diff --git a/cifs-utils.spec b/cifs-utils.spec index a8c00f4..1a1036d 100644 --- a/cifs-utils.spec +++ b/cifs-utils.spec @@ -3,7 +3,7 @@ Name: cifs-utils Version: 4.8.1 -Release: 3%{pre_release}%{?dist} +Release: 4%{pre_release}%{?dist} Summary: Utilities for mounting and managing CIFS mounts Group: System Environment/Daemons @@ -17,6 +17,7 @@ BuildRequires: libcap-ng-devel libtalloc-devel krb5-devel keyutils-libs-devel a Requires: keyutils Patch0: mount.cifs-don-t-try-to-alter-mtab-if-it-s-a-symlink.patch +Patch1: mount.cifs-reacquire-CAP_DAC_READ_SEARCH-before-call.patch %description The SMB/CIFS protocol is a standard file sharing protocol widely deployed @@ -29,6 +30,7 @@ file system. %prep %setup -q -n %{name}-%{version}%{pre_release} %patch0 -p1 +%patch1 -p1 %build %configure --prefix=/usr @@ -50,6 +52,9 @@ rm -rf %{buildroot} %{_mandir}/man8/mount.cifs.8.gz %changelog +* Tue Feb 08 2011 Jeff Layton 4.8.1-4 +- mount.cifs: reenable CAP_DAC_READ_SEARCH when mounting (bz# 675761) + * Tue Feb 08 2011 Fedora Release Engineering - 4.8.1-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild diff --git a/mount.cifs-reacquire-CAP_DAC_READ_SEARCH-before-call.patch b/mount.cifs-reacquire-CAP_DAC_READ_SEARCH-before-call.patch new file mode 100644 index 0000000..657b319 --- /dev/null +++ b/mount.cifs-reacquire-CAP_DAC_READ_SEARCH-before-call.patch @@ -0,0 +1,48 @@ +From 13a8647625d556e583abaff4ab248e465374f914 Mon Sep 17 00:00:00 2001 +From: Jeff Layton +Date: Tue, 8 Feb 2011 15:01:37 -0500 +Subject: [PATCH] mount.cifs: reacquire CAP_DAC_READ_SEARCH before calling mount(2) + +It's possible that the user is trying to mount onto a directory to which +he doesn't have execute perms. If that's the case then the mount will +currently fail. Fix this by reenabling CAP_DAC_READ_SEARCH before +calling mount(2). That will ensure that the kernel's permissions check +for this is bypassed. + +Reported-by: Erik Logtenberg +Signed-off-by: Jeff Layton +--- + mount.cifs.c | 10 ++++++++-- + 1 files changed, 8 insertions(+), 2 deletions(-) + +diff --git a/mount.cifs.c b/mount.cifs.c +index 3a2b539..8e1e32b 100644 +--- a/mount.cifs.c ++++ b/mount.cifs.c +@@ -1898,8 +1898,13 @@ mount_retry: + else + fstype = cifs_fstype; + +- if (!parsed_info->fakemnt +- && mount(dev_name, ".", fstype, parsed_info->flags, options)) { ++ if (!parsed_info->fakemnt) { ++ toggle_dac_capability(0, 1); ++ rc = mount(dev_name, ".", fstype, parsed_info->flags, options); ++ toggle_dac_capability(0, 0); ++ if (rc == 0) ++ goto do_mtab; ++ + switch (errno) { + case ECONNREFUSED: + case EHOSTUNREACH: +@@ -1934,6 +1939,7 @@ mount_retry: + goto mount_exit; + } + ++do_mtab: + if (!parsed_info->nomtab && !mtab_unusable()) + rc = add_mtab(orig_dev, mountpoint, parsed_info->flags, fstype); + +-- +1.7.4 +