From 310ae910b548e232cc86b34896bd7010c3b1cad2 Mon Sep 17 00:00:00 2001
From: Jeff Layton <jlayton@samba.org>
Date: Mon, 12 Apr 2010 06:55:24 -0400
Subject: cifs: enable CAP_DAC_READ_SEARCH before chdir() and realpath() calls

It's possible that root won't have privileges to chdir or evaluate the
paths without that capability.

Signed-off-by: Jeff Layton <jlayton@samba.org>
---
 mount.cifs.c | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'mount.cifs.c')

diff --git a/mount.cifs.c b/mount.cifs.c
index 1aa3329..acab8c8 100644
--- a/mount.cifs.c
+++ b/mount.cifs.c
@@ -1596,6 +1596,9 @@ int main(int argc, char **argv)
 	mountpoint = argv[optind + 1];
 
 	/* chdir into mountpoint as soon as possible */
+	rc = toggle_dac_capability(0, 1);
+	if (rc)
+		return rc;
 	rc = chdir(mountpoint);
 	if (rc) {
 		fprintf(stderr, "Couldn't chdir to %s: %s\n", mountpoint,
@@ -1611,6 +1614,9 @@ int main(int argc, char **argv)
 		rc = EX_SYSERR;
 		goto mount_exit;
 	}
+	rc = toggle_dac_capability(0, 0);
+	if (rc)
+		return rc;
 
 	/*
 	 * mount.cifs does privilege separation. Most of the code to handle
-- 
cgit v1.2.3