Attachment #105995 for bug #146543

View | Details | Raw Unified | Return to bug 146543
Collapse All | Expand All

Lines 54-59 Link Here

(-)sbin/mount/mntopts.h (+2 lines)
54	#define MOPT_SNAPSHOT { "snapshot", 0, MNT_SNAPSHOT, 0 }	54	#define MOPT_SNAPSHOT { "snapshot", 0, MNT_SNAPSHOT, 0 }
55	#define MOPT_MULTILABEL { "multilabel", 0, MNT_MULTILABEL, 0 }	55	#define MOPT_MULTILABEL { "multilabel", 0, MNT_MULTILABEL, 0 }
56	#define MOPT_ACLS { "acls", 0, MNT_ACLS, 0 }	56	#define MOPT_ACLS { "acls", 0, MNT_ACLS, 0 }
		57	#define MOPT_LOCKED { "locked", 0, MNT_LOCKED, 0 }
57		58
58	/* Control flags. */	59	/* Control flags. */
59	#define MOPT_FORCE { "force", 0, MNT_FORCE, 0 }	60	#define MOPT_FORCE { "force", 0, MNT_FORCE, 0 }
Lines 87-92 Link Here
87	MOPT_NOCLUSTERR, \	88	MOPT_NOCLUSTERR, \
88	MOPT_NOCLUSTERW, \	89	MOPT_NOCLUSTERW, \
89	MOPT_MULTILABEL, \	90	MOPT_MULTILABEL, \
		91	MOPT_LOCKED, \
90	MOPT_ACLS	92	MOPT_ACLS
91		93
92	void getmntopts(const char , const struct mntopt , int , int );	94	void getmntopts(const char , const struct mntopt , int , int );

Lines 111-116 Link Here

(-)sbin/mount/mount.c (+2 lines)
111	{ MNT_SOFTDEP, "soft-updates" },	111	{ MNT_SOFTDEP, "soft-updates" },
112	{ MNT_MULTILABEL, "multilabel" },	112	{ MNT_MULTILABEL, "multilabel" },
113	{ MNT_ACLS, "acls" },	113	{ MNT_ACLS, "acls" },
		114	{ MNT_LOCKED, "locked" },
114	{ MNT_GJOURNAL, "gjournal" },	115	{ MNT_GJOURNAL, "gjournal" },
115	{ 0, NULL }	116	{ 0, NULL }
116	};	117	};
Lines 918-923 Link Here
918	if (flags & MNT_SUIDDIR) res = catopt(res, "suiddir");	921	if (flags & MNT_SUIDDIR) res = catopt(res, "suiddir");
919	if (flags & MNT_MULTILABEL) res = catopt(res, "multilabel");	922	if (flags & MNT_MULTILABEL) res = catopt(res, "multilabel");
920	if (flags & MNT_ACLS) res = catopt(res, "acls");	923	if (flags & MNT_ACLS) res = catopt(res, "acls");
		924	if (flags & MNT_LOCKED) res = catopt(res, "locked");
921		925
922	return (res);	926	return (res);
923	}	927	}

Lines 126-131 Link Here

(-)sys/kern/vfs_mount.c (+23 lines)
126	"rw",	126	"rw",
127	"nosuid",	127	"nosuid",
128	"noexec",	128	"noexec",
		129	"locked",
129	NULL	130	NULL
130	};	131	};
131		132
Lines 878-883 Link Here
878	mp = vp->v_mount;	894	mp = vp->v_mount;
879	MNT_ILOCK(mp);	895	MNT_ILOCK(mp);
880	flag = mp->mnt_flag;	896	flag = mp->mnt_flag;
		897
		898	/* Do not allow any update in securelevel>1 if locked flag is set */
		899	if ((mp->mnt_flag & MNT_LOCKED) &&
		900	(error = securelevel_gt(td->td_ucred,1)) )
		901	{
		902	MNT_IUNLOCK(mp);
		903	vput(vp);
		904	return (error);
		905	}
881	/*	906	/*
882	* We only allow the filesystem to be reloaded if it	907	* We only allow the filesystem to be reloaded if it
883	* is currently mounted read-only.	908	* is currently mounted read-only.
Lines 1220-1225 Link Here
1220	return (error);	1245	return (error);
1221	}	1246	}
1222		1247
		1248	/*
		1249	* Do not allow unmounting locked filesystem
		1250	* if securelevel>1
		1251	*/
		1252	if ( (mp->mnt_flag & MNT_LOCKED) &&
		1253	(error = securelevel_gt(td->td_ucred,1)) )
		1254	{
		1255	if (coveredvp)
		1256	VOP_UNLOCK(coveredvp, 0);
		1257
		1258	return (error);
		1259	}
		1260
1223	MNT_ILOCK(mp);	1261	MNT_ILOCK(mp);
1224	if (mp->mnt_kern_flag & MNTK_UNMOUNT) {	1262	if (mp->mnt_kern_flag & MNTK_UNMOUNT) {
1225	MNT_IUNLOCK(mp);	1263	MNT_IUNLOCK(mp);




