Description of problem: Mount of tmpfs where fstab contains "user" option still requires root privilege. Version-Release number of selected component (if applicable): util-linux-ng-2.17.2-5.fc13.i686 Problem appears present at least back to Fedora12. How reproducible: 100% Steps to Reproduce: 1. Add fstab entry like tmpfs /mnt/ramdisk tmpfs user,noauto 0 0 2. Create mountpoint mkdir /mnt/ramdisk 3. Attempt to mount from non-root account: mount /mnt/ramdisk Actual results: [stevea@nidula mount]$ tail -1 /etc/fstab tmpfs /mnt/ramdisk tmpfs user,noauto,ro 0 0 [stevea@nidula mount]$ ls -ld /mnt/ramdisk/ drwxrwxrwt 2 root root 40 Jul 18 04:03 /mnt/ramdisk/ [stevea@nidula mount]$ mount /mnt/ramdisk mount: only root can do that [stevea@nidula mount]$ Expected results: tmpfs should mount at /mnt/ramdisk WITHOUT requiring root privilege. Additional info: This problem results from the correction to bug 476964 https://bugzilla.redhat.com/show_bug.cgi?id=476964 The script /sbin/mount.tmpfs is called from mount, and in turn exec's "mount -i-t tmpfs -o user,...". For obvious reasons the mount command cannot accept the "-o user" option from the command line. The script solution to 476964 does not correctly preserve mount functionality.
i can confirm that the problem is exactly as descibed on fedora 13 (goddard) with the latest updates installed.
(In reply to comment #0) > Expected results: > tmpfs should mount at /mnt/ramdisk WITHOUT requiring root privilege. > > Additional info: > This problem results from the correction to bug 476964 > https://bugzilla.redhat.com/show_bug.cgi?id=476964 > The script /sbin/mount.tmpfs is called from mount, and in turn exec's "mount > -i-t tmpfs -o user,...". For obvious reasons the mount command cannot accept > the "-o user" option from the command line. The script solution to 476964 does > not correctly preserve mount functionality. I don't see other way how to fix this problem than move mount.tmpfs functionality to mount(8). The question is if we want to support user-mounts for tmpfs without a context= setting. It would be better if admin specifies context(s) for the mounts. The solution/workaround is to add tmpfs /mnt/ramdisk tmpfs user,noauto,ro,rootcontext=<CXT> 0 0 where <CXT> is for example a context from "ls --scontext -d /mnt/ramdisk".
If you do not specify a file context it will default to tmpfs_t. If the script eliminated the user option would it work?
(In reply to comment #3) > If you do not specify a file context it will default to tmpfs_t. If the script > eliminated the user option would it work? No, mount(8) checks if the user is root. For non-root users it runs in very restricted mode where all options have be specified in fstab only. (In reply to comment #2) > The solution/workaround is to add > > tmpfs /mnt/ramdisk tmpfs user,noauto,ro,rootcontext=<CXT> 0 0 > > where <CXT> is for example a context from "ls --scontext -d /mnt/ramdisk". Sorry, this is nonsense. The script still calls /bin/mount "$@" -i -t tmpfs so it won't work for non-root users.
The mount.tmpfs script has to detect that user= option is used and then call mount(8) without any option, something like if ! echo "$@" | grep -q -E '\-o.*user'; then exec /bin/mount -i "$2" fi then you can specify a context in fstab (or default to tmpfs_t). I'll update the script ASAP. (Sorry again for the comment #2.)
Proposed patch: --- mount.tmpfs 12 Apr 2010 13:19:23 -0000 1.5 +++ mount.tmpfs 20 Jul 2010 07:28:09 -0000 @@ -18,6 +18,24 @@ ;; esac +restricted=1 +ruid=$(id --user --real) +euid=$(id --user) + +if [ $ruid -eq 0 ] && [ $ruid -eq $euid ]; then + restricted=0 +fi + +# mount(8) in restricted mode (for non-root users) does not allow to use any +# mount options, types or so on command line. We have to call mount(8) with +# mountpoint only. All necessary options have to be defined in /etc/fstab. +# +# https://bugzilla.redhat.com/show_bug.cgi?id=615719 +# +if [ $restricted -eq 1 ]; then + exec /bin/mount -i "$2" +fi + # Remount with context mount options is unsupported # http://bugzilla.redhat.com/show_bug.cgi?id=563267 #
util-linux-ng-2.17.2-6.fc13 has been submitted as an update for Fedora 13. http://admin.fedoraproject.org/updates/util-linux-ng-2.17.2-6.fc13
I've tested util-linux-ng-2.17.2-6.fc13 for x86_64. Works as expected. Please close.
util-linux-ng-2.17.2-6.fc13 has been pushed to the Fedora 13 stable repository. If problems still persist, please make note of it in this bug report.
util-linux-ng-2.18-2.fc14 has been submitted as an update for Fedora 14. http://admin.fedoraproject.org/updates/util-linux-ng-2.18-2.fc14