Attachment #232088 for bug #262179

Lines 45-50 Link Here

(-)12.3-my/sbin/mount/mntopts.h (+2 lines)
45	#define MOPT_NOEXEC { "exec", 1, MNT_NOEXEC, 0 }	45	#define MOPT_NOEXEC { "exec", 1, MNT_NOEXEC, 0 }
46	#define MOPT_NOSUID { "suid", 1, MNT_NOSUID, 0 }	46	#define MOPT_NOSUID { "suid", 1, MNT_NOSUID, 0 }
47	#define MOPT_NOSYMFOLLOW { "symfollow", 1, MNT_NOSYMFOLLOW, 0 }	47	#define MOPT_NOSYMFOLLOW { "symfollow", 1, MNT_NOSYMFOLLOW, 0 }
		48	#define MOPT_NOSOCKBIND { "sockbind", 1, MNT_NOSOCKBIND, 0 }
48	#define MOPT_RDONLY { "rdonly", 0, MNT_RDONLY, 0 }	49	#define MOPT_RDONLY { "rdonly", 0, MNT_RDONLY, 0 }
49	#define MOPT_SYNC { "sync", 0, MNT_SYNCHRONOUS, 0 }	50	#define MOPT_SYNC { "sync", 0, MNT_SYNCHRONOUS, 0 }
50	#define MOPT_UNION { "union", 0, MNT_UNION, 0 }	51	#define MOPT_UNION { "union", 0, MNT_UNION, 0 }
Lines 87-92 Link Here
87	MOPT_SUIDDIR, /* must be before MOPT_NOSUID */ \	88	MOPT_SUIDDIR, /* must be before MOPT_NOSUID */ \
88	MOPT_NOSUID, \	89	MOPT_NOSUID, \
89	MOPT_NOSYMFOLLOW, \	90	MOPT_NOSYMFOLLOW, \
		91	MOPT_NOSOCKBIND, \
90	MOPT_RDONLY, \	92	MOPT_RDONLY, \
91	MOPT_UNION, \	93	MOPT_UNION, \
92	MOPT_NOCLUSTERR, \	94	MOPT_NOCLUSTERR, \

Lines 103-108 Link Here

(-)12.3-my/sbin/mount/mount.c (+2 lines)
103	{ MNT_NOEXEC, "noexec" },	103	{ MNT_NOEXEC, "noexec" },
104	{ MNT_NOSUID, "nosuid" },	104	{ MNT_NOSUID, "nosuid" },
105	{ MNT_NOSYMFOLLOW, "nosymfollow" },	105	{ MNT_NOSYMFOLLOW, "nosymfollow" },
		106	{ MNT_NOSOCKBIND, "nosockbind" },
106	{ MNT_QUOTA, "with quotas" },	107	{ MNT_QUOTA, "with quotas" },
107	{ MNT_RDONLY, "read-only" },	108	{ MNT_RDONLY, "read-only" },
108	{ MNT_SYNCHRONOUS, "synchronous" },	109	{ MNT_SYNCHRONOUS, "synchronous" },
Lines 975-980 Link Here
975	if (flags & MNT_ACLS) res = catopt(res, "acls");	976	if (flags & MNT_ACLS) res = catopt(res, "acls");
976	if (flags & MNT_NFS4ACLS) res = catopt(res, "nfsv4acls");	977	if (flags & MNT_NFS4ACLS) res = catopt(res, "nfsv4acls");
977	if (flags & MNT_UNTRUSTED) res = catopt(res, "untrusted");	978	if (flags & MNT_UNTRUSTED) res = catopt(res, "untrusted");
		979	if (flags & MNT_NOSOCKBIND) res = catopt(res, "nosockbind");
978		980
979	return (res);	981	return (res);
980	}	982	}

Lines 327-334 Link Here

(-)12.3-my/sys/fs/nullfs/null_vfsops.c (-2 / +3 lines)
327	/* now copy across the "interesting" information and fake the rest */	327	/* now copy across the "interesting" information and fake the rest */
328	sbp->f_type = mstat->f_type;	328	sbp->f_type = mstat->f_type;
329	sbp->f_flags = (sbp->f_flags & (MNT_RDONLY \| MNT_NOEXEC \| MNT_NOSUID \|	329	sbp->f_flags = (sbp->f_flags & (MNT_RDONLY \| MNT_NOEXEC \| MNT_NOSUID \|
330	MNT_UNION \| MNT_NOSYMFOLLOW \| MNT_AUTOMOUNTED)) \|	330	MNT_UNION \| MNT_NOSYMFOLLOW \| MNT_AUTOMOUNTED \| MNT_NOSOCKBIND)) \|
331	(mstat->f_flags & ~(MNT_ROOTFS \| MNT_AUTOMOUNTED));	331	(mstat->f_flags & ~(MNT_ROOTFS \| MNT_AUTOMOUNTED \|
		332	MNT_NOSOCKBIND));
332	sbp->f_bsize = mstat->f_bsize;	333	sbp->f_bsize = mstat->f_bsize;
333	sbp->f_iosize = mstat->f_iosize;	334	sbp->f_iosize = mstat->f_iosize;
334	sbp->f_blocks = mstat->f_blocks;	335	sbp->f_blocks = mstat->f_blocks;




