From b6d2d91df012f965f29ba26489aca009712a230c Mon Sep 17 00:00:00 2001
From: Jeff Layton <jlayton@samba.org>
Date: Tue, 8 Feb 2011 15:33:09 -0500
Subject: mount.cifs: reacquire CAP_DAC_READ_SEARCH before calling mount(2)

It's possible that the user is trying to mount onto a directory to which
he doesn't have execute perms. If that's the case then the mount will
currently fail. Fix this by reenabling CAP_DAC_READ_SEARCH before
calling mount(2). That will ensure that the kernel's permissions check
for this is bypassed.

Reported-by: Erik Logtenberg <erik@logtenberg.eu>
Signed-off-by: Jeff Layton <jlayton@samba.org>
Reviewed-by: Steve French <sfrench@us.ibm.com>
---
 mount.cifs.c | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/mount.cifs.c b/mount.cifs.c
index 3a2b539..8e1e32b 100644
--- a/mount.cifs.c
+++ b/mount.cifs.c
@@ -1898,8 +1898,13 @@ mount_retry:
 	else
 		fstype = cifs_fstype;
 
-	if (!parsed_info->fakemnt
-	    && mount(dev_name, ".", fstype, parsed_info->flags, options)) {
+	if (!parsed_info->fakemnt) {
+		toggle_dac_capability(0, 1);
+		rc = mount(dev_name, ".", fstype, parsed_info->flags, options);
+		toggle_dac_capability(0, 0);
+		if (rc == 0)
+			goto do_mtab;
+
 		switch (errno) {
 		case ECONNREFUSED:
 		case EHOSTUNREACH:
@@ -1934,6 +1939,7 @@ mount_retry:
 		goto mount_exit;
 	}
 
+do_mtab:
 	if (!parsed_info->nomtab && !mtab_unusable())
 		rc = add_mtab(orig_dev, mountpoint, parsed_info->flags, fstype);
 
-- 
cgit v1.2.3