diff options
| author | Jan Kara <jack@suse.cz> | 2024-02-21 18:30:50 +0100 |
|---|---|---|
| committer | Karel Zak <kzak@redhat.com> | 2024-02-26 09:46:17 +0100 |
| commit | 1cde32f323e0970f6c7f35940dcc0aea97b821e5 (patch) | |
| tree | f98a4286798a5c1d6df1cd41d419bfa19fd6f2c9 | |
| parent | 7ca98ca6aab919f271a15e40276cbb411e62f0e4 (diff) | |
| download | util-linux-1cde32f323e0970f6c7f35940dcc0aea97b821e5.tar.gz | |
libmount: don't hold write fd to mounted device
Avoid holding writeable fd to a loop device that is being mounted. In
the hardened configurations (CONFIG_BLK_DEV_WRITE_MOUNTED = n) the
kernel wants to make sure nobody else has the block device writeably
open when mounting so this makes the mount fail.
Reported-by: JunChao Sun <sunjunchao2870@gmail.com>
Signed-off-by: Jan Kara <jack@suse.cz>
Acked-by: Christian Brauner <brauner@kernel.org>
| -rw-r--r-- | libmount/src/hook_loopdev.c | 16 |
1 files changed, 10 insertions, 6 deletions
diff --git a/libmount/src/hook_loopdev.c b/libmount/src/hook_loopdev.c index 8c8f7f2187..e2114b0cbe 100644 --- a/libmount/src/hook_loopdev.c +++ b/libmount/src/hook_loopdev.c @@ -356,15 +356,19 @@ success: */ mnt_optlist_append_flags(ol, MS_RDONLY, cxt->map_linux); - /* we have to keep the device open until mount(1), - * otherwise it will be auto-cleared by kernel + /* + * We have to keep the device open until mount(1), otherwise it + * will be auto-cleared by kernel. However we don't want to + * keep writeable fd as kernel wants to block all writers to + * the device being mounted (in the more hardened + * configurations). So grab read-only fd instead. */ - hd->loopdev_fd = loopcxt_get_fd(&lc); + hd->loopdev_fd = open(lc.device, O_RDONLY | O_CLOEXEC); if (hd->loopdev_fd < 0) { - DBG(LOOP, ul_debugobj(cxt, "failed to get loopdev FD")); + DBG(LOOP, + ul_debugobj(cxt, "failed to reopen loopdev FD")); rc = -errno; - } else - loopcxt_set_fd(&lc, -1, 0); + } } done: loopcxt_deinit(&lc); |