Thanks to visit codestin.com
Credit goes to github.com

Skip to content

libmount: non-root mkdir support #3640

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 15 commits into
base: master
Choose a base branch
from
Draft

libmount: non-root mkdir support #3640

wants to merge 15 commits into from

Conversation

karelzak
Copy link
Collaborator

@karelzak karelzak commented Jul 1, 2025

No description provided.

karelzak added 8 commits July 1, 2025 16:42
@karelzak
lib/canonicalize: rename to ul_absolute_path()
4e51eb3 
Signed-off-by: Karel Zak <[email protected]>
@karelzak
lib/canonicalize: Refactor canonicalize_path()
9eadd01 
 * introduce do_canonicalize() with proper return values

 * use do_canonicalize() everywhere

Signed-off-by: Karel Zak <[email protected]>
@karelzak
lib/canonicalize: add canonicalize_path_restricted() to test
8274215 
Signed-off-by: Karel Zak <[email protected]>
@karelzak
lib/canonicalize: introduce generic drop-permission caller
d42411b 
* add ul_restricted_path_oper() to fileutils.c

* use it as backed for canonicalize_path_restricted()

Signed-off-by: Karel Zak <[email protected]>
@karelzak
lib/strutils: add ul_normalize_path()
c50a5a0 
Signed-off-by: Karel Zak <[email protected]>
@karelzak
lib/fileutils: add is_mkdir_permitted()
fd3b8a4 
Based on ul_restricted_path_oper().

Signed-off-by: Karel Zak <[email protected]>
@karelzak
lib/fileutils: support callback data for ul_restricted_path_oper()
f3001ae 
Signed-off-by: Karel Zak <[email protected]>
@karelzak
lib/fileutils: add ul_mkdir_p_restricted()
dcc2276 
Signed-off-by: Karel Zak <[email protected]>
@karelzak karelzak marked this pull request as draft July 1, 2025 15:05
@karelzak karelzak force-pushed the PR/libmount-mkdir-precheck branch from fb3655d to 02f6eb5 Compare July 1, 2025 15:15
github-advanced-security[bot]
github-advanced-security bot found potential problems Jul 1, 2025
View reviewed changes
karelzak added 4 commits July 2, 2025 15:34
@karelzak
tests: (mount) add simple X-mount.mkdir test
579db90 
Signed-off-by: Karel Zak <[email protected]>
@karelzak
tests: fix ts_option_argument()
873a48b 
Signed-off-by: Karel Zak <[email protected]>
@karelzak
tools/config-gen: add mount.static to "devel" scenario
783ee38 
Signed-off-by: Karel Zak <[email protected]>
@karelzak
tests: (mount) add user-mount test
cbadea8 
* test classic user-mount (mount.static required)
* test user-mount with X-mount.mkdir

Signed-off-by: Karel Zak <[email protected]>
@karelzak karelzak marked this pull request as ready for review July 16, 2025 09:34
@karelzak karelzak mentioned this pull request Jul 16, 2025
Closed
@karelzak karelzak requested a review from t-8ch July 29, 2025 12:32
t-8ch
t-8ch reviewed Jul 29, 2025
View reviewed changes
lib/canonicalize.c Outdated
len = canonical ? (ssize_t) strlen(canonical) :
errno ? -errno : -EINVAL;
len = canonical ?(ssize_t) strlen(canonical) :
errno ? -errno : -EINVAL;
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Spurious whitespace changes? If intentional should be in a dedicated commit.

lib/canonicalize.c
if (!path || !*path)
return NULL;
if (result)
*result = NULL;
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

result seems to be always non-NULL.

lib/canonicalize.c

errno = 0;
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Seems unnecessary.

lib/canonicalize.c
* unreachable path is not an error (!), and in this case, it just duplicates
* @path.
*/
char *canonicalize_path(const char *path)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Shouldn't these also all get the ul_ prefix?

lib/canonicalize.c
fprintf(stdout, "real: %s\n", canonicalize_path(argv[1]));

fprintf(stdout, "real: %s\n", canonicalize_path(argv[1]));
fprintf(stdout, "real-restricted: %s\n", canonicalize_path_restricted(argv[1]));
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can this be used to have a real unittest which validates the results?

tests/ts/mount/user
ts_init_subtest "basic"
TS_FSTAB="/etc/fstab"
ts_fstab_add $MOUNT_SOURCE $MOUNT_TARGET "none" "bind,user,default,noauto"
runuser -u testuser_mount -- $TS_CMD_MOUNT_STATIC $MOUNT_TARGET >> $TS_OUTPUT 2>> $TS_ERRLOG
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe use the runuser from the current build.

tests/ts/mount/user

# Add test user
#
useradd -u 9899 --shell /bin/bash testuser_mount
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not a fan of this. Can we use nobody?
Or just a random user id from a transient uid range.

tests/ts/mount/user
# classic user-mount
#
ts_init_subtest "basic"
TS_FSTAB="/etc/fstab"
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is the regular test fstab not enough?

tests/ts/mount/user
runuser -u testuser_mount -- $TS_CMD_MOUNT_STATIC $MOUNT_TARGET >> $TS_OUTPUT 2>> $TS_ERRLOG
opts=$(findmnt -nr -o VFS-OPTIONS --mountpoint $MOUNT_TARGET)
[[ $opts == *"noexec"* && $opts == *"nosuid"* && $opts == *"nodev"* ]] \
|| ts_log "Cannot find user options"
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ts_errlog

tests/ts/mount/user
TS_FSTAB="/etc/fstab"
ts_fstab_add $MOUNT_SOURCE $MOUNT_TARGET "none" "bind,user,default,noauto"
runuser -u testuser_mount -- $TS_CMD_MOUNT_STATIC $MOUNT_TARGET >> $TS_OUTPUT 2>> $TS_ERRLOG
opts=$(findmnt -nr -o VFS-OPTIONS --mountpoint $MOUNT_TARGET)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

TS_CMD_FINDMNT

@karelzak karelzak marked this pull request as draft August 27, 2025 10:47
@karelzak
Copy link
Collaborator Author

I'll split this pull request into three separate pull requests:

  1. canonicalization refactoring
  2. non-root mount test
  3. non-root X-mount.mkdir

I'll keep it open as a draw until all is implemented.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
1 more reviewer

@t-8ch t-8ch t-8ch left review comments

Reviewers whose approvals may not affect merge requirements
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@karelzak @t-8ch