1 // $Id: secure-mount.c,v 1.24 2005/03/24 12:45:06 ensc Exp $ --*- c++ -*--
3 // Copyright (C) 2003 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de>
5 // This program is free software; you can redistribute it and/or modify
6 // it under the terms of the GNU General Public License as published by
7 // the Free Software Foundation; version 2 of the License.
9 // This program is distributed in the hope that it will be useful,
10 // but WITHOUT ANY WARRANTY; without even the implied warranty of
11 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 // GNU General Public License for more details.
14 // You should have received a copy of the GNU General Public License
15 // along with this program; if not, write to the Free Software
16 // Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
19 // secure-mount <general mount(8) options> [--chroot]
20 // [--mtab <mtabfile>] [--fstab <fstabfile>]
22 // Executes mount-operations under the current directory: it assumes sources
23 // in the current root-dir while destinations are expected in the chroot
32 #include "pathconfig.h"
34 #include <lib/internal.h>
45 #include <sys/mount.h>
47 #include <sys/types.h>
56 #define ENSC_WRAPPERS_FCNTL 1
57 #define ENSC_WRAPPERS_UNISTD 1
60 #define MNTPOINT "/etc"
62 typedef enum { rfsYES, rfsNO, rfsONLY } RootFsOption;
86 #define OPTION_BIND 1024
87 #define OPTION_MOVE 1025
88 #define OPTION_MTAB 1026
89 #define OPTION_FSTAB 1027
90 #define OPTION_CHROOT 1028
91 #define OPTION_SECURE 1029
92 #define OPTION_RBIND 1030
93 #define OPTION_ROOTFS 1031
95 #define XFLAG_NOAUTO 0x01
97 static struct option const
99 { "help", no_argument, 0, 'h' },
100 { "version", no_argument, 0, 'v' },
101 { "bind", no_argument, 0, OPTION_BIND },
102 { "move", no_argument, 0, OPTION_MOVE },
103 { "mtab", required_argument, 0, OPTION_MTAB },
104 { "fstab", required_argument, 0, OPTION_FSTAB },
105 { "rootfs", required_argument, 0, OPTION_ROOTFS },
106 { "chroot", no_argument, 0, OPTION_CHROOT },
107 { "secure", no_argument, 0, OPTION_SECURE },
108 { "rbind", no_argument, 0, OPTION_RBIND },
113 # define MS_REC 0x4000
116 static struct FstabOption {
117 char const * const opt;
118 unsigned long const flag;
119 unsigned long const mask;
120 unsigned long const xflag;
122 } const FSTAB_OPTIONS[] = {
123 { "defaults", 0, (MS_RDONLY|MS_NOSUID|MS_NODEV|MS_NOEXEC|
124 MS_SYNCHRONOUS), 0, false },
125 { "rbind", MS_BIND|MS_REC, MS_BIND|MS_REC, 0, false },
126 { "bind", MS_BIND, MS_BIND, 0, false },
127 { "move", MS_MOVE, MS_MOVE, 0, false },
128 { "async", 0, MS_SYNCHRONOUS, 0, false },
129 { "sync", MS_SYNCHRONOUS, MS_SYNCHRONOUS, 0, false },
130 { "atime", 0, MS_NOATIME, 0, false },
131 { "noatime", MS_NOATIME, MS_NOATIME, 0, false },
132 { "dev", 0, MS_NODEV, 0, false },
133 { "nodev", MS_NODEV, MS_NODEV, 0, false },
134 { "exec", 0, MS_NOEXEC, 0, false },
135 { "noexec", MS_NOEXEC, MS_NOEXEC, 0, false },
136 { "suid", 0, MS_NOSUID, 0, false },
137 { "nosuid", MS_NOSUID, MS_NOSUID, 0, false },
138 { "ro", MS_RDONLY, MS_RDONLY, 0, false },
139 { "rw", 0, MS_RDONLY, 0, false },
141 { "remount", MS_REMOUNT, MS_REMOUNT, 0, false },
142 { "users", MS_NOEXEC|MS_NOSUID|MS_NODEV,
143 MS_NOEXEC|MS_NOSUID|MS_NODEV, 0, false },
144 { "mandlock", MS_MANDLOCK, MS_MANDLOCK, 0, false },
145 { "nodiratime", MS_NODIRATIME, MS_NODIRATIME, 0, false },
147 { "dirsync", MS_DIRSYNC, MS_DIRSYNC, 0, false },
149 { "_netdev", 0, 0, 0, false },
150 { "auto", 0, 0, 0, false },
151 { "noauto", 0, 0, XFLAG_NOAUTO, false },
152 { "user", 0, 0, 0, false },
153 { "nouser", 0, 0, 0, false },
