libreoffice-online/tools/mount.cpp
Caolán McNamara cb136dd51a namespace mount can fail due to adding MS_NOATIME
in deployment on remounting the mount pointing to /opt/cool/systemplate
with an additional MS_NOATIME results in EPERM.  Where that dir is on a
(toplevel) [rel]atime mount.

man 2 mount states 'An attempt was made to modify (MS_REMOUNT) the
MS_RDONLY, MS_NOSUID, or MS_NOEXEC flag, or one of the "atime" flags
(MS_NOATIME, MS_NODIRATIME, MS_RELATIME) of an existing mount, but the
mount is locked'. Presumably we can add flags that drop privs, but not
those that could circumvent original mount policy.

Thanks to Kay Sievers for help & advice to bootstrap these namespace
mounts.

Signed-off-by: Caolán McNamara <caolan.mcnamara@collabora.com>
Change-Id: I4c0c6a6e4a0e7fae04255e247b18cd5a86c3f327
2024-07-03 23:31:17 +02:00

37 lines
1 KiB
C++

/* -*- Mode: C; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4; fill-column: 100 -*- */
/*
* Copyright the Collabora Online contributors.
*
* SPDX-License-Identifier: MPL-2.0
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
*/
/*
* This is a very tiny helper to allow overlay mounting.
*/
#include <config.h>
#include <stdio.h>
#include <stdlib.h>
#include <sysexits.h>
#include <security.h>
extern int domount(bool namespace_mount, int argc, const char* const* argv);
int main(int argc, char** argv)
{
/*WARNING: PRIVILEGED CODE CHECKING START */
/*WARNING*/ if (!hasCorrectUID(/* appName = */ "coolmount"))
/*WARNING*/ {
/*WARNING*/ fprintf(stderr, "Aborting.\n");
/*WARNING*/ return EX_SOFTWARE;
/*WARNING*/ }
/*WARNING: PRIVILEGED CODE CHECKING END */
return domount(false, argc, argv);
}
/* vim:set shiftwidth=4 softtabstop=4 expandtab: */