Commit Graph

797 Commits

Author SHA1 Message Date
Karel Zak adcd2c322c misc: use everywhere mkstemp_cloexec() as fallback to mkostemp()
The function mkostemp() does not have to be available everywhere,
and for this reason, we have mkstemp_cloexec() as a fallback solution.
Unfortunately, some codes (usually fuzzy tests) do not use the
fallback. Let's fix it.

Signed-off-by: Karel Zak <>
2022-02-07 11:10:03 +01:00
Karel Zak d6041872a6 libmount: add glusterfs between network filesystems
Signed-off-by: Karel Zak <>
2022-02-02 11:01:59 +01:00
Samuel Thibault 0b7aacda9d misc: non-Linux portability fixes
Signed-off-by: Karel Zak <>
2022-02-01 15:12:47 +01:00
Jakub Wilk 36a3923c8a mount: Allow bind-mounting with "nosymfollow"
Signed-off-by: Jakub Wilk <>
2022-01-26 21:30:04 +01:00
Jan Kara 3e1fc3bbee mount: Fix race in loop device reuse code
Small timing changes in the kernel loop device handling broke the
following loop:

while :; do mount -o loop,ro isofs.iso isofs/; umount isofs/; done

which quickly reports:
mount: /mnt: can't read superblock on /dev/loop0.
umount: /mnt: not mounted.

And this loop is broken because of a subtle interaction with
systemd-udevd that also opens the loop device. The race seems to be in
mount(8) handling itself and the altered kernel timing makes it happen.
It look like:

bash                                systemd-udevd
  mount -o loop,ro isofs.iso isofs/
    /dev/loop0 is created and bound to isofs.iso, autoclear is set for
                                    opens /dev/loop0
  umount isofs/
  loop0 still lives because systemd-udev still has device open
  mount -o loop,ro isofs.iso isofs/
    gets to mnt_context_setup_loopdev()
      sees loop0 is still valid and with proper parameters
      reuse = true;
                                    close /dev/loop0
                                      last fd closed => loop0 is
                                        cleaned up
        opens loop0 but it is no longer the device we wanted!
    calls mount(2) which fails because we cannot read from the loop device

Fix the problem by rechecking that loop device is still attached after
opening the device. This makes sure the kernel will not autoclear the
device anymore.

Signed-off-by: Jan Kara <>
2022-01-25 17:10:46 +01:00
Karel Zak 57202f5713 libmount: fix UID check for FUSE umount [CVE-2021-3995]
Improper UID check allows an unprivileged user to unmount FUSE
filesystems of users with similar UID.

Signed-off-by: Karel Zak <>
2022-01-24 12:05:16 +01:00
Karel Zak 166e87368a libmount: remove support for deleted mount table entries
The "(deleted)" suffix has been originally used by kernel for deleted
mountpoints. Since kernel commit 9d4d65748a5ca26ea8650e50ba521295549bf4e3
(Dec 2014) kernel does not use this suffix for mount stuff in /proc at
all. Let's remove this support from libmount too.

Signed-off-by: Karel Zak <>
2022-01-04 10:37:55 +01:00
Thomas Weißschuh 3f7734ae6a meson: only install pkgconfig if library is built 2021-12-30 22:57:24 +01:00
Thomas Weißschuh 7a7982f94e meson: headers: Install headers
Fixes #1365

Signed-off-by: Thomas Weißschuh <>
2021-12-30 22:53:08 +01:00
Thomas Weißschuh f02de6de85 meson: headers: use util-linux version of version defines
This matches what autotools is doing.

