1 // $Id: secure-mount.c 2840 2009-06-23 18:16:53Z dhozac $ --*- c++ -*--
3 // Copyright (C) 2003 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de>
5 // This program is free software; you can redistribute it and/or modify
6 // it under the terms of the GNU General Public License as published by
7 // the Free Software Foundation; version 2 of the License.
9 // This program is distributed in the hope that it will be useful,
10 // but WITHOUT ANY WARRANTY; without even the implied warranty of
11 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 // GNU General Public License for more details.
14 // You should have received a copy of the GNU General Public License
15 // along with this program; if not, write to the Free Software
16 // Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
19 // secure-mount <general mount(8) options> [--chroot]
20 // [--mtab <mtabfile>] [--fstab <fstabfile>]
22 // Executes mount-operations under the current directory: it assumes sources
23 // in the current root-dir while destinations are expected in the chroot
32 #include "pathconfig.h"
34 #include <lib/internal.h>
45 #include <sys/mount.h>
47 #include <sys/types.h>
57 #define ENSC_WRAPPERS_FCNTL 1
58 #define ENSC_WRAPPERS_UNISTD 1
61 #define MNTPOINT "/etc"
63 typedef enum { rfsYES, rfsNO, rfsONLY } RootFsOption;
88 #define OPTION_BIND 1024
89 #define OPTION_MOVE 1025
90 #define OPTION_MTAB 1026
91 #define OPTION_FSTAB 1027
92 #define OPTION_CHROOT 1028
93 #define OPTION_SECURE 1029
94 #define OPTION_RBIND 1030
95 #define OPTION_ROOTFS 1031
97 #define XFLAG_NOAUTO 0x01
99 static struct option const
100 CMDLINE_OPTIONS[] = {
101 { "help", no_argument, 0, 'h' },
102 { "version", no_argument, 0, 'v' },
103 { "bind", no_argument, 0, OPTION_BIND },
104 { "move", no_argument, 0, OPTION_MOVE },
105 { "mtab", required_argument, 0, OPTION_MTAB },
106 { "fstab", required_argument, 0, OPTION_FSTAB },
107 { "rootfs", required_argument, 0, OPTION_ROOTFS },
108 { "chroot", no_argument, 0, OPTION_CHROOT },
109 { "secure", no_argument, 0, OPTION_SECURE },
110 { "rbind", no_argument, 0, OPTION_RBIND },
115 #define MS_REC 0x4000
117 #ifndef MS_UNBINDABLE
118 #define MS_UNBINDABLE (1<<17)
121 #define MS_PRIVATE (1<<18)
124 #define MS_SLAVE (1<<19)
127 #define MS_SHARED (1<<20)
130 static struct FstabOption {
131 char const * const opt;
132 unsigned long const flag;
133 unsigned long const mask;
134 unsigned long const xflag;
136 } const FSTAB_OPTIONS[] = {
137 { "defaults", MS_NODEV, (MS_RDONLY|MS_NOSUID|MS_NODEV|MS_NOEXEC|
138 MS_SYNCHRONOUS), 0, false },
139 { "rbind", MS_BIND|MS_REC, MS_BIND|MS_REC, 0, false },
140 { "bind", MS_BIND, MS_BIND, 0, false },
141 { "move", MS_MOVE, MS_MOVE, 0, false },
142 { "async", 0, MS_SYNCHRONOUS, 0, false },
143 { "sync", MS_SYNCHRONOUS, MS_SYNCHRONOUS, 0, false },
144 { "atime", 0, MS_NOATIME, 0, false },
145 { "noatime", MS_NOATIME, MS_NOATIME, 0, false },
146 { "dev", 0, MS_NODEV, 0, false },
147 { "nodev", MS_NODEV, MS_NODEV, 0, false },
148 { "exec", 0, MS_NOEXEC, 0, false },
149 { "noexec", MS_NOEXEC, MS_NOEXEC, 0, false },
150 { "suid", 0, MS_NOSUID, 0, false },
