a0f4b9
From 2f04609de018013a36396e6a10b317607fb0b625 Mon Sep 17 00:00:00 2001
a0f4b9
From: Roberto Bergantinos Corpas <rbergant@redhat.com>
a0f4b9
Date: Tue, 12 Jan 2021 11:58:53 +0100
a0f4b9
Subject: [PATCH 58/63] findmnt: add option to list all fs-independent flags
a0f4b9
a0f4b9
It might be useful for security auditing purposes list all possible
a0f4b9
mount flags/options including default set which are normally not listed.
a0f4b9
a0f4b9
This patch adds "--vfs-all" option to list all fs-independent flags
a0f4b9
on VFS-OPTIONS column, as well as libmount funcionality to accomplish
a0f4b9
it.
a0f4b9
a0f4b9
i.e.:
a0f4b9
a0f4b9
$ findmnt -o VFS-OPTIONS
a0f4b9
VFS-OPTIONS
a0f4b9
rw,relatime
a0f4b9
rw,nosuid,nodev,noexec,relatime
a0f4b9
rw,nosuid,nodev,noexec,relatime
a0f4b9
ro,nosuid,nodev,noexec
a0f4b9
...
a0f4b9
a0f4b9
$ findmnt --vfs-all -o VFS-OPTIONS
a0f4b9
VFS-OPTIONS
a0f4b9
rw,exec,suid,dev,async,loud,nomand,atime,noiversion,diratime,relatime,nostrictatime,nolazytime,symfollow
a0f4b9
rw,noexec,nosuid,nodev,async,loud,nomand,atime,noiversion,diratime,relatime,nostrictatime,nolazytime,symfollow
a0f4b9
rw,noexec,nosuid,nodev,async,loud,nomand,atime,noiversion,diratime,relatime,nostrictatime,nolazytime,symfollow
a0f4b9
ro,noexec,nosuid,nodev,async,loud,nomand,atime,noiversion,diratime,norelatime,nostrictatime,nolazytime,symfollow
a0f4b9
...
a0f4b9
a0f4b9
[kzak@redhat.com: - cleanup coding style and comments]
a0f4b9
a0f4b9
Addresses: https://bugzilla.redhat.com/show_bug.cgi?id=1917852
a0f4b9
Upstream: http://github.com/karelzak/util-linux/commit/ff21f476f85ac9855452f4aac43a231c3c1e2ebc
a0f4b9
Signed-off-by: Roberto Bergantinos Corpas <rbergant@redhat.com>
a0f4b9
Signed-off-by: Karel Zak <kzak@redhat.com>
a0f4b9
---
a0f4b9
 libmount/docs/libmount-sections.txt |  1 +
a0f4b9
 libmount/src/fs.c                   | 32 +++++++++++++++++++++++++++++
a0f4b9
 libmount/src/libmount.h.in          |  1 +
a0f4b9
 libmount/src/libmount.sym           |  4 ++++
a0f4b9
 misc-utils/findmnt.8                |  6 ++++++
a0f4b9
 misc-utils/findmnt.c                | 15 +++++++++++---
a0f4b9
 misc-utils/findmnt.h                |  2 ++
a0f4b9
 7 files changed, 58 insertions(+), 3 deletions(-)
a0f4b9
a0f4b9
diff --git a/libmount/docs/libmount-sections.txt b/libmount/docs/libmount-sections.txt
a0f4b9
index dea724b2f..f296c0611 100644
a0f4b9
--- a/libmount/docs/libmount-sections.txt
a0f4b9
+++ b/libmount/docs/libmount-sections.txt
a0f4b9
@@ -224,6 +224,7 @@ mnt_fs_get_usedsize
a0f4b9
 mnt_fs_get_userdata
a0f4b9
 mnt_fs_get_user_options
a0f4b9
 mnt_fs_get_vfs_options
a0f4b9
+mnt_fs_get_vfs_options_all
a0f4b9
 mnt_fs_is_kernel
a0f4b9
 mnt_fs_is_netfs
a0f4b9
 mnt_fs_is_pseudofs
a0f4b9
diff --git a/libmount/src/fs.c b/libmount/src/fs.c
a0f4b9
index aae4961c3..34c09d66b 100644
a0f4b9
--- a/libmount/src/fs.c
a0f4b9
+++ b/libmount/src/fs.c
a0f4b9
@@ -924,6 +924,38 @@ const char *mnt_fs_get_vfs_options(struct libmnt_fs *fs)
a0f4b9
 	return fs ? fs->vfs_optstr : NULL;
a0f4b9
 }
a0f4b9
 