Signed-off-by: Thomas Weißschuh <>
2021-12-30 18:16:13 +01:00
Karel Zak 9a1b1f82b7 libmount: disable mtab only on statfs() success only
Signed-off-by: Karel Zak <>
2021-12-01 12:44:19 +01:00
Karel Zak 1b44d09232 Merge branch 'topic/lsfd' 2021-11-26 12:12:54 +01:00
Karel Zak 9c590e5380 libmount: add mnt_fs_is_deleted()
Signed-off-by: Karel Zak <>
2021-11-24 12:20:15 +01:00
Karel Zak b8f2fce2a2 libmount: (--all) continue although /proc is not mounted
Now 'mount --all' ends with error if /proc is not mounted and there is
some other entry before /proc in fstab. This commit improves this
situation and ignores all mount table related errors if the table is

This is important for situation when there is for example "/" as the
first line in fstab.

Signed-off-by: Karel Zak <>
2021-11-18 13:07:59 +01:00
Evgeny Vereshchagin 58c3bc12a5 mount_fuzz: reject giant files early
It should help to address

Signed-off-by: Evgeny Vereshchagin <>
2021-10-30 18:25:02 +00:00
Karel Zak db9ad223d6 lib/path: use flags for fstatat()
Signed-off-by: Karel Zak <>
2021-10-06 11:01:54 +02:00
Karel Zak 0c19e4ca61 test_mount_optstr: use xstrdup()
Signed-off-by: Karel Zak <>
2021-09-23 13:11:16 +02:00
Rafael Fontenelle 0e85613e3a Fix misspellings 2021-09-04 11:11:04 -03:00
Karel Zak 0fab76bd23 libmount: make mnt_table_get_fs_root() more robust [gcc-analyzer]
Signed-off-by: Karel Zak <>
2021-08-18 11:02:45 +02:00
Karel Zak 6ba7fbb442 libmount: support quotes in X-mount options
Signed-off-by: Karel Zak <>
2021-08-12 13:44:19 +02:00
Karel Zak 52f05cd4c3 libmount: show options string on parse error
Signed-off-by: Karel Zak <>
2021-08-12 13:41:56 +02:00
Karel Zak d85f45d5dd libmount: allow X-* options more than once
Signed-off-by: Karel Zak <>
2021-08-12 13:39:39 +02:00
Karel Zak 315e8f634a libmount: change propagation of /run for X-mount.subdir
We do not need to create a new mount node from /run/mount/tmptgt
(where we mount filesystem root), because /run is already mount
node in all mainstream distros, and we can use MS_PRIVATE for
this top-level directory. There is still fallback if /run is
on root filesystem.

This solution reduces number of mount operations, with the patch the
subdir implementation is:

 * open current namespace from /proc/self/ns/mnt
 * mkdir /run/mount/tmptg (if it does not exist)
 * make /run private by mount(MS_PRIVATE)
 * mount filesystem to /run/mount/tmptg
 * bind mount /run/mount/tmptg/<subdir> to <target>
 * umount /run/mount/tmptg
 * setns() to the original namespace

Signed-off-by: Karel Zak <>
2021-08-12 12:12:39 +02:00
Karel Zak 7ae195affb libmount: use /run/mount/tmptgt rather than /tmp/mount/mount.<pid>
The unshared namespace is per-process, so we can use the same
directory in all mount(8) instances. It's unnecessary to create
and remove process specific directory.

Signed-off-by: Karel Zak <>
2021-08-12 11:34:03 +02:00
Karel Zak f8ccd65956 libmount: remove support for obsolete /dev/.mount/utab
The default is /run/mount/utab for years.

Signed-off-by: Karel Zak <>
2021-08-12 10:44:03 +02:00
Karel Zak e311e731be libmount: add X-mount.subdir=
Like btrfs subvol=, but more generic and for all filesystems. This
feature is marked as EXPERIMENTAL (may be removed).

