locks: print a warning when mount fails due to lack of "mand" support
Since 9e8925b67a
("locks: Allow disabling mandatory locking at compile
time"), attempts to mount filesystems with "-o mand" will fail.
Unfortunately, there is no other indiciation of the reason for the
failure.
Change how the function is defined for better readability. When
CONFIG_MANDATORY_FILE_LOCKING is disabled, printk a warning when
someone attempts to mount with -o mand.
Also, add a blurb to the mandatory-locking.txt file to explain about
the "mand" option, and the behavior one should expect when it is
disabled.
Reported-by: Jan Kara <jack@suse.cz>
Reviewed-by: Jan Kara <jack@suse.cz>
Signed-off-by: Jeff Layton <jlayton@kernel.org>
This commit is contained in:
Родитель
43e4cb942e
Коммит
df2474a22c
|
@ -169,3 +169,13 @@ havoc if they lock crucial files. The way around it is to change the file
|
|||
permissions (remove the setgid bit) before trying to read or write to it.
|
||||
Of course, that might be a bit tricky if the system is hung :-(
|
||||
|
||||
7. The "mand" mount option
|
||||
--------------------------
|
||||
Mandatory locking is disabled on all filesystems by default, and must be
|
||||
administratively enabled by mounting with "-o mand". That mount option
|
||||
is only allowed if the mounting task has the CAP_SYS_ADMIN capability.
|
||||
|
||||
Since kernel v4.5, it is possible to disable mandatory locking
|
||||
altogether by setting CONFIG_MANDATORY_FILE_LOCKING to "n". A kernel
|
||||
with this disabled will reject attempts to mount filesystems with the
|
||||
"mand" mount option with the error status EPERM.
|
||||
|
|
|
@ -1643,13 +1643,18 @@ static inline bool may_mount(void)
|
|||
return ns_capable(current->nsproxy->mnt_ns->user_ns, CAP_SYS_ADMIN);
|
||||
}
|
||||
|
||||
#ifdef CONFIG_MANDATORY_FILE_LOCKING
|
||||
static inline bool may_mandlock(void)
|
||||
{
|
||||
#ifndef CONFIG_MANDATORY_FILE_LOCKING
|
||||
return false;
|
||||
#endif
|
||||
return capable(CAP_SYS_ADMIN);
|
||||
}
|
||||
#else
|
||||
static inline bool may_mandlock(void)
|
||||
{
|
||||
pr_warn("VFS: \"mand\" mount option not supported");
|
||||
return false;
|
||||
}
|
||||
#endif
|
||||
|
||||
/*
|
||||
* Now umount can handle mount points as well as block devices.
|
||||
|
|
Загрузка…
Ссылка в новой задаче