main/fuse: fix user mounting under grsec kernel

If the user is was not in readproc group, realpath() would fail causing fusermount to fail. The privilege drop for realpath() is unnecessary as the real access checks are done in other places.
author: Timo Teräs <timo.teras@iki.fi> 2015-02-09 09:40:31 +0200
committer: Timo Teräs <timo.teras@iki.fi> 2015-02-09 09:40:31 +0200
commit: b5d81e456487d4dbfbdf0d07ae6ca5cf3f59d186 (patch)
tree: 5a89b82ea77034ddfec1741ed3d4b3a2d39c3d2a /main/fuse/fix-realpath.patch
parent: 93bf317ffed831452c69550b0179e2ded06aac7b (diff)
download: aports-b5d81e456487d4dbfbdf0d07ae6ca5cf3f59d186.tar.bz2
aports-b5d81e456487d4dbfbdf0d07ae6ca5cf3f59d186.tar.xz
1 files changed, 28 insertions, 0 deletions
diff --git a/main/fuse/fix-realpath.patch b/main/fuse/fix-realpath.patch
new file mode 100644
index 0000000000..1199eb338d
--- /dev/null
+++ b/main/fuse/fix-realpath.patch
@@ -0,0 +1,28 @@
+--- fuse-2.9.3.orig/util/fusermount.c	2015-02-07 08:58:54.000000000 -0200
++++ fuse-2.9.3/util/fusermount.c	2015-02-09 09:15:16.737367957 -0200
+@@ -1255,19 +1255,16 @@
+ 
+ 	origmnt = argv[optind];
+ 
+-	drop_privs();
+ 	mnt = fuse_mnt_resolve_path(progname, origmnt);
+-	if (mnt != NULL) {
+-		res = chdir("/");
+-		if (res == -1) {
+-			fprintf(stderr, "%s: failed to chdir to '/'\n", progname);
+-			exit(1);
+-		}
+-	}
+-	restore_privs();
+ 	if (mnt == NULL)
+ 		exit(1);
+ 
++	res = chdir("/");
++	if (res == -1) {
++		fprintf(stderr, "%s: failed to chdir to '/'\n", progname);
++		exit(1);
++	}
++
+ 	umask(033);
+ 	if (unmount)
+ 		goto do_unmount;
author	Timo Teräs <timo.teras@iki.fi>	2015-02-09 09:40:31 +0200
committer	Timo Teräs <timo.teras@iki.fi>	2015-02-09 09:40:31 +0200
commit	b5d81e456487d4dbfbdf0d07ae6ca5cf3f59d186 (patch)
tree	5a89b82ea77034ddfec1741ed3d4b3a2d39c3d2a /main/fuse/fix-realpath.patch
parent	93bf317ffed831452c69550b0179e2ded06aac7b (diff)
download	aports-b5d81e456487d4dbfbdf0d07ae6ca5cf3f59d186.tar.bz2 aports-b5d81e456487d4dbfbdf0d07ae6ca5cf3f59d186.tar.xz