151 { "nosuid", MS_NOSUID, MS_NOSUID, 0, false },
152 { "ro", MS_RDONLY, MS_RDONLY, 0, false },
153 { "rw", 0, MS_RDONLY, 0, false },
155 { "remount", MS_REMOUNT, MS_REMOUNT, 0, false },
156 { "users", MS_NOEXEC|MS_NOSUID|MS_NODEV,
157 MS_NOEXEC|MS_NOSUID|MS_NODEV, 0, false },
158 { "mandlock", MS_MANDLOCK, MS_MANDLOCK, 0, false },
159 { "nodiratime", MS_NODIRATIME, MS_NODIRATIME, 0, false },
161 { "dirsync", MS_DIRSYNC, MS_DIRSYNC, 0, false },
163 { "_netdev", 0, 0, 0, false },
164 { "auto", 0, 0, 0, false },
165 { "noauto", 0, 0, XFLAG_NOAUTO, false },
166 { "user", 0, 0, 0, false },
167 { "nouser", 0, 0, 0, false },
168 { "rec", MS_REC, MS_REC, 0, false },
169 { "unbindable", MS_UNBINDABLE, MS_UNBINDABLE, 0, false },
170 { "private", MS_PRIVATE, MS_PRIVATE, 0, false },
171 { "slave", MS_SLAVE, MS_SLAVE, 0, false },
172 { "shared", MS_SHARED, MS_SHARED, 0, false },
175 int wrapper_exit_code = 1;
178 showHelp(int fd, char const *cmd, int res)
180 VSERVER_DECLARE_CMD(cmd);
182 WRITE_MSG(fd, "Usage: ");
185 " [--help] [--version] [--bind] [--move] [--rbind] [-t <type>] [--chroot]\n"
186 " [--mtab <filename>] [--fstab <filename>] [--rootfs yes|no|only]\n"
187 " [-n] -a|([-o <options>] [--] <src> <dst>)\n\n"
188 "Executes mount-operations under the current directory: it assumes sources in\n"
189 "the current root-dir while destinations are expected in the chroot environment.\n\n"
190 "For non-trivial mount-operations it uses the external 'mount' program which\n"
191 "can be overridden by the $MOUNT environment variable.\n\n"
193 " --bind|move|rbind ... set the correspond flags; with this options\n"
194 " the mount will be executed internally without\n"
195 " calling an external mount program.\n"
196 " -t <type> ... assume the given filesystem type\n"
197 " -o <options> ... set additional options; see mount(2) for details\n"
198 " -n ... do not update the mtab-file\n"
199 " --mtab <filename> ... use <filename> as an alternative mtab file\n"
200 " [default: /etc/mtab]\n"
201 " --chroot ... chroot into the current directory before\n"
202 " mounting the filesystem\n"
203 " --fstab <filename> ... use <filename> as an alternative fstab file;\n"
204 " this option has an effect only with the '-a'\n"
205 " option [default: /etc/fstab]\n"
206 " --rootfs yes|no|only ... specifies how to handle an entry for a rootfs\n"
207 " ('/') when processing an fstab file. 'yes' will\n"
208 " mount it among the other entries, 'only' will\n"
209 " mount only the rootfs entry, and 'no' will ignore\n"
210 " it and mount only the other entries [default: yes]\n"
211 " -a ... mount everything listed in the fstab-file\n\n"
212 " <src> ... the source-filesystem; this path is absolute\n"
213 " to the current root-filesystem. Only valid\n"
214 " without the '-a' option.\n"
215 " <dst> ... the destination mount-point; when used with\n"
216 " '--chroot', this path is relative to the current\n"
217 " directory. Only valid without the '-a' option\n\n"
218 "Please report bugs to " PACKAGE_BUGREPORT "\n");
227 "secure-mount " VERSION " -- secure mounting of directories\n"
228 "This program is part of " PACKAGE_STRING "\n\n"
