cdown / rpms / util-linux

Forked from rpms/util-linux 2 years ago
Clone

Blame SOURCES/0126-libmount-use-eacess-rather-than-open-to-check-mtab-u.patch

531551
From 04cad06bed055a5dd373b2f5babc8000a76597a6 Mon Sep 17 00:00:00 2001
531551
From: Karel Zak <kzak@redhat.com>
531551
Date: Mon, 9 Oct 2017 12:44:48 +0200
531551
Subject: [PATCH] libmount: use eacess() rather than open() to check mtab/utab
531551
531551
The open() syscall is probably the most strong way how to check write
531551
accessibility in all situations, but it's overkill and on some
531551
paranoid systems with enabled audit/selinux. It fills logs with
531551
"Permission denied" entries. Let's use eaccess() if available.
531551
531551
Addresses: https://bugzilla.redhat.com/show_bug.cgi?id=1499760
531551
Signed-off-by: Karel Zak <kzak@redhat.com>
531551
---
531551
 configure.ac         |  1 +
531551
 libmount/src/utils.c | 19 +++++++++++++------
531551
 2 files changed, 14 insertions(+), 6 deletions(-)
531551
531551
diff --git a/configure.ac b/configure.ac
531551
index 78258d677..96c5838cf 100644
531551
--- a/configure.ac
531551
+++ b/configure.ac
531551
@@ -315,6 +315,7 @@ AC_CHECK_FUNCS([ \
531551
 	__fpending \
531551
 	secure_getenv \
531551
 	__secure_getenv \
531551
+	eaccess \
531551
 	err \
531551
 	errx \
531551
 	fsync \
531551
diff --git a/libmount/src/utils.c b/libmount/src/utils.c
531551
index 5c374b432..a275d0a0e 100644
531551
--- a/libmount/src/utils.c
531551
+++ b/libmount/src/utils.c
531551
@@ -653,18 +653,25 @@ done:
531551
 
531551
 static int try_write(const char *filename)
531551
 {
531551
-	int fd;
531551
+	int rc = 0;
531551
 
531551
 	if (!filename)
531551
 		return -EINVAL;
531551
 
531551
-	fd = open(filename, O_RDWR|O_CREAT|O_CLOEXEC,
531551
+#ifdef HAVE_EACCESS
531551
+	if (eaccess(filename, R_OK|W_OK) != 0)
531551
+		rc = -errno;
531551
+#else
531551
+	{
531551
+		int fd = open(filename, O_RDWR|O_CREAT|O_CLOEXEC,
531551
 			    S_IWUSR|S_IRUSR|S_IRGRP|S_IROTH);
531551
-	if (fd >= 0) {
531551
-		close(fd);
531551
-		return 0;
531551
+		if (fd < 0)
531551
+			rc = -errno;
531551
+		else
531551
+			close(fd);
531551
 	}
531551
-	return -errno;
531551
+#endif
531551
+	return rc;
531551
 }
531551
 
531551
 /**
531551
-- 
531551
2.13.6
531551