Attachment #232090 for bug #262179

Lines 43-48 Link Here

(-)10.4-my/sbin/mount/mntopts.h (+2 lines)
43	#define MOPT_NOEXEC { "exec", 1, MNT_NOEXEC, 0 }	43	#define MOPT_NOEXEC { "exec", 1, MNT_NOEXEC, 0 }
44	#define MOPT_NOSUID { "suid", 1, MNT_NOSUID, 0 }	44	#define MOPT_NOSUID { "suid", 1, MNT_NOSUID, 0 }
45	#define MOPT_NOSYMFOLLOW { "symfollow", 1, MNT_NOSYMFOLLOW, 0 }	45	#define MOPT_NOSYMFOLLOW { "symfollow", 1, MNT_NOSYMFOLLOW, 0 }
		46	#define MOPT_NOSOCKBIND { "sockbind", 1, MNT_NOSOCKBIND, 0 }
46	#define MOPT_RDONLY { "rdonly", 0, MNT_RDONLY, 0 }	47	#define MOPT_RDONLY { "rdonly", 0, MNT_RDONLY, 0 }
47	#define MOPT_SYNC { "sync", 0, MNT_SYNCHRONOUS, 0 }	48	#define MOPT_SYNC { "sync", 0, MNT_SYNCHRONOUS, 0 }
48	#define MOPT_UNION { "union", 0, MNT_UNION, 0 }	49	#define MOPT_UNION { "union", 0, MNT_UNION, 0 }
Lines 84-89 Link Here
84	MOPT_SUIDDIR, /* must be before MOPT_NOSUID */ \	85	MOPT_SUIDDIR, /* must be before MOPT_NOSUID */ \
85	MOPT_NOSUID, \	86	MOPT_NOSUID, \
86	MOPT_NOSYMFOLLOW, \	87	MOPT_NOSYMFOLLOW, \
		88	MOPT_NOSOCKBIND, \
87	MOPT_RDONLY, \	89	MOPT_RDONLY, \
88	MOPT_UNION, \	90	MOPT_UNION, \
89	MOPT_NOCLUSTERR, \	91	MOPT_NOCLUSTERR, \

Lines 101-106 Link Here

(-)10.4-my/sbin/mount/mount.c (+2 lines)
101	{ MNT_NOEXEC, "noexec" },	101	{ MNT_NOEXEC, "noexec" },
102	{ MNT_NOSUID, "nosuid" },	102	{ MNT_NOSUID, "nosuid" },
103	{ MNT_NOSYMFOLLOW, "nosymfollow" },	103	{ MNT_NOSYMFOLLOW, "nosymfollow" },
		104	{ MNT_NOSOCKBIND, "nosockbind" },
104	{ MNT_QUOTA, "with quotas" },	105	{ MNT_QUOTA, "with quotas" },
105	{ MNT_RDONLY, "read-only" },	106	{ MNT_RDONLY, "read-only" },
106	{ MNT_SYNCHRONOUS, "synchronous" },	107	{ MNT_SYNCHRONOUS, "synchronous" },
Lines 961-966 Link Here
961	if (flags & MNT_MULTILABEL) res = catopt(res, "multilabel");	962	if (flags & MNT_MULTILABEL) res = catopt(res, "multilabel");
962	if (flags & MNT_ACLS) res = catopt(res, "acls");	963	if (flags & MNT_ACLS) res = catopt(res, "acls");
963	if (flags & MNT_NFS4ACLS) res = catopt(res, "nfsv4acls");	964	if (flags & MNT_NFS4ACLS) res = catopt(res, "nfsv4acls");
		965	if (flags & MNT_NOSOCKBIND) res = catopt(res, "nosockbind");
964		966
965	return (res);	967	return (res);
966	}	968	}

Lines 316-322 Link Here

(-)10.4-my/sys/fs/nullfs/null_vfsops.c (-1 / +2 lines)
316	/* now copy across the "interesting" information and fake the rest */	316	/* now copy across the "interesting" information and fake the rest */
317	sbp->f_type = mstat.f_type;	317	sbp->f_type = mstat.f_type;
318	sbp->f_flags = (sbp->f_flags & (MNT_RDONLY \| MNT_NOEXEC \| MNT_NOSUID \|	318	sbp->f_flags = (sbp->f_flags & (MNT_RDONLY \| MNT_NOEXEC \| MNT_NOSUID \|
319	MNT_UNION \| MNT_NOSYMFOLLOW)) \| (mstat.f_flags & ~MNT_ROOTFS);	319	MNT_UNION \| MNT_NOSYMFOLLOW \| MNT_NOSOCKBIND)) \|
		320	(mstat.f_flags & ~(MNT_ROOTFS \| MNT_NOSOCKBIND));
320	sbp->f_bsize = mstat.f_bsize;	321	sbp->f_bsize = mstat.f_bsize;
321	sbp->f_iosize = mstat.f_iosize;	322	sbp->f_iosize = mstat.f_iosize;
322	sbp->f_blocks = mstat.f_blocks;	323	sbp->f_blocks = mstat.f_blocks;




