Attachment #232089 for bug #262179

Lines 43-48 Link Here

(-)11.4-my/sbin/mount/mntopts.h (+2 lines)
43	#define MOPT_NOEXEC { "exec", 1, MNT_NOEXEC, 0 }	43	#define MOPT_NOEXEC { "exec", 1, MNT_NOEXEC, 0 }
44	#define MOPT_NOSUID { "suid", 1, MNT_NOSUID, 0 }	44	#define MOPT_NOSUID { "suid", 1, MNT_NOSUID, 0 }
45	#define MOPT_NOSYMFOLLOW { "symfollow", 1, MNT_NOSYMFOLLOW, 0 }	45	#define MOPT_NOSYMFOLLOW { "symfollow", 1, MNT_NOSYMFOLLOW, 0 }
		46	#define MOPT_NOSOCKBIND { "sockbind", 1, MNT_NOSOCKBIND, 0 }
46	#define MOPT_RDONLY { "rdonly", 0, MNT_RDONLY, 0 }	47	#define MOPT_RDONLY { "rdonly", 0, MNT_RDONLY, 0 }
47	#define MOPT_SYNC { "sync", 0, MNT_SYNCHRONOUS, 0 }	48	#define MOPT_SYNC { "sync", 0, MNT_SYNCHRONOUS, 0 }
48	#define MOPT_UNION { "union", 0, MNT_UNION, 0 }	49	#define MOPT_UNION { "union", 0, MNT_UNION, 0 }
Lines 84-89 Link Here
84	MOPT_SUIDDIR, /* must be before MOPT_NOSUID */ \	85	MOPT_SUIDDIR, /* must be before MOPT_NOSUID */ \
85	MOPT_NOSUID, \	86	MOPT_NOSUID, \
86	MOPT_NOSYMFOLLOW, \	87	MOPT_NOSYMFOLLOW, \
		88	MOPT_NOSOCKBIND, \
87	MOPT_RDONLY, \	89	MOPT_RDONLY, \
88	MOPT_UNION, \	90	MOPT_UNION, \
89	MOPT_NOCLUSTERR, \	91	MOPT_NOCLUSTERR, \

Lines 101-106 Link Here

(-)11.4-my/sbin/mount/mount.c (+2 lines)
101	{ MNT_NOEXEC, "noexec" },	101	{ MNT_NOEXEC, "noexec" },
102	{ MNT_NOSUID, "nosuid" },	102	{ MNT_NOSUID, "nosuid" },
103	{ MNT_NOSYMFOLLOW, "nosymfollow" },	103	{ MNT_NOSYMFOLLOW, "nosymfollow" },
		104	{ MNT_NOSOCKBIND, "nosockbind" },
104	{ MNT_QUOTA, "with quotas" },	105	{ MNT_QUOTA, "with quotas" },
105	{ MNT_RDONLY, "read-only" },	106	{ MNT_RDONLY, "read-only" },
106	{ MNT_SYNCHRONOUS, "synchronous" },	107	{ MNT_SYNCHRONOUS, "synchronous" },
Lines 974-979 Link Here
974	if (flags & MNT_MULTILABEL) res = catopt(res, "multilabel");	975	if (flags & MNT_MULTILABEL) res = catopt(res, "multilabel");
975	if (flags & MNT_ACLS) res = catopt(res, "acls");	976	if (flags & MNT_ACLS) res = catopt(res, "acls");
976	if (flags & MNT_NFS4ACLS) res = catopt(res, "nfsv4acls");	977	if (flags & MNT_NFS4ACLS) res = catopt(res, "nfsv4acls");
		978	if (flags & MNT_NOSOCKBIND) res = catopt(res, "nosockbind");
977		979
978	return (res);	980	return (res);
979	}	981	}

Lines 328-335 Link Here

(-)11.4-my/sys/fs/nullfs/null_vfsops.c (-2 / +3 lines)
328	/* now copy across the "interesting" information and fake the rest */	328	/* now copy across the "interesting" information and fake the rest */
329	sbp->f_type = mstat->f_type;	329	sbp->f_type = mstat->f_type;
330	sbp->f_flags = (sbp->f_flags & (MNT_RDONLY \| MNT_NOEXEC \| MNT_NOSUID \|	330	sbp->f_flags = (sbp->f_flags & (MNT_RDONLY \| MNT_NOEXEC \| MNT_NOSUID \|
331	MNT_UNION \| MNT_NOSYMFOLLOW \| MNT_AUTOMOUNTED)) \|	331	MNT_UNION \| MNT_NOSYMFOLLOW \| MNT_AUTOMOUNTED \| MNT_NOSOCKBIND)) \|
332	(mstat->f_flags & ~(MNT_ROOTFS \| MNT_AUTOMOUNTED));	332	(mstat->f_flags & ~(MNT_ROOTFS \| MNT_AUTOMOUNTED \|
		333	MNT_NOSOCKBIND));
333	sbp->f_bsize = mstat->f_bsize;	334	sbp->f_bsize = mstat->f_bsize;
334	sbp->f_iosize = mstat->f_iosize;	335	sbp->f_iosize = mstat->f_iosize;
335	sbp->f_blocks = mstat->f_blocks;	336	sbp->f_blocks = mstat->f_blocks;