229 "Copyright (C) 2003 Enrico Scholz\n"
230 VERSION_COPYRIGHT_DISCLAIMER);
235 isSameObject(struct stat const *lhs,
236 struct stat const *rhs)
238 return (lhs->st_dev==rhs->st_dev &&
239 lhs->st_ino==rhs->st_ino);
245 if (fchdir(fd)==-1 || chroot(".")==-1) return -1;
250 writeX(int fd, void const *buf, size_t len)
252 if ((size_t)(write(fd, buf, len))!=len) return -1;
257 writeStrX(int fd, char const *str)
259 return writeX(fd, str, strlen(str));
262 static inline char const *
263 getType(struct MountInfo const *mnt)
265 if (mnt->type==0) return "none";
266 else if (strncmp(mnt->type, "ext", 3)==0) return "ufs";
267 else return mnt->type;
271 restoreRoot(struct Options const *opt)
273 if (opt->do_chroot!=0 && fchroot(opt->cur_rootdir_fd)==-1) {
274 perror("secure-mount: fchdir(\"/\")");
275 WRITE_MSG(2, "Failed to restore root-directory; aborting\n");
281 updateMtab(struct MountInfo const *mnt, struct Options const *opt)
285 assert(opt->mtab!=0);
287 if (opt->do_chroot && fchroot(opt->cur_dir_fd)==-1) {
288 perror("secure-mount: fchroot(\".\")");
292 fd=open(opt->mtab, O_CREAT|O_APPEND|O_WRONLY, 0644);
295 perror("secure-mount: open(<mtab>)");
299 if (lockf(fd, F_LOCK, 0)==-1) {
300 perror("secure-mount: lockf()");
304 if (writeStrX(fd, mnt->src)==-1 ||
305 writeStrX(fd, " ")==-1 ||
306 writeStrX(fd, mnt->dst)==-1 ||
307 writeStrX(fd, " ")==-1 ||
308 writeStrX(fd, getType(mnt))==-1 ||
309 writeStrX(fd, " ")==-1 ||
310 writeStrX(fd, mnt->data ? mnt->data : "defaults")==-1 ||
311 writeStrX(fd, " 0 0\n")==-1) {
312 perror("secure-mount: write()");
325 callExternalMount(struct MountInfo const *mnt)
327 char const * argv[10];
331 char const * mount_prog = getenv("MOUNT");
333 if (mount_prog==0) mount_prog = MOUNT_PROG;
335 argv[idx++] = mount_prog;
337 if (mnt->flag & MS_BIND) argv[idx++] = "--bind";
338 else if (mnt->flag & MS_MOVE) argv[idx++] = "--move";
341 if (mnt->data && *mnt->data &&
342 strcmp(mnt->data, "defaults")!=0) {
343 if (mnt->mask & MS_NODEV)
344 argv[idx++] = mnt->data;
346 char * tmp = alloca(strlen(mnt->data) + sizeof("nodev,"));
347 strcpy(tmp, "nodev,");
348 strcat(tmp, mnt->data);
353 argv[idx++] = "nodev";
357 argv[idx++] = mnt->type;
360 argv[idx++] = mnt->src;
366 perror("secure-mount: fork()");
371 execv(mount_prog, const_cast(char **)(argv));
372 PERROR_Q("secure-mount: execv", mount_prog);
376 if (wait4(pid, &status, 0, 0)==-1) {
377 perror("secure-mount: wait4()");
381 return (WIFEXITED(status)) && (WEXITSTATUS(status)==0);
385 secureChdir(char const *dir, struct Options const *opt)
390 if (opt->do_chroot!=0 && fchroot(opt->cur_dir_fd)==-1) {
391 perror("secure-mount: fchroot(\".\")");
395 if (chdir(dir)==-1) {
396 PERROR_Q("secure-mount: chdir", dir);
400 dir_fd = open(".", O_RDONLY|O_DIRECTORY);
402 perror("secure-mount: open(\".\")");
407 if (fchdir(dir_fd)==-1)
408 PERROR_Q("secure-mount: fchdir", dir);
421 canHandleInternal(struct MountInfo const *mnt)
423 static char const * FS[] = {
424 "tmpfs", "sysfs", "proc", "sockfs", "pipefs", "futexfs",
425 "inotifyfs", "devpts", "ext3", "ext2", "ramfs",
426 "hugetlbfs", "usbfs", "binfmt_misc",
431 if (!mnt) return false;
