|
|
a0f4b9 |
From 2f04609de018013a36396e6a10b317607fb0b625 Mon Sep 17 00:00:00 2001
|
|
|
a0f4b9 |
From: Roberto Bergantinos Corpas <rbergant@redhat.com>
|
|
|
a0f4b9 |
Date: Tue, 12 Jan 2021 11:58:53 +0100
|
|
|
a0f4b9 |
Subject: [PATCH 58/63] findmnt: add option to list all fs-independent flags
|
|
|
a0f4b9 |
|
|
|
a0f4b9 |
It might be useful for security auditing purposes list all possible
|
|
|
a0f4b9 |
mount flags/options including default set which are normally not listed.
|
|
|
a0f4b9 |
|
|
|
a0f4b9 |
This patch adds "--vfs-all" option to list all fs-independent flags
|
|
|
a0f4b9 |
on VFS-OPTIONS column, as well as libmount funcionality to accomplish
|
|
|
a0f4b9 |
it.
|
|
|
a0f4b9 |
|
|
|
a0f4b9 |
i.e.:
|
|
|
a0f4b9 |
|
|
|
a0f4b9 |
$ findmnt -o VFS-OPTIONS
|
|
|
a0f4b9 |
VFS-OPTIONS
|
|
|
a0f4b9 |
rw,relatime
|
|
|
a0f4b9 |
rw,nosuid,nodev,noexec,relatime
|
|
|
a0f4b9 |
rw,nosuid,nodev,noexec,relatime
|
|
|
a0f4b9 |
ro,nosuid,nodev,noexec
|
|
|
a0f4b9 |
...
|
|
|
a0f4b9 |
|
|
|
a0f4b9 |
$ findmnt --vfs-all -o VFS-OPTIONS
|
|
|
a0f4b9 |
VFS-OPTIONS
|
|
|
a0f4b9 |
rw,exec,suid,dev,async,loud,nomand,atime,noiversion,diratime,relatime,nostrictatime,nolazytime,symfollow
|
|
|
a0f4b9 |
rw,noexec,nosuid,nodev,async,loud,nomand,atime,noiversion,diratime,relatime,nostrictatime,nolazytime,symfollow
|
|
|
a0f4b9 |
rw,noexec,nosuid,nodev,async,loud,nomand,atime,noiversion,diratime,relatime,nostrictatime,nolazytime,symfollow
|
|
|
a0f4b9 |
ro,noexec,nosuid,nodev,async,loud,nomand,atime,noiversion,diratime,norelatime,nostrictatime,nolazytime,symfollow
|
|
|
a0f4b9 |
...
|
|
|
a0f4b9 |
|
|
|
a0f4b9 |
[kzak@redhat.com: - cleanup coding style and comments]
|
|
|
a0f4b9 |
|
|
|
a0f4b9 |
Addresses: https://bugzilla.redhat.com/show_bug.cgi?id=1917852
|
|
|
a0f4b9 |
Upstream: http://github.com/karelzak/util-linux/commit/ff21f476f85ac9855452f4aac43a231c3c1e2ebc
|
|
|
a0f4b9 |
Signed-off-by: Roberto Bergantinos Corpas <rbergant@redhat.com>
|
|
|
a0f4b9 |
Signed-off-by: Karel Zak <kzak@redhat.com>
|
|
|
a0f4b9 |
---
|
|
|
a0f4b9 |
libmount/docs/libmount-sections.txt | 1 +
|
|
|
a0f4b9 |
libmount/src/fs.c | 32 +++++++++++++++++++++++++++++
|
|
|
a0f4b9 |
libmount/src/libmount.h.in | 1 +
|
|
|
a0f4b9 |
libmount/src/libmount.sym | 4 ++++
|
|
|
a0f4b9 |
misc-utils/findmnt.8 | 6 ++++++
|
|
|
a0f4b9 |
misc-utils/findmnt.c | 15 +++++++++++---
|
|
|
a0f4b9 |
misc-utils/findmnt.h | 2 ++
|
|
|
a0f4b9 |
7 files changed, 58 insertions(+), 3 deletions(-)
|
|
|
a0f4b9 |
|
|
|
a0f4b9 |
diff --git a/libmount/docs/libmount-sections.txt b/libmount/docs/libmount-sections.txt
