From 310ae910b548e232cc86b34896bd7010c3b1cad2 Mon Sep 17 00:00:00 2001
From: Jeff Layton <jlayton@samba.org>
Date: Mon, 12 Apr 2010 06:55:24 -0400
Subject: cifs: enable CAP_DAC_READ_SEARCH before chdir() and realpath() calls

It's possible that root won't have privileges to chdir or evaluate the
paths without that capability.

Signed-off-by: Jeff Layton <jlayton@samba.org>
---
 configure.ac | 2 +-
 mount.cifs.c | 6 ++++++
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/configure.ac b/configure.ac
index f1bd419..c56a944 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1,7 +1,7 @@
 #                                               -*- Autoconf -*-
 # Process this file with autoconf to produce a configure script.
 
-AC_INIT([cifs-utils], [4.3], [cifs-utils@samba.org], [cifs-utils], [http://linux-cifs.samba.org/cifs-utils/])
+AC_INIT([cifs-utils], [4.3.1], [cifs-utils@samba.org], [cifs-utils], [http://linux-cifs.samba.org/cifs-utils/])
 AC_CONFIG_SRCDIR([replace.h])
 AC_CONFIG_HEADERS([config.h])
 AC_CONFIG_FILES([Makefile])
diff --git a/mount.cifs.c b/mount.cifs.c
index 1aa3329..acab8c8 100644
--- a/mount.cifs.c
+++ b/mount.cifs.c
@@ -1596,6 +1596,9 @@ int main(int argc, char **argv)
 	mountpoint = argv[optind + 1];
 
 	/* chdir into mountpoint as soon as possible */
+	rc = toggle_dac_capability(0, 1);
+	if (rc)
+		return rc;
 	rc = chdir(mountpoint);
 	if (rc) {
 		fprintf(stderr, "Couldn't chdir to %s: %s\n", mountpoint,
@@ -1611,6 +1614,9 @@ int main(int argc, char **argv)
 		rc = EX_SYSERR;
 		goto mount_exit;
 	}
+	rc = toggle_dac_capability(0, 0);
+	if (rc)
+		return rc;
 
 	/*
 	 * mount.cifs does privilege separation. Most of the code to handle
-- 
cgit v1.2.3