Bug#418076: linux-2.6: cannot mount network filesystems

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#418076: linux-2.6: cannot mount network filesystems
From: dann frazier <dannf@hp.com>
Date: Fri, 06 Apr 2007 13:15:24 -0600
Message-id: <[🔎] 20070406191524.26640.44121.reportbug@krebs.dannf>
Reply-to: dann frazier <dannf@hp.com>, 418076@bugs.debian.org

Package: linux-2.6
Version: 2.6.18.dfsg.1-12
Severity: important
Tags: patch

The VXC_BINARY_MOUNT capability should be sufficient to mount network
filesystems, but its not. Due to this bug, users currently must grant a
vserver SYS_ADMIN capabilities in order to mount network filesystems.

Though this works, SYS_ADMIN also gives the vserver a hell of a lot of
other privileges as well (turn swap off & on, configure md, access to 
nvram, etc). See http://linux-vserver.org/Capabilities_and_Flags for the
full list.

This patch from upstream fixes the issue.

diff -NurpP --minimal linux-2.6.18.5-vs2.0.2.2-rc9/fs/super.c linux-2.6.18.5-vs2.0.3-rc1/fs/super.c
--- linux-2.6.18.5-vs2.0.2.2-rc9/fs/super.c	2006-09-20 17:59:47 +0200
+++ linux-2.6.18.5-vs2.0.3-rc1/fs/super.c	2006-12-13 23:06:16 +0100
@@ -848,7 +848,7 @@ vfs_kern_mount(struct file_system_type *
 
 	sb = mnt->mnt_sb;
 	error = -EPERM;
-	if (!capable(CAP_SYS_ADMIN) && !sb->s_bdev &&
+	if (!vx_capable(CAP_SYS_ADMIN, VXC_BINARY_MOUNT) && !sb->s_bdev &&
 		(sb->s_magic != PROC_SUPER_MAGIC) &&
 		(sb->s_magic != DEVPTS_SUPER_MAGIC))
 		goto out_sb;


-- System Information:
Debian Release: lenny/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: ia64
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-4-itanium
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)

Reply to:

Prev by Date: Bug#40346: Reassigning 8 years old still present bug
Next by Date: Processed: tagging 418076
Previous by thread: Bug#40346: Reassigning 8 years old still present bug
Next by thread: Processed: tagging 418076
Index(es):
- Date
- Thread