|
|
|
a0f4b9 |
index dea724b2f..f296c0611 100644
|
|
|
a0f4b9 |
--- a/libmount/docs/libmount-sections.txt
|
|
|
a0f4b9 |
+++ b/libmount/docs/libmount-sections.txt
|
|
|
a0f4b9 |
@@ -224,6 +224,7 @@ mnt_fs_get_usedsize
|
|
|
a0f4b9 |
mnt_fs_get_userdata
|
|
|
a0f4b9 |
mnt_fs_get_user_options
|
|
|
a0f4b9 |
mnt_fs_get_vfs_options
|
|
|
a0f4b9 |
+mnt_fs_get_vfs_options_all
|
|
|
a0f4b9 |
mnt_fs_is_kernel
|
|
|
a0f4b9 |
mnt_fs_is_netfs
|
|
|
a0f4b9 |
mnt_fs_is_pseudofs
|
|
|
a0f4b9 |
diff --git a/libmount/src/fs.c b/libmount/src/fs.c
|
|
|
a0f4b9 |
index aae4961c3..34c09d66b 100644
|
|
|
a0f4b9 |
--- a/libmount/src/fs.c
|
|
|
a0f4b9 |
+++ b/libmount/src/fs.c
|
|
|
a0f4b9 |
@@ -924,6 +924,38 @@ const char *mnt_fs_get_vfs_options(struct libmnt_fs *fs)
|
|
|
a0f4b9 |
return fs ? fs->vfs_optstr : NULL;
|
|
|
a0f4b9 |
}
|
|
|
a0f4b9 |
|
|
|
a0f4b9 |
+/**
|
|
|
a0f4b9 |
+ * mnt_fs_get_vfs_options_all:
|
|
|
a0f4b9 |
+ * @fs: fstab/mtab entry pointer
|
|
|
a0f4b9 |
+ *
|
|
|
a0f4b9 |
+ * Returns: pointer to newlly allocated string (can be freed by free(3)) or
|
|
|
a0f4b9 |
+ * NULL in case of error. The string contains all (including defaults) mount
|
|
|
a0f4b9 |
+ * options.
|
|
|
a0f4b9 |
+ */
|
|
|
a0f4b9 |
+char *mnt_fs_get_vfs_options_all(struct libmnt_fs *fs)
|
|
|
a0f4b9 |
+{
|
|
|
a0f4b9 |
+ const struct libmnt_optmap *map = mnt_get_builtin_optmap(MNT_LINUX_MAP);
|
|
|
a0f4b9 |
+ const struct libmnt_optmap *ent;
|
|
|
a0f4b9 |
+ const char *opts = mnt_fs_get_options(fs);
|
|
|
a0f4b9 |
+ char *result = NULL;
|
|
|
a0f4b9 |
+ unsigned long flags = 0;
|
|
|
a0f4b9 |
+
|
|
|
a0f4b9 |
+ if (!opts || mnt_optstr_get_flags(opts, &flags, map))
|
|
|
a0f4b9 |
+ return NULL;
|
|
|
a0f4b9 |
+
|
|
|
a0f4b9 |
+ for (ent = map ; ent && ent->name ; ent++){
|
|
|
a0f4b9 |
+ if (ent->id & flags) { /* non-default value */
|
|
|
a0f4b9 |
+ if (!(ent->mask & MNT_INVERT))
|
|
|
a0f4b9 |
+ mnt_optstr_append_option(&result, ent->name, NULL);
|
|
|
a0f4b9 |
+ else
|
|
|
a0f4b9 |
+ continue;
|
|
|
a0f4b9 |
+ } else if (ent->mask & MNT_INVERT)
|
|
|
a0f4b9 |
+ mnt_optstr_append_option(&result, ent->name, NULL);
|
|
|
a0f4b9 |
+ }
|
|
|
a0f4b9 |
+
|
|
|
a0f4b9 |
+ return result;
|
|
|
a0f4b9 |
+}
|
|
|
a0f4b9 |
+
|
|
|
a0f4b9 |
/**
|
|
|
a0f4b9 |
* mnt_fs_get_user_options:
|
|
|
a0f4b9 |
* @fs: fstab/mtab entry pointer
|
|
|
a0f4b9 |
diff --git a/libmount/src/libmount.h.in b/libmount/src/libmount.h.in
|
|
|
a0f4b9 |
index c61514b59..1d9a053e0 100644
|
|
|
a0f4b9 |
--- a/libmount/src/libmount.h.in
|
