diff options
| author | Jeff Layton <jlayton@samba.org> | 2010-04-12 06:55:24 -0400 |
|---|---|---|
| committer | Jeff Layton <jlayton@samba.org> | 2010-04-12 06:55:24 -0400 |
| commit | 310ae910b548e232cc86b34896bd7010c3b1cad2 (patch) | |
| tree | 09d39ad1e0038140254866033d54c685433f6702 /mount.cifs.c | |
| parent | e4593787a6488573fbec99e5ee604a2e25bc1e5c (diff) | |
| download | cifs-utils-310ae910b548e232cc86b34896bd7010c3b1cad2.tar.gz cifs-utils-310ae910b548e232cc86b34896bd7010c3b1cad2.tar.bz2 cifs-utils-310ae910b548e232cc86b34896bd7010c3b1cad2.zip | |
cifs: enable CAP_DAC_READ_SEARCH before chdir() and realpath() calls
It's possible that root won't have privileges to chdir or evaluate the
paths without that capability.
Signed-off-by: Jeff Layton <jlayton@samba.org>
Diffstat (limited to 'mount.cifs.c')
| -rw-r--r-- | mount.cifs.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/mount.cifs.c b/mount.cifs.c index 1aa3329..acab8c8 100644 --- a/mount.cifs.c +++ b/mount.cifs.c @@ -1596,6 +1596,9 @@ int main(int argc, char **argv) mountpoint = argv[optind + 1]; /* chdir into mountpoint as soon as possible */ + rc = toggle_dac_capability(0, 1); + if (rc) + return rc; rc = chdir(mountpoint); if (rc) { fprintf(stderr, "Couldn't chdir to %s: %s\n", mountpoint, @@ -1611,6 +1614,9 @@ int main(int argc, char **argv) rc = EX_SYSERR; goto mount_exit; } + rc = toggle_dac_capability(0, 0); + if (rc) + return rc; /* * mount.cifs does privilege separation. Most of the code to handle |