Bug 917678

Summary: mount in RHEL 6.4 ignores user option
Product: Red Hat Enterprise Linux 6 Reporter: Jens Kuehnel <bugzilla-redhat>
Component: util-linux-ngAssignee: Karel Zak <kzak>
Status: CLOSED ERRATA QA Contact: qe-baseos-daemons
Severity: high Docs Contact:
Priority: urgent    
Version: 6.4CC: azelinka, dalestubblefield, lmiksik, mkolaja, psklenar, rbinkhor, redhat-bugzilla, Sven.Nierlein
Target Milestone: rcKeywords: Patch, Regression, ZStream
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: util-linux-ng-2.17.2-12.12.el6 Doc Type: Bug Fix
Doc Text:
Due to a regression in the code, if a symbolic link was used for a mount point in the fstab configuration file, mount attempts to that mount point failed. This update ensures that all paths in fstab are made canonical and such mount points can now be mounted as expected.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2013-11-21 20:45:23 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 955520    
Attachments:
Description Flags
proposed patch none

Description Jens Kuehnel 2013-03-04 14:44:36 UTC 
Description of problem:
Since RHEL6.4 a mount with option user requires root privileges.

Version-Release number of selected component (if applicable):
util-linux-ng-2.17.2-12.9.el6.x86_64

How reproducible:
100%, tested on 3 of my systems and reports on the Internet (only german): http://lists.mathias-kettner.de/pipermail/checkmk-de/2013-February/002585.html 


Steps to Reproduce:
1. echo "tmpfs  /omd/sites/test/tmp tmpfs noauto,user,mode=755,uid=test,gid=test 0 0 " >> /etc/fstab
2. mkdir -p /omd/sites/test/tmp
3. useradd test
4. su - test -c 'mount /omd/sites/test/tmp'
  
Actual results:
mount: can't find /omd/sites/test/tmp in /etc/fstab or /etc/mtab


Expected results:
is simply mounts


Additional info:
Worked with util-linux-ng-2.17.2-12.7.el6.x86_64

Downgrade is a problem because of some device-mapper dependency. Take a RHEL6.3 and only upgrade util-linux-ng, than you can downgrade with:
yum downgrade util-linux-ng-2.17.2-12.7.el6.x86_64 libblkid-2.17.2-12.7.el6.x86_64 libuuid-2.17.2-12.7.el6.x86_64
Comment 1 Karel Zak 2013-03-07 18:20:46 UTC 
Works for me:

[root@el6 ~]# echo "tmpfs  /omd/sites/test/tmp tmpfs noauto,user,mode=755,uid=test,gid=test 0 0 " >> /etc/fstab
[root@el6 ~]# mkdir -p /omd/sites/test/tmp
[root@el6 ~]# useradd test
[root@el6 ~]# su - test -c 'mount /omd/sites/test/tmp'

[root@el6 ~]# findmnt --mtab /omd/sites/test/tmp
TARGET              SOURCE FSTYPE OPTIONS
/omd/sites/test/tmp tmpfs  tmpfs  rw,noexec,nosuid,nodev,mode=755,uid=500,gid=500,user=test

[root@el6 ~]# rpm -qf /bin/mount
util-linux-ng-2.17.2-12.9.el6.i686

Please, try mount with -v (verbose mode), for example:

su - test -c 'mount -vvv /omd/sites/test/tmp'
Comment 2 Jens Kuehnel 2013-03-07 18:38:42 UTC 
I checked it here with yet another installation, but all our installation x86_64. Maybe it is only 64bit.
Output with -vvv:

[root@XXXXX ~]# su - test -c 'mount -vvv /omd/sites/test/tmp'
mount: fstab path: "/etc/fstab"
mount: mtab path:  "/etc/mtab"
mount: lock path:  "/etc/mtab~"
mount: temp path:  "/etc/mtab.tmp"
mount: UID:        500
mount: eUID:       0
mount: can't find /omd/sites/test/tmp in /etc/fstab or /etc/mtab
Comment 3 Ralf Ertzinger 2013-03-10 22:08:53 UTC 
I have the exact same problem (also with OMD), and it's not the user option. It's the fact that the path in /etc/fstab contains a symlink (/omd is a symlink to /opt/omd)

Replacing /omd with /opt/omd in /etc/fstab (effectively resolving the symlink) makes this work again.