	struct vattr vattr;
	int error, namelen;
	struct nameidata nd;
	struct unpcb *unp;
	struct vnode *vp;
	struct mount *mp, *mp0;
	cap_rights_t rights;
	char *buf;


	error = mac_vnode_check_create(td->td_ucred, nd.ni_dvp, &nd.ni_cnd,
	    &vattr);
#endif
	if (error == 0) {
		mp0 = nd.ni_dvp->v_mount;
		if (mp0 == NULL)
			error = ENOENT;
		else if((mp0->mnt_flag & MNT_NOSOCKBIND) != 0)
			error = EPERM;
	}
	if (error == 0)
		error = VOP_CREATE(nd.ni_dvp, &nd.ni_vp, &nd.ni_cnd, &vattr);
	NDFREE(&nd, NDF_ONLY_PNBUF);

Lines 99-104 Link Here

(-)10.4-my/sys/kern/vfs_mount.c (+7 lines)
99	"rw",	99	"rw",
100	"nosuid",	100	"nosuid",
101	"noexec",	101	"noexec",
		102	"nosockbind",
102	NULL	103	NULL
103	};	104	};
104		105
Lines 632-637 Link Here
632	free(opt->name, M_MOUNT);	633	free(opt->name, M_MOUNT);
633	opt->name = strdup("nonosymfollow", M_MOUNT);	634	opt->name = strdup("nonosymfollow", M_MOUNT);
634	}	635	}
		636	else if (strcmp(opt->name, "nosockbind") == 0)
		637	fsflags \|= MNT_NOSOCKBIND;
		638	else if (strcmp(opt->name, "sockbind") == 0) {
		639	free(opt->name, M_MOUNT);
		640	opt->name = strdup("nonosockbind", M_MOUNT);
		641	}
635	else if (strcmp(opt->name, "noro") == 0)	642	else if (strcmp(opt->name, "noro") == 0)
636	fsflags &= ~MNT_RDONLY;	643	fsflags &= ~MNT_RDONLY;
637	else if (strcmp(opt->name, "rw") == 0)	644	else if (strcmp(opt->name, "rw") == 0)

Lines 3204-3209 Link Here

(-)10.4-my/sys/kern/vfs_subr.c (+1 lines)
3204	MNT_FLAG(MNT_FORCE);	3204	MNT_FLAG(MNT_FORCE);
3205	MNT_FLAG(MNT_SNAPSHOT);	3205	MNT_FLAG(MNT_SNAPSHOT);
3206	MNT_FLAG(MNT_BYFSID);	3206	MNT_FLAG(MNT_BYFSID);
		3207	MNT_FLAG(MNT_NOSOCKBIND);
3207	#undef MNT_FLAG	3208	#undef MNT_FLAG
3208	if (mflags != 0) {	3209	if (mflags != 0) {
3209	if (buf[0] != '\0')	3210	if (buf[0] != '\0')




#define	MNT_NOCLUSTERW	0x0000000080000000ULL /* disable cluster write */
#define	MNT_SUJ		0x0000000100000000ULL /* using journaled soft updates */
#define	MNT_AUTOMOUNTED	0x0000000200000000ULL /* mounted by automountd(8) */
#define	MNT_NOSOCKBIND	0x0000020000000000ULL /* disallow UNIX domain bind() */

/*
 * NFS export related mount flags.

			MNT_NOCLUSTERW	| MNT_SUIDDIR	| MNT_SOFTDEP	| \
			MNT_IGNORE	| MNT_EXPUBLIC	| MNT_NOSYMFOLLOW | \
			MNT_GJOURNAL	| MNT_MULTILABEL | MNT_ACLS	| \
			MNT_NFS4ACLS	| MNT_AUTOMOUNTED | MNT_NOSOCKBIND)

/* Mask of flags that can be updated. */
#define	MNT_UPDATEMASK (MNT_NOSUID	| MNT_NOEXEC	| \

			MNT_NOSYMFOLLOW	| MNT_IGNORE	| \
			MNT_NOCLUSTERR	| MNT_NOCLUSTERW | MNT_SUIDDIR	| \
			MNT_ACLS	| MNT_USER	| MNT_NFS4ACLS	| \
			MNT_AUTOMOUNTED	| MNT_NOSOCKBIND)

/*
 * External filesystem command modifier flags.