156 int wrapper_exit_code = 1;
159 showHelp(int fd, char const *cmd, int res)
161 VSERVER_DECLARE_CMD(cmd);
163 WRITE_MSG(fd, "Usage: ");
166 " [--help] [--version] [--bind] [--move] [--rbind] [-t <type>] [--chroot]\n"
167 " [--mtab <filename>] [--fstab <filename>] [--rootfs yes|no|only]\n"
168 " [-n] -a|([-o <options>] [--] <src> <dst>)\n\n"
169 "Executes mount-operations under the current directory: it assumes sources in\n"
170 "the current root-dir while destinations are expected in the chroot environment.\n\n"
171 "For non-trivial mount-operations it uses the external 'mount' program which\n"
172 "can be overridden by the $MOUNT environment variable.\n\n"
174 " --bind|move|rbind ... set the correspond flags; with this options\n"
175 " the mount will be executed internally without\n"
176 " calling an external mount program.\n"
177 " -t <type> ... assume the given filesystem type\n"
178 " -o <options> ... set additional options; see mount(2) for details\n"
179 " -n ... do not update the mtab-file\n"
180 " --mtab <filename> ... use <filename> as an alternative mtab file\n"
181 " [default: /etc/mtab]\n"
182 " --chroot ... chroot into the current directory before\n"
183 " mounting the filesystem\n"
184 " --fstab <filename> ... use <filename> as an alternative fstab file;\n"
185 " this option has an effect only with the '-a'\n"
186 " option [default: /etc/fstab]\n"
187 " --rootfs yes|no|only ... specifies how to handle an entry for a rootfs\n"
188 " ('/') when processing an fstab file. 'yes' will\n"
189 " mount it among the other entries, 'only' will\n"
190 " mount only the rootfs entry, and 'no' will ignore\n"
191 " it and mount only the other entries [default: yes]\n"
192 " -a ... mount everything listed in the fstab-file\n\n"
193 " <src> ... the source-filesystem; this path is absolute\n"
194 " to the current root-filesystem. Only valid\n"
195 " without the '-a' option.\n"
196 " <dst> ... the destination mount-point; when used with\n"
197 " '--chroot', this path is relative to the current\n"
198 " directory. Only valid without the '-a' option\n\n"
199 "Please report bugs to " PACKAGE_BUGREPORT "\n");
208 "secure-mount " VERSION " -- secure mounting of directories\n"
209 "This program is part of " PACKAGE_STRING "\n\n"
210 "Copyright (C) 2003 Enrico Scholz\n"
211 VERSION_COPYRIGHT_DISCLAIMER);
216 isSameObject(struct stat const *lhs,
217 struct stat const *rhs)
219 return (lhs->st_dev==rhs->st_dev &&
220 lhs->st_ino==rhs->st_ino);
226 if (fchdir(fd)==-1 || chroot(".")==-1) return -1;
231 writeX(int fd, void const *buf, size_t len)
233 if ((size_t)(write(fd, buf, len))!=len) return -1;
238 writeStrX(int fd, char const *str)
240 return writeX(fd, str, strlen(str));
243 static inline char const *
244 getType(struct MountInfo const *mnt)
246 if (mnt->type==0) return "none";
247 else if (strncmp(mnt->type, "ext", 3)==0) return "ufs";
248 else return mnt->type;
252 restoreRoot(struct Options const *opt)
254 if (opt->do_chroot!=0 && fchroot(opt->cur_rootdir_fd)==-1) {
255 perror("secure-mount: fchdir(\"/\")");
256 WRITE_MSG(2, "Failed to restore root-directory; aborting\n");
262 updateMtab(struct MountInfo const *mnt, struct Options const *opt)
266 assert(opt->mtab!=0);
268 if (opt->do_chroot && fchroot(opt->cur_dir_fd)==-1) {
269 perror("secure-mount: fchroot(\".\")");
273 fd=open(opt->mtab, O_CREAT|O_APPEND|O_WRONLY, 0644);
276 perror("secure-mount: open(<mtab>)");
280 if (flock(fd, LOCK_EX)==-1) {
281 perror("secure-mount: flock()");
285 if (writeStrX(fd, mnt->src)==-1 ||
286 writeStrX(fd, " ")==-1 ||
287 writeStrX(fd, mnt->dst)==-1 ||
