Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 43745 Details for
Bug 70873
patches for mount: ignore managed/kudzu options
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
add pamconsole option to mount
util-linux-2.12a-console.patch (text/plain), 5.08 KB, created by
foser (RETIRED)
on 2004-11-11 15:08:33 UTC
(
hide
)
Description:
add pamconsole option to mount
Filename:
MIME Type:
Creator:
foser (RETIRED)
Created:
2004-11-11 15:08:33 UTC
Size:
5.08 KB
patch
obsolete
>--- util-linux-2.12a/mount/mount.c.orig 2004-09-30 13:07:28.490460000 -0400 >+++ util-linux-2.12a/mount/mount.c 2004-09-30 14:35:18.871368000 -0400 >@@ -130,14 +130,15 @@ > #define MS_USERS 0x40000000 > #define MS_USER 0x20000000 > #define MS_OWNER 0x10000000 >+#define MS_PAMCONSOLE 0x08000000 > #define MS_NETDEV 0x00020000 > #define MS_LOOP 0x00010000 > > /* Options that we keep the mount system call from seeing. */ >-#define MS_NOSYS (MS_NOAUTO|MS_USERS|MS_USER|MS_NETDEV|MS_LOOP) >+#define MS_NOSYS (MS_NOAUTO|MS_USERS|MS_USER|MS_NETDEV|MS_LOOP|MS_PAMCONSOLE) > > /* Options that we keep from appearing in the options field in the mtab. */ >-#define MS_NOMTAB (MS_REMOUNT|MS_NOAUTO|MS_USERS|MS_USER) >+#define MS_NOMTAB (MS_REMOUNT|MS_NOAUTO|MS_USERS|MS_USER|MS_PAMCONSOLE) > > /* Options that we make ordinary users have by default. */ > #define MS_SECURE (MS_NOEXEC|MS_NOSUID|MS_NODEV) >@@ -170,6 +171,8 @@ > { "noowner", 0, 1, MS_OWNER }, /* Device owner has no special privs */ > { "_netdev", 0, 0, MS_NETDEV }, /* Device accessible only via network */ > /* add new options here */ >+ { "pamconsole", 0, 0, MS_PAMCONSOLE }, /* Allow users at console to mount */ >+ { "nopamconsole", 0, 1, MS_PAMCONSOLE }, /* Console user has no special privs */ > #ifdef MS_NOSUB > { "sub", 0, 1, MS_NOSUB }, /* allow submounts */ > { "nosub", 0, 0, MS_NOSUB }, /* don't allow submounts */ >@@ -283,11 +286,12 @@ > *mask &= ~om->mask; > else > *mask |= om->mask; >- if ((om->mask == MS_USER || om->mask == MS_USERS) >+ if ((om->mask == MS_USER || om->mask == MS_USERS || om->mask == MS_PAMCONSOLE) > && !om->inv) > *mask |= MS_SECURE; > if ((om->mask == MS_OWNER) && !om->inv) > *mask |= MS_OWNERSECURE; >+ > #ifdef MS_SILENT > if (om->mask == MS_SILENT && om->inv) { > mount_quiet = 1; >@@ -538,6 +542,27 @@ > } > } > } >+ /* Red Hat patch: allow users at console to mount when fstab >+ contains the console option. This option should not be used >+ in a high security environment but is useful to give console >+ users the possibility of using locally attached devices >+ such as USB keychains and USB harddisks where it is now suitable >+ to give the console owner write access to the device node */ >+ if (*flags & MS_PAMCONSOLE) { >+ char *username; >+ char pamconsole_file_name[256]; >+ struct stat sb; >+ >+ username = getusername (); >+ >+ if (username != NULL) { >+ snprintf (pamconsole_file_name, sizeof (pamconsole_file_name), >+ "/var/run/console/%s", username); >+ if (stat (pamconsole_file_name, &sb) == 0) { >+ *flags |= MS_USER; >+ } >+ } >+ } > /* James Kehl <mkehl@gil.com.au> came with a similar patch: > allow an arbitrary user to mount when he is the owner of > the mount-point and has write-access to the device. >@@ -556,6 +581,9 @@ > > if (*flags & MS_OWNER) > *flags &= ~MS_OWNER; >+ >+ if (*flags & MS_PAMCONSOLE) >+ *flags &= ~MS_PAMCONSOLE; > } > > static int >--- util-linux-2.12a/mount/umount.c.orig 2004-09-30 13:07:34.382562000 -0400 >+++ util-linux-2.12a/mount/umount.c 2004-09-30 14:32:48.152239000 -0400 >@@ -541,7 +541,7 @@ > struct mntentchn *mc, *fs; > char *file; > string_list options; >- int fstab_has_user, fstab_has_users, fstab_has_owner, ok; >+ int fstab_has_user, fstab_has_users, fstab_has_owner, fstab_has_pamconsole, ok; > > file = canonicalize(arg); /* mtab paths are canonicalized */ > if (verbose > 1) >@@ -598,12 +598,15 @@ > fstab_has_user = contains(options, "user"); > fstab_has_users = contains(options, "users"); > fstab_has_owner = contains(options, "owner"); >+ fstab_has_pamconsole = contains(options, "pamconsole"); > ok = 0; > > if (fstab_has_users) > ok = 1; > >- if (!ok && (fstab_has_user || fstab_has_owner)) { >+ if (!ok && (fstab_has_user || fstab_has_owner || fstab_has_pamconsole)) { >+ char pamconsole_file_name[256]; >+ struct stat sb; > char *user = getusername(); > > options = parse_list (mc->m.mnt_opts); >@@ -611,6 +614,14 @@ > > if (user && mtab_user && streq (user, mtab_user)) > ok = 1; >+ >+ /*pam_console user check*/ >+ if (user && fstab_has_pamconsole) { >+ snprintf (pamconsole_file_name, sizeof (pamconsole_file_name), "/var/run/console/%s", user); >+ if (stat (pamconsole_file_name, &sb) == 0) { >+ ok = 1; >+ } >+ } > } > if (!ok) > die (2, _("umount: only %s can unmount %s from %s"), >--- util-linux-2.12a/mount/fstab.5.orig 2004-09-30 14:45:29.975652000 -0400 >+++ util-linux-2.12a/mount/fstab.5 2004-09-30 14:48:47.129301000 -0400 >@@ -156,10 +156,11 @@ > .BR nfs (5). > Common for all types of file system are the options ``noauto'' > (do not mount when "mount -a" is given, e.g., at boot time), ``user'' >-(allow a user to mount), and ``owner'' >-(allow device owner to mount), and ``_netdev'' (device requires network >+(allow a user to mount), ``owner'' >+(allow device owner to mount), and ``pamconsole'' >+(allow a user at the console to mount), and ``_netdev'' (device requires network > to be available). >-The ``owner'' and ``_netdev'' options are Linux-specific. >+The ``owner'', ``pamconsole'' and ``_netdev'' options are Linux-specific. > For more details, see > .BR mount (8). >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 70873
:
43744
| 43745