432 else if ((mnt->flag & (MS_BIND|MS_MOVE))) return true;
433 else if ((mnt->flag & (MS_SHARED|MS_SLAVE|MS_PRIVATE|
434 MS_UNBINDABLE))) return true;
435 else if (mnt->type==0) return false;
437 for (i=FS+0; *i!=0; ++i)
438 if (strcmp(mnt->type, *i)==0) return true;
444 mountSingle(struct MountInfo const *mnt, struct Options const *opt)
448 if (!secureChdir(mnt->dst, opt))
451 if (canHandleInternal(mnt)) {
452 if (mount(mnt->src, ".",
453 mnt->type ? mnt->type : "",
454 mnt->flag, mnt->data_parsed)==-1) {
455 perror("secure-mount: mount()");
458 if ((mnt->flag & MS_BIND) &&
459 (mnt->flag & ~(MS_BIND|MS_REC))) {
460 /* This is needed to put us in the new mountpoint */
461 if (!secureChdir(mnt->dst, opt))
463 if (mount(mnt->src, ".",
464 mnt->type ? mnt->type : "",
465 (mnt->flag | MS_REMOUNT), NULL) == -1 &&
466 errno != EBUSY) { /* Returned on older kernels */
467 perror("secure-mount: mount()");
472 else if (!callExternalMount(mnt))
475 if (!opt->ignore_mtab &&
476 updateMtab(mnt, opt)==-1) {
477 WRITE_MSG(2, "Failed to update mtab-file\n");
484 static struct FstabOption const *
485 searchOption(char const *opt, size_t len)
487 struct FstabOption const * i;
488 for (i=FSTAB_OPTIONS+0; i<FSTAB_OPTIONS+DIM_OF(FSTAB_OPTIONS); ++i)
489 if (strncmp(i->opt, opt, len)==0) return i;
495 transformOptionList(struct MountInfo *info, size_t UNUSED *col)
497 char const * ptr = info->data;
498 char * data = malloc(strlen(info->data));
502 char const * pos = strchr(ptr, ',');
503 struct FstabOption const * opt;
505 if (pos==0) pos = ptr+strlen(ptr);
506 opt = searchOption(ptr, pos-ptr);
509 info->flag &= ~opt->mask;
510 info->flag |= opt->flag;
511 info->mask |= opt->mask;
512 info->xflag |= opt->xflag;
517 strncpy(dst, ptr, pos-ptr);
527 } while (*ptr!='\0');
529 info->data_parsed = data;
533 #define MOVE_TO_NEXT_FIELD(PTR,ALLOW_EOL) \
534 while (!isspace(*PTR) && *PTR!='\0') ++PTR; \
535 if (col) *col = buf-start_buf+1; \
536 if (!(ALLOW_EOL) && *PTR=='\0') return prFAIL; \
538 while (isspace(*PTR)) ++PTR
540 static enum {prDOIT, prFAIL, prIGNORE}
541 parseFstabLine(struct MountInfo *info, char *buf, size_t *col)
543 char const * const start_buf = buf;
546 while (isspace(*buf)) ++buf;
547 if (*buf=='#' || *buf=='\0') return prIGNORE;
550 MOVE_TO_NEXT_FIELD(buf, false);
552 MOVE_TO_NEXT_FIELD(buf, false);
554 MOVE_TO_NEXT_FIELD(buf, false);
555 err_col = buf-start_buf+1;
557 MOVE_TO_NEXT_FIELD(buf, true);
559 info->flag = MS_NODEV;
563 if (strcmp(info->type, "swap") ==0) return prIGNORE;
564 else if (strcmp(info->type, "none") ==0) info->type = 0;
565 else if (strcmp(info->type, "devpts")==0) {
566 info->mask |= MS_NODEV;
567 info->flag &= ~MS_NODEV;
570 if (col) *col = err_col;
571 if (!transformOptionList(info,col)) return prFAIL;
572 if (info->xflag & XFLAG_NOAUTO) return prIGNORE;
577 #undef MOVE_TO_NEXT_FIELD
580 showFstabPosition(int fd, char const *fname, size_t line_nr, size_t col_nr)
582 char buf[3*sizeof(line_nr)*2 + 4];
583 size_t len = utilvserver_fmt_uint(buf+1, line_nr)+1;
587 len += utilvserver_fmt_uint(buf+len, col_nr);
588 WRITE_STR(fd, fname);
589 Vwrite(fd, buf, len);