Probably something from the fix in https://bugzilla.redhat.com/show_bug.cgi?id=892330 broke this.
Comment 4 Jens Kuehnel 2013-03-11 07:39:33 UTC 
I can confirm comment #3. It only happens when a symlink is part of the path.
Comment 5 Karel Zak 2013-03-11 09:44:47 UTC 
You're right.

The old code in mount/fstab.c: getfs_by_dir() does not expect non-canonical paths in fstab, but now (since bug #892330) all paths from non-root users are always canonicalized.

The workaround is to use canonicalized (real) paths in /etc/fstab for user mounts, something like:

echo "tmpfs $(cd /omd/sites/test/tmp; pwd -P) tmpfs noauto,user,mode=755,uid=test,gid=test 0 0 " >>  /etc/fstab
Comment 6 Jens Kuehnel 2013-03-11 12:42:16 UTC 
If I understand BZ892330 correctly the patch should fix a problem where a normal user can create a symlink and detect by the error message if a file exist even when the user can not look into the directory.

By fixing this problem, instead of checking if a symlink is resolvable by the user, the patch disabled the usage of symlinks completly for non-users.

Do I understand the problem correctly?

I have already a workaround, because I mount the tmpfs directory as user root. Not nice but working.

But I think this should be fixed permanently. There a lot of omd Users that complain about broken RHEL6.4.
Comment 7 Karel Zak 2013-03-13 08:09:10 UTC 
(In reply to comment #6)
> If I understand BZ892330 correctly the patch should fix a problem where a
> normal user can create a symlink and detect by the error message if a file
> exist even when the user can not look into the directory.

Yes.

> By fixing this problem, instead of checking if a symlink is resolvable by
> the user, the patch disabled the usage of symlinks completly for non-users.

No, the old code used root permissions (as mount(8) is suid) to evaluate sysmlinks, the new fixed version uses non-root user's UID to evaluate paths from command line and then the new canonical path is used for all next operations in mount(8). 

Unfortunately some another part of the mount(8) command does not expect canonical paths if there is a symlink in fstab... 

It means that bug #892330 helps us to find another fragile code in mount(8).

(Fortunately, we don't use this code in RHEL7 any more.)

> But I think this should be fixed permanently. 

Sure, it's obvious bug.
Comment 8 Karel Zak 2013-03-13 08:51:49 UTC 
Created attachment 709415 [details]
proposed patch

with the patch:

mkdir -p /mnt/test
ln -s /mnt/test /mnt/sym-test

echo "tmpfs /mnt/sym-test tmpfs noauto,user,mode=755  0 0" >> /etc/fstab

as non-root user:
   $ mount /mnt/sym-test

findmnt /mnt/test
TARGET    SOURCE FSTYPE OPTIONS
/mnt/test tmpfs  tmpfs rw,nosuid,nodev,noexec,relatime,mode=755,uid=1000,gid=1000
Comment 9 Jens Kuehnel 2013-03-13 12:31:57 UTC 
the patch works and fixes the problem. I created a rpm and installed it on one machine.
Comment 10 Jens Kuehnel 2013-04-04 13:40:40 UTC 
Any ETA for this bug in RHEL6.4?
Comment 15 Jens Kuehnel 2013-04-09 15:11:41 UTC 
@Marcel Kolaja: Why did you mark this bug as private? Please open it up again!
Comment 16 J.H.M. Dassen (Ray) 2013-04-09 15:34:48 UTC 
Reinstating this as a public entry. Let's leave the private BZ dance for a 6.4.z clone.
Comment 17 Marcel Kolaja 2013-04-09 16:14:46 UTC 
(In reply to comment #15)
> @Marcel Kolaja: Why did you mark this bug as private? Please open it up
> again!

Sorry, I did that by mistake. Ray already fixed that. Thanks Ray!
Comment 21 Jens Kuehnel 2013-04-17 17:15:50 UTC 
A test repo can be found at http://jens.fedorapeople.org/rhel64-bz917678/.
If you want to check the patch.
Comment 26 errata-xmlrpc 2013-11-21 20:45:23 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2013-1648.html