Blob Blame History Raw
From 04cad06bed055a5dd373b2f5babc8000a76597a6 Mon Sep 17 00:00:00 2001
From: Karel Zak <kzak@redhat.com>
Date: Mon, 9 Oct 2017 12:44:48 +0200
Subject: [PATCH] libmount: use eacess() rather than open() to check mtab/utab

The open() syscall is probably the most strong way how to check write
accessibility in all situations, but it's overkill and on some
paranoid systems with enabled audit/selinux. It fills logs with
"Permission denied" entries. Let's use eaccess() if available.

Addresses: https://bugzilla.redhat.com/show_bug.cgi?id=1499760
Signed-off-by: Karel Zak <kzak@redhat.com>
---
 configure.ac         |  1 +
 libmount/src/utils.c | 19 +++++++++++++------
 2 files changed, 14 insertions(+), 6 deletions(-)

diff --git a/configure.ac b/configure.ac
index 78258d677..96c5838cf 100644
--- a/configure.ac
+++ b/configure.ac
@@ -315,6 +315,7 @@ AC_CHECK_FUNCS([ \
 	__fpending \
 	secure_getenv \
 	__secure_getenv \
+	eaccess \
 	err \
 	errx \
 	fsync \
diff --git a/libmount/src/utils.c b/libmount/src/utils.c
index 5c374b432..a275d0a0e 100644
--- a/libmount/src/utils.c
+++ b/libmount/src/utils.c
@@ -653,18 +653,25 @@ done:
 
 static int try_write(const char *filename)
 {
-	int fd;
+	int rc = 0;
 
 	if (!filename)
 		return -EINVAL;
 
-	fd = open(filename, O_RDWR|O_CREAT|O_CLOEXEC,
+#ifdef HAVE_EACCESS
+	if (eaccess(filename, R_OK|W_OK) != 0)
+		rc = -errno;
+#else
+	{
+		int fd = open(filename, O_RDWR|O_CREAT|O_CLOEXEC,
 			    S_IWUSR|S_IRUSR|S_IRGRP|S_IROTH);
-	if (fd >= 0) {
-		close(fd);
-		return 0;
+		if (fd < 0)
+			rc = -errno;
+		else
+			close(fd);
 	}
-	return -errno;
+#endif
+	return rc;
 }
 
 /**
-- 
2.13.6