594 mountFstab(struct Options const *opt)
600 assert(opt->fstab!=0);
601 fd = open(opt->fstab, O_RDONLY);
603 perror("secure-mount: open(<fstab>)");
607 len = lseek(fd, 0, SEEK_END);
609 lseek(fd, 0, SEEK_SET)==-1) {
610 perror("secure-mount: lseek(<fstab>)");
617 size_t line_nr=0, col_nr;
619 if (read(fd, buf, len+1)!=len) {
620 perror("secure-mount: read()");
623 buf[len] = '#'; // workaround for broken dietlibc strtok_r()
628 while ((ptr=strsep(&ptrptr, "\n")) != 0) {
629 struct MountInfo mnt;
632 switch (parseFstabLine(&mnt, ptr, &col_nr)) {
634 showFstabPosition(2, opt->fstab, line_nr, col_nr);
635 WRITE_MSG(2, ": syntax error\n");
638 case prIGNORE : break;
640 bool is_rootfs = (strcmp(mnt.dst, "/")==0);
642 if (( is_rootfs && opt->rootfs==rfsNO) ||
643 (!is_rootfs && opt->rootfs==rfsONLY)) { /* ignore the entry */ }
644 else if (!mountSingle(&mnt, opt)) {
645 showFstabPosition(2, opt->fstab, line_nr, 1);
646 WRITE_MSG(2, ": failed to mount fstab-entry\n");
663 initFDs(struct Options *opt)
665 opt->cur_dir_fd = Eopen(".", O_RDONLY|O_DIRECTORY, 0);
666 opt->cur_rootdir_fd = Eopen("/", O_RDONLY|O_DIRECTORY, 0);
668 Efcntl(opt->cur_dir_fd, F_SETFD, FD_CLOEXEC);
669 Efcntl(opt->cur_rootdir_fd, F_SETFD, FD_CLOEXEC);
673 parseRootFS(char const *str)
675 if (strcasecmp(str, "yes")==0) return rfsYES;
676 else if (strcasecmp(str, "no")==0) return rfsNO;
677 else if (strcasecmp(str, "only")==0) return rfsONLY;
679 WRITE_MSG(2, "secure-mount: invalid option for '--rootfs': '");
682 exit(wrapper_exit_code);
686 int main(int argc, char *argv[])
688 struct MountInfo mnt = {
697 struct Options opt = {
699 .fstab = "/etc/fstab",
701 .ignore_mtab = false,
704 .cur_rootdir_fd = -1,
709 int c = getopt_long(argc, argv, "ht:nao:", CMDLINE_OPTIONS, 0);
713 case 'h' : showHelp(1, argv[0], 0);
714 case 'v' : showVersion();
715 case 't' : mnt.type = optarg; break;
716 case 'n' : opt.ignore_mtab = true; break;
717 case 'a' : opt.mount_all = true; break;
718 case 'o' : mnt.data = optarg; break;
719 case OPTION_RBIND : mnt.flag |= MS_REC; /*@fallthrough@*/
720 case OPTION_BIND : mnt.flag |= MS_BIND; break;
721 case OPTION_MOVE : mnt.flag |= MS_MOVE; break;
722 case OPTION_MTAB : opt.mtab = optarg; break;
723 case OPTION_FSTAB : opt.fstab = optarg; break;
724 case OPTION_CHROOT: opt.do_chroot = true; break;
725 case OPTION_ROOTFS: opt.rootfs = parseRootFS(optarg); break;
727 WRITE_MSG(2, "secure-mount: The '--secure' option is deprecated...\n");
730 WRITE_MSG(2, "Try '");
731 WRITE_STR(2, argv[0]);
732 WRITE_MSG(2, " --help' for more information.\n");
739 if (opt.mount_all && optind<argc) {
740 WRITE_MSG(2, "Can not specify <src> and '-a' at the same time\n");
745 signal(SIGCHLD, SIG_DFL);
748 if (!mountFstab(&opt)) return EXIT_FAILURE;
749 else return EXIT_SUCCESS;
752 if (optind+2!=argc) {
753 WRITE_MSG(2, "Invalid <src> <dst> pair specified\n");
758 mnt.data = strdup(mnt.data);
759 if (!transformOptionList(&mnt, 0)) {
760 WRITE_MSG(2, "Invalid options specified\n");
765 mnt.src = argv[optind++];
766 mnt.dst = argv[optind++];
768 if (!mountSingle(&mnt, &opt)) return EXIT_FAILURE;
git://git.onelab.eu / util-vserver.git / blob