 # mount /dev/sdc /mnt/test -o X-mount.subdir=AAA

 # findmnt /dev/sdc
 /mnt/test /dev/sdc[/AAA] ext4   rw,relatime,stripe=512

Implemented as:

 * open current namespace from /proc/self/ns/mnt
 * mkdir /tmp/mount/mount.<pid>
 * unshare mount namespace
 * create mount node from /tmp/mount/mount.<pid> by mount(MS_BIND)
 * mark /tmp/mount/mount.<pid> private by mount(MS_PRIVATE|MS_REC)
 * bind mount /tmp/mount/mount.<pid>/subdir to <target>
 * umount /tmp/mount/mount.<pid>
 * rmdir /tmp/mount/mount.<pid>
 * setns() to the original namespace

Note that /tmp/mount/mount.<pid> conversion to mount node and call for
MS_PRIVATE are visible (propagated to the system) if /tmp is a shared
filesystem, the rest (all operations with the desired filesystem) is
atomic for a parental namespace.

Maybe one day it will be possible to reimplement it in more
elegant way with new mount kernel APIs (open_tree(), etc.).

Signed-off-by: Karel Zak <>
2021-08-11 16:14:38 +02:00
Karel Zak 9ea47344ca lib/buffer: add support for "safe" encoding
Signed-off-by: Karel Zak <>
2021-08-06 12:02:39 +02:00
Karel Zak f60dc88848 lib/buffer: retun size of the buffer and data
Signed-off-by: Karel Zak <>
2021-08-05 16:06:12 +02:00
Karel Zak 2e03758dc5 lib/strutils: add strappend()
Signed-off-by: Karel Zak <>
2021-08-05 15:42:15 +02:00
Karel Zak 8420463b6d lib/strutils: rename strappend() to strconcat()
It concatenates two strings to a new string. It's something else than

Signed-off-by: Karel Zak <>
2021-08-05 11:30:37 +02:00
Karel Zak afaece0eb2 libmount: assert() is enough [lgtm scan]
Signed-off-by: Karel Zak <>
2021-08-02 10:58:56 +02:00
Karel Zak d6abaa0271 Merge branch 'meson_verity' of
* 'meson_verity' of
  meson: fix dlopen support for cryptsetup
  meson: fix crypt_activate_by_signed_key detection
2021-07-14 12:19:49 +02:00
Luca Boccassi 5c49a482a9 verity: fix verity.roothashsig only working as last parameter
Parsing of verity.roothashsig did not take into consideration that other options
might follow, and used the whole string as a file path. But mnt_optstr_get_option
just returns a pointer in the mount option string, it doesn't extract it, so it
would have other subsequent options too. The length parameter has to be used.

Signed-off-by: Luca Boccassi <>
2021-07-11 18:14:40 +01:00
Luca Boccassi ce02babfa6 verity: add support for corruption action flag
Add verity.oncorruption= to let users override the default kernel
behaviour, using libcrypsetup's relevant flags.

Signed-off-by: Luca Boccassi <>
2021-07-11 18:12:06 +01:00
Luca Boccassi e6a4b4a163 meson: fix dlopen support for cryptsetup
dlopen is treated as a dependency, but that's not quite right, it
should be an alternative way to link to libcryptsetup.
Search for it only if cryptsetup is not disabled, and if the cryptsetup-dlopen
is explicitly set to enabled. If it is, do not link to libcryptsetup.

Add cryptsetup support status to the meson summary.
2021-07-02 19:45:28 +01:00
Karel Zak 5aa726461a libmount: check errno after strto..()
Signed-off-by: Karel Zak <>
2021-06-21 15:03:01 +02:00
Karel Zak 17fc8693cd include/c: add drop_permissions(), consolidate UID/GID reset
Signed-off-by: Karel Zak <>
2021-06-21 12:25:31 +02:00
Karel Zak b77e3e34bf libmount: add __format__ attribute
Reported-by: Jan Pazdziora <>
Signed-off-by: Karel Zak <>
2021-06-18 16:34:20 +02:00
Karel Zak ac8697d606 libmount: add mnt_fs_is_regularfs() to public API
Signed-off-by: Karel Zak <>
2021-06-02 12:14:10 +02:00
Karel Zak d58121a22a docs: update copyright years
Signed-off-by: Karel Zak <>
2021-05-31 18:12:07 +02:00
Karel Zak 1c0d193441 build-sys: remove with-cryptsetup from tools/config-gen.d/all.conf
Unfortunately libtools is not smart enough to link libblkid
dynamically if we link in-tree static libmount.a for libmount tests.
In this case libtools always uses also libblkid.a, but it's problem
for libcryptsetup which requires versioned symbols from

This is no problem for normal binaries, but for libmount tests only
(where we need static library to by-pass public library API).

