Blame SOURCES/0126-libmount-use-eacess-rather-than-open-to-check-mtab-u.patch

fe719b
From 04cad06bed055a5dd373b2f5babc8000a76597a6 Mon Sep 17 00:00:00 2001
fe719b
From: Karel Zak <kzak@redhat.com>
fe719b
Date: Mon, 9 Oct 2017 12:44:48 +0200
fe719b
Subject: [PATCH] libmount: use eacess() rather than open() to check mtab/utab
fe719b
fe719b
The open() syscall is probably the most strong way how to check write
fe719b
accessibility in all situations, but it's overkill and on some
fe719b
paranoid systems with enabled audit/selinux. It fills logs with
fe719b
"Permission denied" entries. Let's use eaccess() if available.
fe719b
fe719b
Addresses: https://bugzilla.redhat.com/show_bug.cgi?id=1499760
fe719b
Signed-off-by: Karel Zak <kzak@redhat.com>
fe719b
---
fe719b
 configure.ac         |  1 +
fe719b
 libmount/src/utils.c | 19 +++++++++++++------
fe719b
 2 files changed, 14 insertions(+), 6 deletions(-)
fe719b
fe719b
diff --git a/configure.ac b/configure.ac
fe719b
index 78258d677..96c5838cf 100644
fe719b
--- a/configure.ac
fe719b
+++ b/configure.ac
fe719b
@@ -315,6 +315,7 @@ AC_CHECK_FUNCS([ \
fe719b
 	__fpending \
fe719b
 	secure_getenv \
fe719b
 	__secure_getenv \
fe719b
+	eaccess \
fe719b
 	err \
fe719b
 	errx \
fe719b
 	fsync \
fe719b
diff --git a/libmount/src/utils.c b/libmount/src/utils.c
fe719b
index 5c374b432..a275d0a0e 100644
fe719b
--- a/libmount/src/utils.c
fe719b
+++ b/libmount/src/utils.c
fe719b
@@ -653,18 +653,25 @@ done:
fe719b
 
fe719b
 static int try_write(const char *filename)
fe719b
 {
fe719b
-	int fd;
fe719b
+	int rc = 0;
fe719b
 
fe719b
 	if (!filename)
fe719b
 		return -EINVAL;
fe719b
 
fe719b
-	fd = open(filename, O_RDWR|O_CREAT|O_CLOEXEC,
fe719b
+#ifdef HAVE_EACCESS
fe719b
+	if (eaccess(filename, R_OK|W_OK) != 0)
fe719b
+		rc = -errno;
fe719b
+#else
fe719b
+	{
fe719b
+		int fd = open(filename, O_RDWR|O_CREAT|O_CLOEXEC,
fe719b
 			    S_IWUSR|S_IRUSR|S_IRGRP|S_IROTH);
fe719b
-	if (fd >= 0) {
fe719b
-		close(fd);
fe719b
-		return 0;
fe719b
+		if (fd < 0)
fe719b
+			rc = -errno;
fe719b
+		else
fe719b
+			close(fd);
fe719b
 	}
fe719b
-	return -errno;
fe719b
+#endif
fe719b
+	return rc;
fe719b
 }
fe719b
 
fe719b
 /**
fe719b
-- 
fe719b
2.13.6
fe719b