a0f4b9
+/**
a0f4b9
+ * mnt_fs_get_vfs_options_all:
a0f4b9
+ * @fs: fstab/mtab entry pointer
a0f4b9
+ *
a0f4b9
+ * Returns: pointer to newlly allocated string (can be freed by free(3)) or
a0f4b9
+ * NULL in case of error.  The string contains all (including defaults) mount
a0f4b9
+ * options.
a0f4b9
+ */
a0f4b9
+char *mnt_fs_get_vfs_options_all(struct libmnt_fs *fs)
a0f4b9
+{
a0f4b9
+	const struct libmnt_optmap *map = mnt_get_builtin_optmap(MNT_LINUX_MAP);
a0f4b9
+	const struct libmnt_optmap *ent;
a0f4b9
+	const char *opts = mnt_fs_get_options(fs);
a0f4b9
+	char *result = NULL;
a0f4b9
+	unsigned long flags = 0;
a0f4b9
+
a0f4b9
+	if (!opts || mnt_optstr_get_flags(opts, &flags, map))
a0f4b9
+		return NULL;
a0f4b9
+
a0f4b9
+	for (ent = map ; ent && ent->name ; ent++){
a0f4b9
+		if (ent->id & flags) { /* non-default value */
a0f4b9
+			if (!(ent->mask & MNT_INVERT))
a0f4b9
+				mnt_optstr_append_option(&result, ent->name, NULL);
a0f4b9
+			else
a0f4b9
+				continue;
a0f4b9
+		} else if (ent->mask & MNT_INVERT)
a0f4b9
+			mnt_optstr_append_option(&result, ent->name, NULL);
a0f4b9
+	}
a0f4b9
+
a0f4b9
+	return result;
a0f4b9
+}
a0f4b9
+
a0f4b9
 /**
a0f4b9
  * mnt_fs_get_user_options:
a0f4b9
  * @fs: fstab/mtab entry pointer
a0f4b9
diff --git a/libmount/src/libmount.h.in b/libmount/src/libmount.h.in
a0f4b9
index c61514b59..1d9a053e0 100644
a0f4b9
--- a/libmount/src/libmount.h.in
a0f4b9
+++ b/libmount/src/libmount.h.in
a0f4b9
@@ -452,6 +452,7 @@ extern int mnt_fs_get_option(struct libmnt_fs *fs, const char *name,
a0f4b9
 extern const char *mnt_fs_get_fs_options(struct libmnt_fs *fs);
a0f4b9
 extern const char *mnt_fs_get_vfs_options(struct libmnt_fs *fs);
a0f4b9
 extern const char *mnt_fs_get_user_options(struct libmnt_fs *fs);
a0f4b9
+extern char *mnt_fs_get_vfs_options_all(struct libmnt_fs *fs);
a0f4b9
 
a0f4b9
 extern const char *mnt_fs_get_attributes(struct libmnt_fs *fs);
a0f4b9
 extern int mnt_fs_set_attributes(struct libmnt_fs *fs, const char *optstr);
a0f4b9
diff --git a/libmount/src/libmount.sym b/libmount/src/libmount.sym
a0f4b9
index ca16cafa1..636c564eb 100644
a0f4b9
--- a/libmount/src/libmount.sym
a0f4b9
+++ b/libmount/src/libmount.sym
a0f4b9
@@ -322,3 +322,7 @@ MOUNT_2.30 {
a0f4b9
 	mnt_context_enable_rwonly_mount;
a0f4b9
 	mnt_context_get_excode;
a0f4b9
 } MOUNT_2.28;
a0f4b9
+
a0f4b9
+MOUNT_2_37 {
a0f4b9
+	mnt_fs_get_vfs_options_all;
a0f4b9
+} MOUNT_2.30;
a0f4b9
diff --git a/misc-utils/findmnt.8 b/misc-utils/findmnt.8
a0f4b9
index 58dd38625..41a37cb5f 100644
a0f4b9
--- a/misc-utils/findmnt.8
a0f4b9
+++ b/misc-utils/findmnt.8
a0f4b9
@@ -249,6 +249,12 @@ It's possible to specify source (device) or target (mountpoint) to filter mount
a0f4b9
 .TP
a0f4b9
 .BR "\-\-verbose"
a0f4b9
 Force findmnt to print more information (\fB\-\-verify\fP only for now).
a0f4b9
+.TP
a0f4b9
+.B \-\-vfs-all
a0f4b9
+When used with
a0f4b9
+.BR VFS-OPTIONS
a0f4b9
+column, print all VFS (fs-independent) flags.  This option is designed for auditing purposes to
a0f4b9
+list also default VFS kernel mount options which are normally not listed.
a0f4b9
 .SH EXAMPLES
a0f4b9
 .IP "\fBfindmnt \-\-fstab \-t nfs\fP"
a0f4b9
 Prints all NFS filesystems defined in
a0f4b9
diff --git a/misc-utils/findmnt.c b/misc-utils/findmnt.c
a0f4b9
index 184b6f7d7..a7b3af4f4 100644
a0f4b9
--- a/misc-utils/findmnt.c
a0f4b9
+++ b/misc-utils/findmnt.c
a0f4b9
@@ -542,7 +542,10 @@ static char *get_data(struct libmnt_fs *fs, int num)
a0f4b9
 		str = xstrdup(mnt_fs_get_options(fs));
a0f4b9
 		break;
a0f4b9
 	case COL_VFS_OPTIONS:
a0f4b9
-		str = xstrdup(mnt_fs_get_vfs_options(fs));
a0f4b9
+		if (flags & FL_VFS_ALL)
a0f4b9
+			str = mnt_fs_get_vfs_options_all(fs);
a0f4b9
+		else if (mnt_fs_get_vfs_options(fs))
a0f4b9
+			str = xstrdup(mnt_fs_get_vfs_options(fs));
a0f4b9
 		break;
a0f4b9
 	case COL_FS_OPTIONS:
a0f4b9
 		str = xstrdup(mnt_fs_get_fs_options(fs));
a0f4b9
@@ -1243,6 +1246,7 @@ static void __attribute__((__noreturn__)) usage(void)
a0f4b9
 	fputc('\n', out);
a0f4b9
 	fputs(_(" -x, --verify           verify mount table content (default is fstab)\n"), out);
a0f4b9
 	fputs(_("     --verbose          print more details\n"), out);
a0f4b9
+	fputs(_("     --vfs-all          print all VFS options\n"), out);
a0f4b9
 