	struct vattr vattr;
	int error, namelen;
	struct nameidata nd;
	struct unpcb *unp;
	struct vnode *vp;
	struct mount *mp, *mp0;
	cap_rights_t rights;
	char *buf;


	error = mac_vnode_check_create(td->td_ucred, nd.ni_dvp, &nd.ni_cnd,
	    &vattr);
#endif
	if (error == 0) {
		mp0 = nd.ni_dvp->v_mount;
		if (mp0 == NULL)
			error = ENOENT;
		else if((mp0->mnt_flag & MNT_NOSOCKBIND) != 0)
			error = EPERM;
	}
	if (error == 0)
		error = VOP_CREATE(nd.ni_dvp, &nd.ni_vp, &nd.ni_cnd, &vattr);
	NDFREE(&nd, NDF_ONLY_PNBUF);

Lines 110-115 Link Here

(-)12.3-my/sys/kern/vfs_mount.c (+7 lines)
110	"rw",	110	"rw",
111	"nosuid",	111	"nosuid",
112	"noexec",	112	"noexec",
		113	"nosockbind",
113	NULL	114	NULL
114	};	115	};
115		116
Lines 679-684 Link Here
679	free(opt->name, M_MOUNT);	680	free(opt->name, M_MOUNT);
680	opt->name = strdup("nonosymfollow", M_MOUNT);	681	opt->name = strdup("nonosymfollow", M_MOUNT);
681	}	682	}
		683	else if (strcmp(opt->name, "nosockbind") == 0)
		684	fsflags \|= MNT_NOSOCKBIND;
		685	else if (strcmp(opt->name, "sockbind") == 0) {
		686	free(opt->name, M_MOUNT);
		687	opt->name = strdup("nonosockbind", M_MOUNT);
		688	}
682	else if (strcmp(opt->name, "noro") == 0) {	689	else if (strcmp(opt->name, "noro") == 0) {
683	fsflags &= ~MNT_RDONLY;	690	fsflags &= ~MNT_RDONLY;
684	autoro = false;	691	autoro = false;

Lines 3771-3776 Link Here

(-)12.3-my/sys/kern/vfs_subr.c (+1 lines)
3771	MNT_FLAG(MNT_FORCE);	3771	MNT_FLAG(MNT_FORCE);
3772	MNT_FLAG(MNT_SNAPSHOT);	3772	MNT_FLAG(MNT_SNAPSHOT);
3773	MNT_FLAG(MNT_BYFSID);	3773	MNT_FLAG(MNT_BYFSID);
		3774	MNT_FLAG(MNT_NOSOCKBIND);
3774	#undef MNT_FLAG	3775	#undef MNT_FLAG
3775	if (mflags != 0) {	3776	if (mflags != 0) {
3776	if (buf[0] != '\0')	3777	if (buf[0] != '\0')




#define	MNT_SUJ		0x0000000100000000ULL /* using journaled soft updates */
#define	MNT_AUTOMOUNTED	0x0000000200000000ULL /* mounted by automountd(8) */
#define	MNT_UNTRUSTED	0x0000000800000000ULL /* filesys metadata untrusted */
#define	MNT_NOSOCKBIND	0x0000020000000000ULL /* disallow UNIX domain bind() */

/*
 * NFS export related mount flags.

			MNT_IGNORE	| MNT_EXPUBLIC	| MNT_NOSYMFOLLOW | \
			MNT_GJOURNAL	| MNT_MULTILABEL | MNT_ACLS	| \
			MNT_NFS4ACLS	| MNT_AUTOMOUNTED | MNT_VERIFIED | \
			MNT_UNTRUSTED	| MNT_NOSOCKBIND)

/* Mask of flags that can be updated. */
#define	MNT_UPDATEMASK (MNT_NOSUID	| MNT_NOEXEC	| \

			MNT_NOSYMFOLLOW	| MNT_IGNORE	| \
			MNT_NOCLUSTERR	| MNT_NOCLUSTERW | MNT_SUIDDIR	| \
			MNT_ACLS	| MNT_USER	| MNT_NFS4ACLS	| \
			MNT_AUTOMOUNTED | MNT_UNTRUSTED	| MNT_NOSOCKBIND)

/*
 * External filesystem command modifier flags.