	struct vattr vattr;
	int error, namelen;
	struct nameidata nd;
	struct unpcb *unp;
	struct vnode *vp;
	struct mount *mp, *mp0;
	cap_rights_t rights;
	char *buf;


	error = mac_vnode_check_create(td->td_ucred, nd.ni_dvp, &nd.ni_cnd,
	    &vattr);
#endif
	if (error == 0) {
		mp0 = nd.ni_dvp->v_mount;
		if (mp0 == NULL)
			error = ENOENT;
		else if((mp0->mnt_flag & MNT_NOSOCKBIND) != 0)
			error = EPERM;
	}
	if (error == 0)
		error = VOP_CREATE(nd.ni_dvp, &nd.ni_vp, &nd.ni_cnd, &vattr);
	NDFREE(&nd, NDF_ONLY_PNBUF);

Lines 104-109 Link Here

(-)11.4-my/sys/kern/vfs_mount.c (+7 lines)
104	"rw",	104	"rw",
105	"nosuid",	105	"nosuid",
106	"noexec",	106	"noexec",
		107	"nosockbind",
107	NULL	108	NULL
108	};	109	};
109		110
Lines 667-672 Link Here
667	free(opt->name, M_MOUNT);	668	free(opt->name, M_MOUNT);
668	opt->name = strdup("nonosymfollow", M_MOUNT);	669	opt->name = strdup("nonosymfollow", M_MOUNT);
669	}	670	}
		671	else if (strcmp(opt->name, "nosockbind") == 0)
		672	fsflags \|= MNT_NOSOCKBIND;
		673	else if (strcmp(opt->name, "sockbind") == 0) {
		674	free(opt->name, M_MOUNT);
		675	opt->name = strdup("nonosockbind", M_MOUNT);
		676	}
670	else if (strcmp(opt->name, "noro") == 0) {	677	else if (strcmp(opt->name, "noro") == 0) {
671	fsflags &= ~MNT_RDONLY;	678	fsflags &= ~MNT_RDONLY;
672	autoro = false;	679	autoro = false;

Lines 3636-3641 Link Here

(-)11.4-my/sys/kern/vfs_subr.c (+1 lines)
3636	MNT_FLAG(MNT_FORCE);	3636	MNT_FLAG(MNT_FORCE);
3637	MNT_FLAG(MNT_SNAPSHOT);	3637	MNT_FLAG(MNT_SNAPSHOT);
3638	MNT_FLAG(MNT_BYFSID);	3638	MNT_FLAG(MNT_BYFSID);
		3639	MNT_FLAG(MNT_NOSOCKBIND);
3639	#undef MNT_FLAG	3640	#undef MNT_FLAG
3640	if (mflags != 0) {	3641	if (mflags != 0) {
3641	if (buf[0] != '\0')	3642	if (buf[0] != '\0')




#define	MNT_NOCLUSTERW	0x0000000080000000ULL /* disable cluster write */
#define	MNT_SUJ		0x0000000100000000ULL /* using journaled soft updates */
#define	MNT_AUTOMOUNTED	0x0000000200000000ULL /* mounted by automountd(8) */
#define	MNT_NOSOCKBIND	0x0000020000000000ULL /* disallow UNIX domain bind() */

/*
 * NFS export related mount flags.

			MNT_NOCLUSTERW	| MNT_SUIDDIR	| MNT_SOFTDEP	| \
			MNT_IGNORE	| MNT_EXPUBLIC	| MNT_NOSYMFOLLOW | \
			MNT_GJOURNAL	| MNT_MULTILABEL | MNT_ACLS	| \
			MNT_NFS4ACLS	| MNT_AUTOMOUNTED | MNT_NOSOCKBIND)

/* Mask of flags that can be updated. */
#define	MNT_UPDATEMASK (MNT_NOSUID	| MNT_NOEXEC	| \

			MNT_NOSYMFOLLOW	| MNT_IGNORE	| \
			MNT_NOCLUSTERR	| MNT_NOCLUSTERW | MNT_SUIDDIR	| \
			MNT_ACLS	| MNT_USER	| MNT_NFS4ACLS	| \
			MNT_AUTOMOUNTED	| MNT_NOSOCKBIND)

/*
 * External filesystem command modifier flags.