#define	MNT_SUIDDIR	0x00100000	/* special handling of SUID on dirs */
#define	MNT_SOFTDEP	0x00200000	/* soft updates being done */
#define	MNT_NOSYMFOLLOW	0x00400000	/* do not follow symlinks */
#define	MNT_LOCKED	0x01000000 /* locked, cannot be changed in securelevel>1 */
#define	MNT_GJOURNAL	0x02000000	/* GEOM journal support enabled */
#define	MNT_MULTILABEL	0x04000000	/* MAC support for individual objects */
#define	MNT_ACLS	0x08000000	/* ACL support enabled */

			MNT_ROOTFS	| MNT_NOATIME	| MNT_NOCLUSTERR| \
			MNT_NOCLUSTERW	| MNT_SUIDDIR	| MNT_SOFTDEP	| \
			MNT_IGNORE	| MNT_EXPUBLIC	| MNT_NOSYMFOLLOW | \
			MNT_LOCKED | MNT_GJOURNAL	| MNT_MULTILABEL | \
      MNT_ACLS)

/* Mask of flags that can be updated. */
#define	MNT_UPDATEMASK (MNT_NOSUID	| MNT_NOEXEC	| \

			MNT_NOATIME | \
			MNT_NOSYMFOLLOW	| MNT_IGNORE	| \
			MNT_NOCLUSTERR	| MNT_NOCLUSTERW | MNT_SUIDDIR	| \
			MNT_ACLS	| MNT_USER | MNT_LOCKED)

/*
 * External filesystem command modifier flags.

Return to bug 146543

Lines 233-238 Link Here

(-)sys/sys/mount.h (-2 / +4 lines)
233	#define MNT_SUIDDIR 0x00100000 /* special handling of SUID on dirs */	233	#define MNT_SUIDDIR 0x00100000 /* special handling of SUID on dirs */
234	#define MNT_SOFTDEP 0x00200000 /* soft updates being done */	234	#define MNT_SOFTDEP 0x00200000 /* soft updates being done */
235	#define MNT_NOSYMFOLLOW 0x00400000 /* do not follow symlinks */	235	#define MNT_NOSYMFOLLOW 0x00400000 /* do not follow symlinks */
		236	#define MNT_LOCKED 0x01000000 /* locked, cannot be changed in securelevel>1 */
236	#define MNT_GJOURNAL 0x02000000 /* GEOM journal support enabled */	237	#define MNT_GJOURNAL 0x02000000 /* GEOM journal support enabled */
237	#define MNT_MULTILABEL 0x04000000 /* MAC support for individual objects */	238	#define MNT_MULTILABEL 0x04000000 /* MAC support for individual objects */
238	#define MNT_ACLS 0x08000000 /* ACL support enabled */	239	#define MNT_ACLS 0x08000000 /* ACL support enabled */
Lines 274-280 Link Here
274	MNT_ROOTFS \| MNT_NOATIME \| MNT_NOCLUSTERR\| \	275	MNT_ROOTFS \| MNT_NOATIME \| MNT_NOCLUSTERR\| \
275	MNT_NOCLUSTERW \| MNT_SUIDDIR \| MNT_SOFTDEP \| \	276	MNT_NOCLUSTERW \| MNT_SUIDDIR \| MNT_SOFTDEP \| \
276	MNT_IGNORE \| MNT_EXPUBLIC \| MNT_NOSYMFOLLOW \| \	277	MNT_IGNORE \| MNT_EXPUBLIC \| MNT_NOSYMFOLLOW \| \
277	MNT_GJOURNAL \| MNT_MULTILABEL \| MNT_ACLS)	278	MNT_LOCKED \| MNT_GJOURNAL \| MNT_MULTILABEL \| \
		279	MNT_ACLS)
278		280
279	/* Mask of flags that can be updated. */	281	/* Mask of flags that can be updated. */
280	#define MNT_UPDATEMASK (MNT_NOSUID \| MNT_NOEXEC \| \	282	#define MNT_UPDATEMASK (MNT_NOSUID \| MNT_NOEXEC \| \
Lines 282-288 Link Here
282	MNT_NOATIME \| \	284	MNT_NOATIME \| \
283	MNT_NOSYMFOLLOW \| MNT_IGNORE \| \	285	MNT_NOSYMFOLLOW \| MNT_IGNORE \| \
284	MNT_NOCLUSTERR \| MNT_NOCLUSTERW \| MNT_SUIDDIR \| \	286	MNT_NOCLUSTERR \| MNT_NOCLUSTERW \| MNT_SUIDDIR \| \
285	MNT_ACLS \| MNT_USER)	287	MNT_ACLS \| MNT_USER \| MNT_LOCKED)
286		288
287	/*	289	/*
288	* External filesystem command modifier flags.	290	* External filesystem command modifier flags.