Return to bug 262179

Lines 585-593 Link Here

(-)12.3-my/sys/kern/uipc_usrreq.c (-1 / +8 lines)
585	struct vattr vattr;	589	struct vattr vattr;
586	int error, namelen;	590	int error, namelen;
587	struct nameidata nd;	591	struct nameidata nd;
588	struct unpcb *unp;	592	struct unpcb *unp;
589	struct vnode *vp;	593	struct vnode *vp;
590	struct mount *mp;	594	struct mount mp, mp0;
591	cap_rights_t rights;	595	cap_rights_t rights;
592	char *buf;	596	char *buf;
593		597
Lines 659-664 Link Here
659	error = mac_vnode_check_create(td->td_ucred, nd.ni_dvp, &nd.ni_cnd,	668	error = mac_vnode_check_create(td->td_ucred, nd.ni_dvp, &nd.ni_cnd,
660	&vattr);	669	&vattr);
661	#endif	670	#endif
		671	if (error == 0) {
		672	mp0 = nd.ni_dvp->v_mount;
		673	if (mp0 == NULL)
		674	error = ENOENT;
		675	else if((mp0->mnt_flag & MNT_NOSOCKBIND) != 0)
		676	error = EPERM;
		677	}
662	if (error == 0)	678	if (error == 0)
663	error = VOP_CREATE(nd.ni_dvp, &nd.ni_vp, &nd.ni_cnd, &vattr);	679	error = VOP_CREATE(nd.ni_dvp, &nd.ni_vp, &nd.ni_cnd, &vattr);
664	NDFREE(&nd, NDF_ONLY_PNBUF);	680	NDFREE(&nd, NDF_ONLY_PNBUF);

Lines 303-308 Link Here

(-)12.3-my/sys/sys/mount.h (-2 / +3 lines)
303	#define MNT_SUJ 0x0000000100000000ULL /* using journaled soft updates */	303	#define MNT_SUJ 0x0000000100000000ULL /* using journaled soft updates */
304	#define MNT_AUTOMOUNTED 0x0000000200000000ULL /* mounted by automountd(8) */	304	#define MNT_AUTOMOUNTED 0x0000000200000000ULL /* mounted by automountd(8) */
305	#define MNT_UNTRUSTED 0x0000000800000000ULL /* filesys metadata untrusted */	305	#define MNT_UNTRUSTED 0x0000000800000000ULL /* filesys metadata untrusted */
		306	#define MNT_NOSOCKBIND 0x0000020000000000ULL /* disallow UNIX domain bind() */
306		307
307	/*	308	/*
308	* NFS export related mount flags.	309	* NFS export related mount flags.
Lines 341-347 Link Here
341	MNT_IGNORE \| MNT_EXPUBLIC \| MNT_NOSYMFOLLOW \| \	342	MNT_IGNORE \| MNT_EXPUBLIC \| MNT_NOSYMFOLLOW \| \
342	MNT_GJOURNAL \| MNT_MULTILABEL \| MNT_ACLS \| \	343	MNT_GJOURNAL \| MNT_MULTILABEL \| MNT_ACLS \| \
343	MNT_NFS4ACLS \| MNT_AUTOMOUNTED \| MNT_VERIFIED \| \	344	MNT_NFS4ACLS \| MNT_AUTOMOUNTED \| MNT_VERIFIED \| \
344	MNT_UNTRUSTED)	345	MNT_UNTRUSTED \| MNT_NOSOCKBIND)
345		346
346	/* Mask of flags that can be updated. */	347	/* Mask of flags that can be updated. */
347	#define MNT_UPDATEMASK (MNT_NOSUID \| MNT_NOEXEC \| \	348	#define MNT_UPDATEMASK (MNT_NOSUID \| MNT_NOEXEC \| \
Lines 350-356 Link Here
350	MNT_NOSYMFOLLOW \| MNT_IGNORE \| \	351	MNT_NOSYMFOLLOW \| MNT_IGNORE \| \
351	MNT_NOCLUSTERR \| MNT_NOCLUSTERW \| MNT_SUIDDIR \| \	352	MNT_NOCLUSTERR \| MNT_NOCLUSTERW \| MNT_SUIDDIR \| \
352	MNT_ACLS \| MNT_USER \| MNT_NFS4ACLS \| \	353	MNT_ACLS \| MNT_USER \| MNT_NFS4ACLS \| \
353	MNT_AUTOMOUNTED \| MNT_UNTRUSTED)	354	MNT_AUTOMOUNTED \| MNT_UNTRUSTED \| MNT_NOSOCKBIND)
354		355
355	/*	356	/*
356	* External filesystem command modifier flags.	357	* External filesystem command modifier flags.