any non-root mounted file system would
be setting its own exports.
Reviewed by: kib, markj
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D37718
---
sys/kern/vfs_mount.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/sys/kern/vfs_mount.c b/sys/kern/vfs_mount.c
index f49312ed4f57..bf8fd3b1c179 100644
--- a/sys/kern/vfs_mount.c
+++ b/sys/kern/vfs_mount.c
@@ -924,6 +924,8 @@ vfs_donmount(struct thread *td, uint64_t fsflags, struct uio *fsoptions)
fsflags |= MNT_SYNCHRONOUS;
else if (strcmp(opt->name, "union") == 0)
fsflags |= MNT_UNION;
+ else if (strcmp(opt->name, "export") == 0)
+ fsflags |= MNT_EXPORTED;
else if (strcmp(opt->name, "automounted") == 0) {
fsflags |= MNT_AUTOMOUNTED;
do_freeopt = 1;