288 writeStrX(fd, " ")==-1 ||
289 writeStrX(fd, getType(mnt))==-1 ||
290 writeStrX(fd, " ")==-1 ||
291 writeStrX(fd, mnt->data ? mnt->data : "defaults")==-1 ||
292 writeStrX(fd, " 0 0\n")==-1) {
293 perror("secure-mount: write()");
306 callExternalMount(struct MountInfo const *mnt)
308 char const * argv[10];
312 char const * mount_prog = getenv("MOUNT");
314 if (mount_prog==0) mount_prog = MOUNT_PROG;
316 argv[idx++] = mount_prog;
318 if (mnt->flag & MS_BIND) argv[idx++] = "--bind";
319 else if (mnt->flag & MS_MOVE) argv[idx++] = "--move";
322 if (mnt->data && *mnt->data &&
323 strcmp(mnt->data, "defaults")!=0) {
324 if (mnt->mask & MS_NODEV)
325 argv[idx++] = mnt->data;
327 char * tmp = alloca(strlen(mnt->data) + sizeof("nodev,"));
328 strcpy(tmp, "nodev,");
329 strcat(tmp, mnt->data);
334 argv[idx++] = "nodev";
338 argv[idx++] = mnt->type;
341 argv[idx++] = mnt->src;
347 perror("secure-mount: fork()");
352 execv(mount_prog, const_cast(char **)(argv));
353 PERROR_Q("secure-mount: execv", mount_prog);
357 if (wait4(pid, &status, 0, 0)==-1) {
358 perror("secure-mount: wait4()");
362 return (WIFEXITED(status)) && (WEXITSTATUS(status)==0);
366 secureChdir(char const *dir, struct Options const *opt)
371 if (opt->do_chroot!=0 && fchroot(opt->cur_dir_fd)==-1) {
372 perror("secure-mount: fchroot(\".\")");
376 if (chdir(dir)==-1) {
377 PERROR_Q("secure-mount: chdir", dir);
381 dir_fd = open(".", O_RDONLY|O_DIRECTORY);
383 perror("secure-mount: open(\".\")");
388 if (fchdir(dir_fd)==-1)
389 PERROR_Q("secure-mount: fchdir", dir);
402 mountSingle(struct MountInfo const *mnt, struct Options const *opt)
406 if (!secureChdir(mnt->dst, opt))
409 if (mnt->flag & (MS_BIND|MS_MOVE)) {
410 unsigned long flag = mnt->flag;
411 if ((flag & MS_NODEV)==0) flag |= MS_NODEV;
413 if (mount(mnt->src, ".",
414 mnt->type ? mnt->type : "",
415 flag, mnt->data)==-1) {
416 perror("secure-mount: mount()");
420 else if (!callExternalMount(mnt))
423 if (!opt->ignore_mtab &&
424 updateMtab(mnt, opt)==-1) {
425 WRITE_MSG(2, "Failed to update mtab-file\n");
432 static struct FstabOption const *
433 searchOption(char const *opt, size_t len)
435 struct FstabOption const * i;
436 for (i=FSTAB_OPTIONS+0; i<FSTAB_OPTIONS+DIM_OF(FSTAB_OPTIONS); ++i)
437 if (strncmp(i->opt, opt, len)==0) return i;
443 transformOptionList(struct MountInfo *info, size_t UNUSED *col)
445 char const * ptr = info->data;
448 char const * pos = strchr(ptr, ',');
449 struct FstabOption const * opt;
451 if (pos==0) pos = ptr+strlen(ptr);
452 opt = searchOption(ptr, pos-ptr);
455 info->flag &= ~opt->mask;
456 info->flag |= opt->flag;
457 info->mask |= opt->mask;
458 info->xflag |= opt->xflag;
466 } while (*ptr!='\0');
471 #define MOVE_TO_NEXT_FIELD(PTR,ALLOW_EOL) \
472 while (!isspace(*PTR) && *PTR!='\0') ++PTR; \
473 if (col) *col = buf-start_buf+1; \
474 if (!(ALLOW_EOL) && *PTR=='\0') return prFAIL; \
476 while (isspace(*PTR)) ++PTR
478 static enum {prDOIT, prFAIL, prIGNORE}
479 parseFstabLine(struct MountInfo *info, char *buf, size_t *col)
481 char const * const start_buf = buf;
484 while (isspace(*buf)) ++buf;
485 if (*buf=='#' || *buf=='\0') return prIGNORE;
488 MOVE_TO_NEXT_FIELD(buf, false);
490 MOVE_TO_NEXT_FIELD(buf, false);
492 MOVE_TO_NEXT_FIELD(buf, false);
493 err_col = buf-start_buf+1;
495 MOVE_TO_NEXT_FIELD(buf, true);
497 info->flag = MS_NODEV;
501 if (strcmp(info->type, "swap") ==0) return prIGNORE;
502 else if (strcmp(info->type, "none") ==0) info->type = 0;
503 else if (strcmp(info->type, "devpts")==0) info->mask |= MS_NODEV;
505 if (col) *col = err_col;