Return to bug 262179

Lines 463-471 Link Here

(-)10.4-my/sys/kern/uipc_usrreq.c (-1 / +8 lines)
463	struct vattr vattr;	467	struct vattr vattr;
464	int error, namelen;	468	int error, namelen;
465	struct nameidata nd;	469	struct nameidata nd;
466	struct unpcb *unp;	470	struct unpcb *unp;
467	struct vnode *vp;	471	struct vnode *vp;
468	struct mount *mp;	472	struct mount mp, mp0;
469	cap_rights_t rights;	473	cap_rights_t rights;
470	char *buf;	474	char *buf;
471		475
Lines 537-542 Link Here
537	error = mac_vnode_check_create(td->td_ucred, nd.ni_dvp, &nd.ni_cnd,	546	error = mac_vnode_check_create(td->td_ucred, nd.ni_dvp, &nd.ni_cnd,
538	&vattr);	547	&vattr);
539	#endif	548	#endif
		549	if (error == 0) {
		550	mp0 = nd.ni_dvp->v_mount;
		551	if (mp0 == NULL)
		552	error = ENOENT;
		553	else if((mp0->mnt_flag & MNT_NOSOCKBIND) != 0)
		554	error = EPERM;
		555	}
540	if (error == 0)	556	if (error == 0)
541	error = VOP_CREATE(nd.ni_dvp, &nd.ni_vp, &nd.ni_cnd, &vattr);	557	error = VOP_CREATE(nd.ni_dvp, &nd.ni_vp, &nd.ni_cnd, &vattr);
542	NDFREE(&nd, NDF_ONLY_PNBUF);	558	NDFREE(&nd, NDF_ONLY_PNBUF);

Lines 261-266 Link Here

(-)10.4-my/sys/sys/mount.h (-2 / +3 lines)
261	#define MNT_NOCLUSTERW 0x0000000080000000ULL /* disable cluster write */	261	#define MNT_NOCLUSTERW 0x0000000080000000ULL /* disable cluster write */
262	#define MNT_SUJ 0x0000000100000000ULL /* using journaled soft updates */	262	#define MNT_SUJ 0x0000000100000000ULL /* using journaled soft updates */
263	#define MNT_AUTOMOUNTED 0x0000000200000000ULL /* mounted by automountd(8) */	263	#define MNT_AUTOMOUNTED 0x0000000200000000ULL /* mounted by automountd(8) */
		264	#define MNT_NOSOCKBIND 0x0000020000000000ULL /* disallow UNIX domain bind() */
264		265
265	/*	266	/*
266	* NFS export related mount flags.	267	* NFS export related mount flags.
Lines 297-303 Link Here
297	MNT_NOCLUSTERW \| MNT_SUIDDIR \| MNT_SOFTDEP \| \	298	MNT_NOCLUSTERW \| MNT_SUIDDIR \| MNT_SOFTDEP \| \
298	MNT_IGNORE \| MNT_EXPUBLIC \| MNT_NOSYMFOLLOW \| \	299	MNT_IGNORE \| MNT_EXPUBLIC \| MNT_NOSYMFOLLOW \| \
299	MNT_GJOURNAL \| MNT_MULTILABEL \| MNT_ACLS \| \	300	MNT_GJOURNAL \| MNT_MULTILABEL \| MNT_ACLS \| \
300	MNT_NFS4ACLS \| MNT_AUTOMOUNTED)	301	MNT_NFS4ACLS \| MNT_AUTOMOUNTED \| MNT_NOSOCKBIND)
301		302
302	/* Mask of flags that can be updated. */	303	/* Mask of flags that can be updated. */
303	#define MNT_UPDATEMASK (MNT_NOSUID \| MNT_NOEXEC \| \	304	#define MNT_UPDATEMASK (MNT_NOSUID \| MNT_NOEXEC \| \
Lines 306-312 Link Here
306	MNT_NOSYMFOLLOW \| MNT_IGNORE \| \	307	MNT_NOSYMFOLLOW \| MNT_IGNORE \| \
307	MNT_NOCLUSTERR \| MNT_NOCLUSTERW \| MNT_SUIDDIR \| \	308	MNT_NOCLUSTERR \| MNT_NOCLUSTERW \| MNT_SUIDDIR \| \
308	MNT_ACLS \| MNT_USER \| MNT_NFS4ACLS \| \	309	MNT_ACLS \| MNT_USER \| MNT_NFS4ACLS \| \
309	MNT_AUTOMOUNTED)	310	MNT_AUTOMOUNTED \| MNT_NOSOCKBIND)
310		311
311	/*	312	/*
312	* External filesystem command modifier flags.	313	* External filesystem command modifier flags.