From patchwork Sun Apr 11 23:53:50 2010
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Jeff Layton <jlayton@samba.org>
X-Patchwork-Id: 49936
Return-Path: <linux-cifs-client-bounces@lists.samba.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Received: from lists.samba.org (fn.samba.org [216.83.154.106])
	by ozlabs.org (Postfix) with ESMTP id 37974B7D16
	for <incoming@patchwork.ozlabs.org>;
	Mon, 12 Apr 2010 09:53:33 +1000 (EST)
Received: from fn.samba.org (localhost [127.0.0.1])
	by lists.samba.org (Postfix) with ESMTP id 352CBAD11A;
	Sun, 11 Apr 2010 17:53:34 -0600 (MDT)
X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on fn.samba.org
X-Spam-Level: 
X-Spam-Status: No, score=-1.4 required=3.8 tests=AWL, BAYES_00, NO_MORE_FUNN,
	SPF_NEUTRAL autolearn=no version=3.2.5
X-Original-To: linux-cifs-client@lists.samba.org
Delivered-To: linux-cifs-client@lists.samba.org
Received: from cdptpa-omtalb.mail.rr.com (cdptpa-omtalb.mail.rr.com
	[75.180.132.120])
	by lists.samba.org (Postfix) with ESMTP id A6E78AD0A7
	for <linux-cifs-client@lists.samba.org>;
	Sun, 11 Apr 2010 17:53:29 -0600 (MDT)
X-Authority-Analysis: v=1.1 cv=nT04y92fg8rckuCBF7gKRMhlYwdqGk6tKF+UOdl7fjk=
	c=1 sm=0 a=j4rGerg272MA:10
	a=ld/erqUjW76FpBUqCqkKeA==:17
	a=hGzw-44bAAAA:8 a=pGLkceISAAAA:8 a=TjnlCAZKwiyAabJQDVUA:9
	a=XrrktDKAoSSDMwT0dmBrOI5NdEQA:4 a=CjuIK1q_8ugA:10
	a=dowx1zmaLagA:10 a=MSl-tDqOz04A:10 a=1tMMFPnAAERlYgXXXpEA:9
	a=Oy-Qyjqwhs404zxtTPzWLFDxERsA:4 a=ld/erqUjW76FpBUqCqkKeA==:117
X-Cloudmark-Score: 0
X-Originating-IP: 71.70.153.3
Received: from [71.70.153.3] ([71.70.153.3:52389] helo=mail.poochiereds.net)
	by cdptpa-oedge03.mail.rr.com (envelope-from <jlayton@samba.org>)
	(ecelerity 2.2.2.39 r()) with ESMTP
	id 76/8C-28028-7F062CB4; Sun, 11 Apr 2010 23:53:27 +0000
Received: from corrin.poochiereds.net (corrin.poochiereds.net [192.168.1.69])
	by mail.poochiereds.net (Postfix) with ESMTPS id E7D8C58074;
	Sun, 11 Apr 2010 19:53:26 -0400 (EDT)
Date: Sun, 11 Apr 2010 19:53:50 -0400
From: Jeff Layton <jlayton@samba.org>
To: Jeff Layton <jlayton@samba.org>
Message-ID: <20100411195350.70c8ade2@corrin.poochiereds.net>
In-Reply-To: <20100411194258.17f8d7b1@corrin.poochiereds.net>
References: <y2q3c0132f01004110857u27a96765kf512acd96b48c1a0@mail.gmail.com>
	<20100411194258.17f8d7b1@corrin.poochiereds.net>
X-Mailer: Claws Mail 3.7.5 (GTK+ 2.20.0; x86_64-redhat-linux-gnu)
Mime-Version: 1.0
Cc: linux-cifs-client@lists.samba.org
Subject: Re: [linux-cifs-client] Error chdir with mount.cifs 4.3 and autofs.
X-BeenThere: linux-cifs-client@lists.samba.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: The Linux CIFS VFS client <linux-cifs-client.lists.samba.org>
List-Unsubscribe: <https://lists.samba.org/mailman/options/linux-cifs-client>,
	<mailto:linux-cifs-client-request@lists.samba.org?subject=unsubscribe>
List-Archive: <http://lists.samba.org/pipermail/linux-cifs-client>
List-Post: <mailto:linux-cifs-client@lists.samba.org>
List-Help: <mailto:linux-cifs-client-request@lists.samba.org?subject=help>
List-Subscribe: <https://lists.samba.org/mailman/listinfo/linux-cifs-client>,
	<mailto:linux-cifs-client-request@lists.samba.org?subject=subscribe>
Sender: linux-cifs-client-bounces@lists.samba.org
Errors-To: linux-cifs-client-bounces@lists.samba.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Sun, 11 Apr 2010 19:42:58 -0400
Jeff Layton <jlayton@samba.org> wrote:

> On Sun, 11 Apr 2010 17:57:34 +0200
> Stef Bon <stefbon@gmail.com> wrote:
> 
> > Hello,
> > 
> > I;m working with a combination of cifs and autofs (and a fuse module).
> > 
> > Now I'v tried the new version 4.3, and I get mount error's when
> > mount.cifs is used incombination with autofs.
> > When doing a mount manual, there is no problem.
> > 
> > The error is:
> > 
> > Couldn't chdir to
> > /mnt/mount.md5key/sbon/mount/8fa6f400cdf2f053817f3965188f4acc:
> > Permission denied
> > 
> 
> We'll probably have to do some troubleshooting to figure out what's
> wrong. Can you open a bug at bugzilla.samba.org and cc me on it?
> 
> Thanks,

Actually, scratch that. Does this patch fix it?

- -- 
Jeff Layton <jlayton@samba.org>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)

iEYEARECAAYFAkvCYRMACgkQyP0gxQMdzIC3DgCeN5P7GnTUcYuVaeeRqA+7ghxF
ZyIAmwR2WfIZLQfsdX/Y+gJzOGvCChSe
=+DAf
-----END PGP SIGNATURE-----

From ff574b050ad9622330247ac5d4a056e931362b82 Mon Sep 17 00:00:00 2001
From: Jeff Layton <jlayton@samba.org>
Date: Sun, 11 Apr 2010 19:51:43 -0400
Subject: [PATCH] cifs: enable CAP_DAC_READ_SEARCH before chdir() and realpath() calls

It's possible that root won't have privileges to chdir or evaluate the
paths without that capability.

Signed-off-by: Jeff Layton <jlayton@samba.org>
---
 mount.cifs.c |    6 ++++++
 1 files changed, 6 insertions(+), 0 deletions(-)

diff --git a/mount.cifs.c b/mount.cifs.c
index 1aa3329..acab8c8 100644
--- a/mount.cifs.c
+++ b/mount.cifs.c
@@ -1596,6 +1596,9 @@ int main(int argc, char **argv)
 	mountpoint = argv[optind + 1];
 
 	/* chdir into mountpoint as soon as possible */
+	rc = toggle_dac_capability(0, 1);
+	if (rc)
+		return rc;
 	rc = chdir(mountpoint);
 	if (rc) {
 		fprintf(stderr, "Couldn't chdir to %s: %s\n", mountpoint,
@@ -1611,6 +1614,9 @@ int main(int argc, char **argv)
 		rc = EX_SYSERR;
 		goto mount_exit;
 	}
+	rc = toggle_dac_capability(0, 0);
+	if (rc)
+		return rc;
 
 	/*
 	 * mount.cifs does privilege separation. Most of the code to handle
-- 
1.6.6.1