Signed-off-by: Karel Zak <>
2021-05-31 17:44:10 +02:00
Karel Zak 903f812d0b libmount: fix memory leak [coverity scan]
Signed-off-by: Karel Zak <>
2021-03-25 11:03:03 +01:00
Karel Zak 23b9caa1fc libmount: add assert() to umount lookup code
Signed-off-by: Karel Zak <>
2021-03-25 10:51:54 +01:00
Karel Zak 1c81dfff1a libmount: mnt_table_over_fs() make child optional
Signed-off-by: Karel Zak <>
2021-03-22 15:00:47 +01:00
Karel Zak a605568281 libmount: add mnt_table_over_fs()
The function returns the first over-mount for specified filesystem.

Signed-off-by: Karel Zak <>
2021-03-22 11:24:49 +01:00
Zbigniew Jędrzejewski-Szmek 69939195bd meson: implement building of static programs
The whole thing is complicated by the fact that we have two layers
of libraries: e.g. libmount also needs libblkid. If we just tell meson
to make libmount static, this is not enough, because we also need it
to link to a static libblkid. Hence in the case of libs that link to
other libs internally, we need to create a different object with a
a different set of link_with items.

To avoid building the libraries twice, libfdisk and libmount are first
built into an internal "convenience" library, which is then linked into
the static and shared versions as appropriate.
2021-03-17 15:07:27 +01:00
Zbigniew Jędrzejewski-Szmek d4c880d5a4 meson: add second build system
To build: meson build && ninja -C build
To run tests: ninja -C build check
To install for packaging: DESTDIR=/var/tmp/inst ninja -C build install
To install for realz: sudo ninja -C build install

- Optional items are now based on the 'feature' feature in meson.
  Built libraries which are disabled turn into disabler() objects
  and also poison any executables which link to them.

What is there:
- building of the binaries and libs and the python module
- installation of binaries, libs, python module, localization files,
  man pages, pkgconfig files
- running of tests
- most options to configure build equivalently to the
  ./configure settings

Partially implemented:
- disabling of stuff when things missing. In the C code, the defines
  are all used, so that should be fine. In the build system, some
  files should be skipped, but that is probably not always done properly.
  Getting this right might require some testing of various build option
  combinations to get the details right.

Not implemented:
- static builds of fdisk and other binaries
- things marked with XXX or FIXME
- ???

- .la files are not created. They are useless and everybody hates them.
- Requires.private in pkgconfig files are not present in the
  autogenerated .pc file. Not sure if they should be there or not. If
  necessary, they can be added by hand.
- man pages and systemd units are installed by the install target. Not
  sure why 'make install' doesn't do that.
- the split between / and /usr is probably wrong. But it's all pointless
  anyway, so maybe we could simplify things but not implementing it at
  all under meson?
2021-03-17 15:07:27 +01:00
Karel Zak f823700f61 pylibmount: PyEval_Call* is deprecate, use PyObject_Call*
Signed-off-by: Karel Zak <>
2021-03-15 16:37:47 +01:00
Karel Zak 296b58a79e libmount: (python) fix compiler warning
Signed-off-by: Karel Zak <>
2021-02-17 12:25:49 +01:00
Karel Zak b6787fca02 libmount: fix /{etc,proc}/filesystems use
* always update context->helper
* consolidate helper and syscall status use

Signed-off-by: Karel Zak <>
2021-02-09 10:36:04 +01:00