Return to bug 262179

Lines 464-472 Link Here

(-)11.4-my/sys/kern/uipc_usrreq.c (-1 / +8 lines)
464	struct vattr vattr;	468	struct vattr vattr;
465	int error, namelen;	469	int error, namelen;
466	struct nameidata nd;	470	struct nameidata nd;
467	struct unpcb *unp;	471	struct unpcb *unp;
468	struct vnode *vp;	472	struct vnode *vp;
469	struct mount *mp;	473	struct mount mp, mp0;
470	cap_rights_t rights;	474	cap_rights_t rights;
471	char *buf;	475	char *buf;
472		476
Lines 538-543 Link Here
538	error = mac_vnode_check_create(td->td_ucred, nd.ni_dvp, &nd.ni_cnd,	547	error = mac_vnode_check_create(td->td_ucred, nd.ni_dvp, &nd.ni_cnd,
539	&vattr);	548	&vattr);
540	#endif	549	#endif
		550	if (error == 0) {
		551	mp0 = nd.ni_dvp->v_mount;
		552	if (mp0 == NULL)
		553	error = ENOENT;
		554	else if((mp0->mnt_flag & MNT_NOSOCKBIND) != 0)
		555	error = EPERM;
		556	}
541	if (error == 0)	557	if (error == 0)
542	error = VOP_CREATE(nd.ni_dvp, &nd.ni_vp, &nd.ni_cnd, &vattr);	558	error = VOP_CREATE(nd.ni_dvp, &nd.ni_vp, &nd.ni_cnd, &vattr);
543	NDFREE(&nd, NDF_ONLY_PNBUF);	559	NDFREE(&nd, NDF_ONLY_PNBUF);

Lines 261-266 Link Here

(-)11.4-my/sys/sys/mount.h (-2 / +3 lines)
261	#define MNT_NOCLUSTERW 0x0000000080000000ULL /* disable cluster write */	261	#define MNT_NOCLUSTERW 0x0000000080000000ULL /* disable cluster write */
262	#define MNT_SUJ 0x0000000100000000ULL /* using journaled soft updates */	262	#define MNT_SUJ 0x0000000100000000ULL /* using journaled soft updates */
263	#define MNT_AUTOMOUNTED 0x0000000200000000ULL /* mounted by automountd(8) */	263	#define MNT_AUTOMOUNTED 0x0000000200000000ULL /* mounted by automountd(8) */
		264	#define MNT_NOSOCKBIND 0x0000020000000000ULL /* disallow UNIX domain bind() */
264		265
265	/*	266	/*
266	* NFS export related mount flags.	267	* NFS export related mount flags.
Lines 297-303 Link Here
297	MNT_NOCLUSTERW \| MNT_SUIDDIR \| MNT_SOFTDEP \| \	298	MNT_NOCLUSTERW \| MNT_SUIDDIR \| MNT_SOFTDEP \| \
298	MNT_IGNORE \| MNT_EXPUBLIC \| MNT_NOSYMFOLLOW \| \	299	MNT_IGNORE \| MNT_EXPUBLIC \| MNT_NOSYMFOLLOW \| \
299	MNT_GJOURNAL \| MNT_MULTILABEL \| MNT_ACLS \| \	300	MNT_GJOURNAL \| MNT_MULTILABEL \| MNT_ACLS \| \
300	MNT_NFS4ACLS \| MNT_AUTOMOUNTED)	301	MNT_NFS4ACLS \| MNT_AUTOMOUNTED \| MNT_NOSOCKBIND)
301		302
302	/* Mask of flags that can be updated. */	303	/* Mask of flags that can be updated. */
303	#define MNT_UPDATEMASK (MNT_NOSUID \| MNT_NOEXEC \| \	304	#define MNT_UPDATEMASK (MNT_NOSUID \| MNT_NOEXEC \| \
Lines 306-312 Link Here
306	MNT_NOSYMFOLLOW \| MNT_IGNORE \| \	307	MNT_NOSYMFOLLOW \| MNT_IGNORE \| \
307	MNT_NOCLUSTERR \| MNT_NOCLUSTERW \| MNT_SUIDDIR \| \	308	MNT_NOCLUSTERR \| MNT_NOCLUSTERW \| MNT_SUIDDIR \| \
308	MNT_ACLS \| MNT_USER \| MNT_NFS4ACLS \| \	309	MNT_ACLS \| MNT_USER \| MNT_NFS4ACLS \| \
309	MNT_AUTOMOUNTED)	310	MNT_AUTOMOUNTED \| MNT_NOSOCKBIND)
310		311
311	/*	312	/*
312	* External filesystem command modifier flags.	313	* External filesystem command modifier flags.