--- Begin Message ---
Subject: |
Mount does not honor 'user' option. |
Date: |
Tue, 01 Oct 2019 15:41:59 +0200 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/26.3 (gnu/linux) |
Hey Guix,
I have added the following to `file-systems' in my operating-system
config:
--8<---------------cut here---------------start------------->8---
(file-system
(device "127.0.0.1")
(mount-point "/home/diego/inf")
(type "9p")
(options "noextend,trans=tcp,dfltuid=1000,dfltgid=998,port=9001,user,nofail")
(mount? #f))
--8<---------------cut here---------------end--------------->8---
It works almost as expected except that when I try to mount the file
system as a regular user (which is what the option 'user' is supposed to
allow) I get:
$ LC_ALL=C mount inf
mount: /home/diego/inf: must be superuser to use mount.
The command succeeds if I run it as root.
The following steps reproduce the issue without using a 9p file system:
1. Prepare a file system on a loopback device:
$ dd if=/dev/zero of=foo.img bs=1024 count=524288
$ udisksctl loop-setup --file foo.img
Mapped file foo.img as /dev/loop0.
$ sudo mkfs.ext4 -L foofs /dev/loop0
2. Add the following line to /etc/fstab replacing <name> with something
more appropriate:
LABEL=foofs /home/<name>/foofs ext4 defaults,user
3. Try to mount the filesystem as an unprivileged user (This should work
and does work on e.g. Debian 10):
$ mkdir foofs
$ LC_ALL=C mount foofs
mount: /home/<name>/foofs: must be superuser to use mount.
4. Try it with sudo to confirm that everything else works as expected:
$ sudo mount foofs
$ ls foofs
lost+found/
Regards,
Diego
--- End Message ---
--- Begin Message ---
Subject: |
Re: bug#37569: Mount does not honor 'user' option. |
Date: |
Sun, 06 Oct 2019 14:46:13 +0200 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/26.3 (gnu/linux) |
Hi,
Diego Nicola Barbato <address@hidden> skribis:
> I've tried adding "mount" and "umount" to `setuid-programs' in my
> operating-system config:
>
> (setuid-programs (cons*
> #~(string-append #$util-linux "/bin/mount")
> #~(string-append #$util-linux "/bin/umount")
> %setuid-programs))
>
> Mounting as an unprivileged user now works as expected (even the fancy
> 9p stuff).
Cool!
> Is there any rationale for not adding "mount" and "umount" to
> `%setuid-programs' by default?
No, especially since they perform the right checks and error out with
“only root can do that” when needed.
I added them in commit 19944227528502e3619a6d1557bc735224f6fef6.
Thanks!
Ludo’.
--- End Message ---