Bug 447962 - pam_mount ignores mount -o exec flag
pam_mount ignores mount -o exec flag
Status: CLOSED CURRENTRELEASE
Product: Fedora
Classification: Fedora
Component: pam_mount (Show other bugs)
9
i686 Linux
low Severity medium
: ---
: ---
Assigned To: Till Maas
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-05-22 12:47 EDT by Eric Bowser
Modified: 2008-06-28 18:16 EDT (History)
0 users

See Also:
Fixed In Version: 1.18-1.fc9
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-06-28 18:16:40 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Debug output from pam_mount during a user login (5.66 KB, text/plain)
2008-05-22 12:47 EDT, Eric Bowser
no flags Details
configuration file I'm using (13.02 KB, text/xml)
2008-05-22 12:49 EDT, Eric Bowser
no flags Details

  None (edit)
Description Eric Bowser 2008-05-22 12:47:57 EDT
Description of problem:
When using encrypted image files as home directories through pam_mount loop
mounting, the directory always mounts with the 'noexec' mount option.


Version-Release number of selected component (if applicable):
pam_mount-0.32-3.fc9.i386


How reproducible:
Always


Steps to Reproduce:
1. Create encrypted filesystem image in a file, with a matching keyfile
2. Configure pam_mount to mount upon normal user login
3. Log in as user
4. Run 'mount -l' in a shell
  
Actual results:
/home/ebowser.img on /home/ebowser type ext3
(rw,noexec,nosuid,nodev,loop=/dev/loop0,encryption=aes)

Expected results:
/home/ebowser.img on /home/ebowser type ext3
(rw,exec,nosuid,nodev,loop=/dev/loop0,encryption=aes)

Additional info:
This worked fine in Fedora 8 with a similar configuration.  I say similar and
not identical because the pam_mount version in 8 used a text configuration file,
the pam_mount version in 9 uses XML.  They are both in theory configured the same.

My pam_mount.xml file and debug output of a login are attached.
Comment 1 Eric Bowser 2008-05-22 12:47:57 EDT
Created attachment 306402 [details]
Debug output from pam_mount during a user login
Comment 2 Eric Bowser 2008-05-22 12:49:09 EDT
Created attachment 306403 [details]
configuration file I'm using
Comment 3 Till Maas 2008-05-25 11:59:35 EDT
Are you sure, that your configuration works? Here using 'fstype="ext3"' instead
of 'fstype="crypt"' for the crypted volume does not work.

Btw. why do you specify the "user" mount option? This is where the noexec comes
from, but I do not yet know why it cannot be overwritten.
Comment 4 Till Maas 2008-05-25 12:12:09 EDT
ok, I guess I found the bug, the ordering of the mount options matter and it
seems that pam_mount currently orders them alphabetically. As a workaround you
could remove the "user" mount option if you do not need it.
Comment 5 Eric Bowser 2008-05-25 16:12:06 EDT
I will try this when I'm in front of the machine again on Tuesday.

Honestly, I can't remember why I'm using 'user.'  This encrypted home has been
with me since Fedora Core 6, and I just kept migrating the config.  I'm sure the
example I used to build this is long gone...
Comment 6 Eric Bowser 2008-05-27 09:50:53 EDT
Works like a charm without the user flag.

Thanks!
Comment 7 Fedora Update System 2008-06-11 18:53:26 EDT
pam_mount-0.40-1.fc9 has been submitted as an update for Fedora 9
Comment 8 Fedora Update System 2008-06-12 22:21:05 EDT
pam_mount-0.40-1.fc9, libHX-1.18-1.fc9 has been pushed to the Fedora 9 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update pam_mount libHX'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F9/FEDORA-2008-5269
Comment 9 Fedora Update System 2008-06-17 06:33:29 EDT
pam_mount-0.41-1.fc9 has been submitted as an update for Fedora 9
Comment 10 Fedora Update System 2008-06-23 09:35:17 EDT
pam_mount-0.41-2.fc9 has been submitted as an update for Fedora 9
Comment 11 Fedora Update System 2008-06-28 18:16:35 EDT
libHX-1.18-1.fc9, pam_mount-0.41-2.fc9 has been pushed to the Fedora 9 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.