From 04cad06bed055a5dd373b2f5babc8000a76597a6 Mon Sep 17 00:00:00 2001

From: Karel Zak <kzak@redhat.com>

Date: Mon, 9 Oct 2017 12:44:48 +0200

Subject: [PATCH] libmount: use eacess() rather than open() to check mtab/utab

The open() syscall is probably the most strong way how to check write

accessibility in all situations, but it's overkill and on some

paranoid systems with enabled audit/selinux. It fills logs with

"Permission denied" entries. Let's use eaccess() if available.

Addresses: https://bugzilla.redhat.com/show_bug.cgi?id=1499760

Signed-off-by: Karel Zak <kzak@redhat.com>

---

 configure.ac         |  1 +

 libmount/src/utils.c | 19 +++++++++++++------

 2 files changed, 14 insertions(+), 6 deletions(-)

diff --git a/configure.ac b/configure.ac

index 78258d677..96c5838cf 100644

--- a/configure.ac

+++ b/configure.ac

@@ -315,6 +315,7 @@ AC_CHECK_FUNCS([ \

 	__fpending \

 	secure_getenv \

 	__secure_getenv \

+	eaccess \

 	err \

 	errx \

 	fsync \

diff --git a/libmount/src/utils.c b/libmount/src/utils.c

index 5c374b432..a275d0a0e 100644

--- a/libmount/src/utils.c

+++ b/libmount/src/utils.c

@@ -653,18 +653,25 @@ done:

 static int try_write(const char *filename)

 {

-	int fd;

+	int rc = 0;

 	if (!filename)

 		return -EINVAL;

-	fd = open(filename, O_RDWR|O_CREAT|O_CLOEXEC,

+#ifdef HAVE_EACCESS

+	if (eaccess(filename, R_OK|W_OK) != 0)

+		rc = -errno;

+#else

+	{

+		int fd = open(filename, O_RDWR|O_CREAT|O_CLOEXEC,

 			    S_IWUSR|S_IRUSR|S_IRGRP|S_IROTH);

-	if (fd >= 0) {

-		close(fd);

-		return 0;

+		if (fd < 0)

+			rc = -errno;

+		else

+			close(fd);

 	}

-	return -errno;

+#endif

+	return rc;

 }

 /**

-- 

2.13.6