|
|
a0f4b9 |
+++ b/libmount/src/libmount.h.in
|
|
|
a0f4b9 |
@@ -452,6 +452,7 @@ extern int mnt_fs_get_option(struct libmnt_fs *fs, const char *name,
|
|
|
a0f4b9 |
extern const char *mnt_fs_get_fs_options(struct libmnt_fs *fs);
|
|
|
a0f4b9 |
extern const char *mnt_fs_get_vfs_options(struct libmnt_fs *fs);
|
|
|
a0f4b9 |
extern const char *mnt_fs_get_user_options(struct libmnt_fs *fs);
|
|
|
a0f4b9 |
+extern char *mnt_fs_get_vfs_options_all(struct libmnt_fs *fs);
|
|
|
a0f4b9 |
|
|
|
a0f4b9 |
extern const char *mnt_fs_get_attributes(struct libmnt_fs *fs);
|
|
|
a0f4b9 |
extern int mnt_fs_set_attributes(struct libmnt_fs *fs, const char *optstr);
|
|
|
a0f4b9 |
diff --git a/libmount/src/libmount.sym b/libmount/src/libmount.sym
|
|
|
a0f4b9 |
index ca16cafa1..636c564eb 100644
|
|
|
a0f4b9 |
--- a/libmount/src/libmount.sym
|
|
|
a0f4b9 |
+++ b/libmount/src/libmount.sym
|
|
|
a0f4b9 |
@@ -322,3 +322,7 @@ MOUNT_2.30 {
|
|
|
a0f4b9 |
mnt_context_enable_rwonly_mount;
|
|
|
a0f4b9 |
mnt_context_get_excode;
|
|
|
a0f4b9 |
} MOUNT_2.28;
|
|
|
a0f4b9 |
+
|
|
|
a0f4b9 |
+MOUNT_2_37 {
|
|
|
a0f4b9 |
+ mnt_fs_get_vfs_options_all;
|
|
|
a0f4b9 |
+} MOUNT_2.30;
|
|
|
a0f4b9 |
diff --git a/misc-utils/findmnt.8 b/misc-utils/findmnt.8
|
|
|
a0f4b9 |
index 58dd38625..41a37cb5f 100644
|
|
|
a0f4b9 |
--- a/misc-utils/findmnt.8
|
|
|
a0f4b9 |
+++ b/misc-utils/findmnt.8
|
|
|
a0f4b9 |
@@ -249,6 +249,12 @@ It's possible to specify source (device) or target (mountpoint) to filter mount
|
|
|
a0f4b9 |
.TP
|
|
|
a0f4b9 |
.BR "\-\-verbose"
|
|
|
a0f4b9 |
Force findmnt to print more information (\fB\-\-verify\fP only for now).
|
|
|
a0f4b9 |
+.TP
|
|
|
a0f4b9 |
+.B \-\-vfs-all
|
|
|
a0f4b9 |
+When used with
|
|
|
a0f4b9 |
+.BR VFS-OPTIONS
|
|
|
a0f4b9 |
+column, print all VFS (fs-independent) flags. This option is designed for auditing purposes to
|
|
|
a0f4b9 |
+list also default VFS kernel mount options which are normally not listed.
|
|
|
a0f4b9 |
.SH EXAMPLES
|
|
|
a0f4b9 |
.IP "\fBfindmnt \-\-fstab \-t nfs\fP"
|
|
|
a0f4b9 |
Prints all NFS filesystems defined in
|
|
|
a0f4b9 |
diff --git a/misc-utils/findmnt.c b/misc-utils/findmnt.c
|
|
|
a0f4b9 |
index 184b6f7d7..a7b3af4f4 100644
|
|
|
a0f4b9 |
--- a/misc-utils/findmnt.c
|
|
|
a0f4b9 |
+++ b/misc-utils/findmnt.c
|
|
|
a0f4b9 |
@@ -542,7 +542,10 @@ static char *get_data(struct libmnt_fs *fs, int num)
|
|
|
a0f4b9 |
str = xstrdup(mnt_fs_get_options(fs));
|
|
|
a0f4b9 |
break;
|
|
|
a0f4b9 |
case COL_VFS_OPTIONS:
|
|
|
a0f4b9 |
- str = xstrdup(mnt_fs_get_vfs_options(fs));
|
|
|
a0f4b9 |
