Description of problem:
In lock_mtab, when the lockfile is created (w/ O_CREAT), the permissions
specified are improper. Instead of '0', this should presumably be set to '0600'.
Version-Release number of selected component (if applicable):
Observed in util-linux 2.12, though hadn't verified others.
Drop CAP_DAC_OVERRIDE and watch mounts fail due to inability to acquire a lock
on the mtab.
Steps to Reproduce:
1. sysctl -w kernel.cap-bound=0xf7fd7df5
2. mount -t tmpfs /dev/swap /mnt
$ mount -t tmpfs /dev/swap /mnt
can't open lock file /etc/mtab~: Permission denied (use -n flag to override)
A mounted filesystem, with proper locking of mtab.
See RH Enterprise issue 116584.
Yes, the request makes sense.
This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux maintenance release. Product Management has requested
further review of this request by Red Hat Engineering, for potential
inclusion in a Red Hat Enterprise Linux Update release for currently deployed
products. This request is not yet committed for inclusion in an Update
Created attachment 155566 [details]
Patch to fix mtab~ lock permission when CAP_DAC_OVERRIDE is revoked
Attached a patch to fix based on devel, but works in rhel4 too.
util-linux-2.13-0.54.fc7 has been pushed to the Fedora 7 testing repository. If problems still persist, please make note of it in this bug report.
util-linux-2.13-0.54.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report.
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.