a0f4b9
 	fputs(USAGE_SEPARATOR, out);
a0f4b9
 	printf(USAGE_HELP_OPTIONS(24));
a0f4b9
@@ -1271,8 +1275,9 @@ int main(int argc, char *argv[])
a0f4b9
 	struct libscols_table *table = NULL;
a0f4b9
 
a0f4b9
 	enum {
a0f4b9
-                FINDMNT_OPT_VERBOSE = CHAR_MAX + 1,
a0f4b9
-		FINDMNT_OPT_TREE
a0f4b9
+		FINDMNT_OPT_VERBOSE = CHAR_MAX + 1,
a0f4b9
+		FINDMNT_OPT_TREE,
a0f4b9
+		FINDMNT_OPT_VFS_ALL
a0f4b9
 	};
a0f4b9
 
a0f4b9
 	static const struct option longopts[] = {
a0f4b9
@@ -1313,6 +1318,7 @@ int main(int argc, char *argv[])
a0f4b9
 		{ "version",	    no_argument,       NULL, 'V'		 },
a0f4b9
 		{ "verbose",	    no_argument,       NULL, FINDMNT_OPT_VERBOSE },
a0f4b9
 		{ "tree",	    no_argument,       NULL, FINDMNT_OPT_TREE	 },
a0f4b9
+		{ "vfs-all",	    no_argument,       NULL, FINDMNT_OPT_VFS_ALL },
a0f4b9
 		{ NULL, 0, NULL, 0 }
a0f4b9
 	};
a0f4b9
 
a0f4b9
@@ -1479,6 +1485,9 @@ int main(int argc, char *argv[])
a0f4b9
 		case FINDMNT_OPT_TREE:
a0f4b9
 			force_tree = 1;
a0f4b9
 			break;
a0f4b9
+		case FINDMNT_OPT_VFS_ALL:
a0f4b9
+			flags |= FL_VFS_ALL;
a0f4b9
+			break;
a0f4b9
 		default:
a0f4b9
 			errtryhelp(EXIT_FAILURE);
a0f4b9
 		}
a0f4b9
diff --git a/misc-utils/findmnt.h b/misc-utils/findmnt.h
a0f4b9
index fbaa38e82..9a277b68a 100644
a0f4b9
--- a/misc-utils/findmnt.h
a0f4b9
+++ b/misc-utils/findmnt.h
a0f4b9
@@ -19,6 +19,8 @@ enum {
a0f4b9
 	FL_STRICTTARGET = (1 << 15),
a0f4b9
 	FL_VERBOSE	= (1 << 16),
a0f4b9
 
a0f4b9
+	FL_VFS_ALL	= (1 << 19),
a0f4b9
+
a0f4b9
 	/* basic table settings */
a0f4b9
 	FL_ASCII	= (1 << 20),
a0f4b9
 	FL_RAW		= (1 << 21),
a0f4b9
-- 
a0f4b9
2.31.1
a0f4b9