506 if (!transformOptionList(info,col)) return prFAIL;
507 if (info->xflag & XFLAG_NOAUTO) return prIGNORE;
512 #undef MOVE_TO_NEXT_FIELD
515 showFstabPosition(int fd, char const *fname, size_t line_nr, size_t col_nr)
517 char buf[3*sizeof(line_nr)*2 + 4];
518 size_t len = utilvserver_fmt_uint(buf+1, line_nr)+1;
522 len += utilvserver_fmt_uint(buf+len, col_nr);
523 WRITE_STR(fd, fname);
524 Vwrite(fd, buf, len);
529 mountFstab(struct Options const *opt)
535 assert(opt->fstab!=0);
536 fd = open(opt->fstab, O_RDONLY);
538 perror("secure-mount: open(<fstab>)");
542 len = lseek(fd, 0, SEEK_END);
544 lseek(fd, 0, SEEK_SET)==-1) {
545 perror("secure-mount: lseek(<fstab>)");
552 size_t line_nr=0, col_nr;
554 if (read(fd, buf, len+1)!=len) {
555 perror("secure-mount: read()");
558 buf[len] = '#'; // workaround for broken dietlibc strtok_r()
563 while ((ptr=strsep(&ptrptr, "\n")) != 0) {
564 struct MountInfo mnt;
567 switch (parseFstabLine(&mnt, ptr, &col_nr)) {
569 showFstabPosition(2, opt->fstab, line_nr, col_nr);
570 WRITE_MSG(2, ": syntax error\n");
573 case prIGNORE : break;
575 bool is_rootfs = (strcmp(mnt.dst, "/")==0);
577 if (( is_rootfs && opt->rootfs==rfsNO) ||
578 (!is_rootfs && opt->rootfs==rfsONLY)) { /* ignore the entry */ }
579 else if (!mountSingle(&mnt, opt)) {
580 showFstabPosition(2, opt->fstab, line_nr, 1);
581 WRITE_MSG(2, ": failed to mount fstab-entry\n");
598 initFDs(struct Options *opt)
600 opt->cur_dir_fd = Eopen(".", O_RDONLY|O_DIRECTORY, 0);
601 opt->cur_rootdir_fd = Eopen("/", O_RDONLY|O_DIRECTORY, 0);
603 Efcntl(opt->cur_dir_fd, F_SETFD, FD_CLOEXEC);
604 Efcntl(opt->cur_rootdir_fd, F_SETFD, FD_CLOEXEC);
608 parseRootFS(char const *str)
610 if (strcasecmp(str, "yes")==0) return rfsYES;
611 else if (strcasecmp(str, "no")==0) return rfsNO;
612 else if (strcasecmp(str, "only")==0) return rfsONLY;
614 WRITE_MSG(2, "secure-mount: invalid option for '--rootfs': '");
617 exit(wrapper_exit_code);
621 int main(int argc, char *argv[])
623 struct MountInfo mnt = {
632 struct Options opt = {
634 .fstab = "/etc/fstab",
636 .ignore_mtab = false,
639 .cur_rootdir_fd = -1,
644 int c = getopt_long(argc, argv, "ht:nao:", CMDLINE_OPTIONS, 0);
648 case 'h' : showHelp(1, argv[0], 0);
649 case 'v' : showVersion();
650 case 't' : mnt.type = optarg; break;
651 case 'n' : opt.ignore_mtab = true; break;
652 case 'a' : opt.mount_all = true; break;
653 case 'o' : mnt.data = optarg; break;
654 case OPTION_RBIND : mnt.flag |= MS_REC; /*@fallthrough@*/
655 case OPTION_BIND : mnt.flag |= MS_BIND; break;
656 case OPTION_MOVE : mnt.flag |= MS_MOVE; break;
657 case OPTION_MTAB : opt.mtab = optarg; break;
658 case OPTION_FSTAB : opt.fstab = optarg; break;
659 case OPTION_CHROOT: opt.do_chroot = true; break;
660 case OPTION_ROOTFS: opt.rootfs = parseRootFS(optarg); break;
662 WRITE_MSG(2, "secure-mount: The '--secure' option is deprecated...\n");
665 WRITE_MSG(2, "Try '");
666 WRITE_STR(2, argv[0]);
667 WRITE_MSG(2, " --help\" for more information.\n");
674 if (opt.mount_all && optind<argc) {
675 WRITE_MSG(2, "Can not specify <src> and '-a' at the same time\n");
680 signal(SIGCHLD, SIG_DFL);
683 if (!mountFstab(&opt)) return EXIT_FAILURE;
684 else return EXIT_SUCCESS;
687 if (optind+2!=argc) {
688 WRITE_MSG(2, "Invalid <src> <dst> pair specified\n");
693 mnt.data = strdup(mnt.data);
694 if (!transformOptionList(&mnt, 0)) {
695 WRITE_MSG(2, "Invalid options specified\n");
700 mnt.src = argv[optind++];
701 mnt.dst = argv[optind++];
703 if (!mountSingle(&mnt, &opt)) return EXIT_FAILURE;
git://git.onelab.eu / util-vserver.git / blob