+ if (flags & FL_VFS_ALL)
|
|
|
a0f4b9 |
+ str = mnt_fs_get_vfs_options_all(fs);
|
|
|
a0f4b9 |
+ else if (mnt_fs_get_vfs_options(fs))
|
|
|
a0f4b9 |
+ str = xstrdup(mnt_fs_get_vfs_options(fs));
|
|
|
a0f4b9 |
break;
|
|
|
a0f4b9 |
case COL_FS_OPTIONS:
|
|
|
a0f4b9 |
str = xstrdup(mnt_fs_get_fs_options(fs));
|
|
|
a0f4b9 |
@@ -1243,6 +1246,7 @@ static void __attribute__((__noreturn__)) usage(void)
|
|
|
a0f4b9 |
fputc('\n', out);
|
|
|
a0f4b9 |
fputs(_(" -x, --verify verify mount table content (default is fstab)\n"), out);
|
|
|
a0f4b9 |
fputs(_(" --verbose print more details\n"), out);
|
|
|
a0f4b9 |
+ fputs(_(" --vfs-all print all VFS options\n"), out);
|
|
|
a0f4b9 |
|
|
|
a0f4b9 |
fputs(USAGE_SEPARATOR, out);
|
|
|
a0f4b9 |
printf(USAGE_HELP_OPTIONS(24));
|
|
|
a0f4b9 |
@@ -1271,8 +1275,9 @@ int main(int argc, char *argv[])
|
|
|
a0f4b9 |
struct libscols_table *table = NULL;
|
|
|
a0f4b9 |
|
|
|
a0f4b9 |
enum {
|
|
|
a0f4b9 |
- FINDMNT_OPT_VERBOSE = CHAR_MAX + 1,
|
|
|
a0f4b9 |
- FINDMNT_OPT_TREE
|
|
|
a0f4b9 |
+ FINDMNT_OPT_VERBOSE = CHAR_MAX + 1,
|
|
|
a0f4b9 |
+ FINDMNT_OPT_TREE,
|
|
|
a0f4b9 |
+ FINDMNT_OPT_VFS_ALL
|
|
|
a0f4b9 |
};
|
|
|
a0f4b9 |
|
|
|
a0f4b9 |
static const struct option longopts[] = {
|
|
|
a0f4b9 |
@@ -1313,6 +1318,7 @@ int main(int argc, char *argv[])
|
|
|
a0f4b9 |
{ "version", no_argument, NULL, 'V' },
|
|
|
a0f4b9 |
{ "verbose", no_argument, NULL, FINDMNT_OPT_VERBOSE },
|
|
|
a0f4b9 |
{ "tree", no_argument, NULL, FINDMNT_OPT_TREE },
|
|
|
a0f4b9 |
+ { "vfs-all", no_argument, NULL, FINDMNT_OPT_VFS_ALL },
|
|
|
a0f4b9 |
{ NULL, 0, NULL, 0 }
|
|
|
a0f4b9 |
};
|
|
|
a0f4b9 |
|
|
|
a0f4b9 |
@@ -1479,6 +1485,9 @@ int main(int argc, char *argv[])
|
|
|
a0f4b9 |
case FINDMNT_OPT_TREE:
|
|
|
a0f4b9 |
force_tree = 1;
|
|
|
a0f4b9 |
break;
|
|
|
a0f4b9 |
+ case FINDMNT_OPT_VFS_ALL:
|
|
|
a0f4b9 |
+ flags |= FL_VFS_ALL;
|
|
|
a0f4b9 |
+ break;
|
|
|
a0f4b9 |
default:
|
|
|
a0f4b9 |
errtryhelp(EXIT_FAILURE);
|
|
|
a0f4b9 |
}
|
|
|
a0f4b9 |
diff --git a/misc-utils/findmnt.h b/misc-utils/findmnt.h
|
|
|
a0f4b9 |
index fbaa38e82..9a277b68a 100644
|
|
|
a0f4b9 |
--- a/misc-utils/findmnt.h
|
|
|
a0f4b9 |
+++ b/misc-utils/findmnt.h
|
|
|
a0f4b9 |
@@ -19,6 +19,8 @@ enum {
|
|
|
a0f4b9 |
FL_STRICTTARGET = (1 << 15),
|
|
|
a0f4b9 |
FL_VERBOSE = (1 << 16),
|
|
|
a0f4b9 |
|
|
|
a0f4b9 |
+ FL_VFS_ALL = (1 << 19),
|
|
|
a0f4b9 |
+
|
|
|
a0f4b9 |
/* basic table settings */
|
|
|
a0f4b9 |
FL_ASCII = (1 << 20),
|
|
|
a0f4b9 |
FL_RAW = (1 << 21),
|
|
|
a0f4b9 |
--
|
|
|
a0f4b9 |
2.31.1
|
|
|
a0f4b9 |
|