mount.cifs: reacquire CAP_DAC_READ_SEARCH before calling mount(2)

It's possible that the user is trying to mount onto a directory to which
he doesn't have execute perms. If that's the case then the mount will
currently fail. Fix this by reenabling CAP_DAC_READ_SEARCH before
calling mount(2). That will ensure that the kernel's permissions check
for this is bypassed.

Reported-by: Erik Logtenberg <erik@logtenberg.eu>
Signed-off-by: Jeff Layton <jlayton@samba.org>
Reviewed-by: Steve French <sfrench@us.ibm.com>

diff --git a/mount.cifs.c b/mount.cifs.c
index 3a2b539fd99721057a1cdf7c8c15756e04280b8e..8e1e32b91976a68f9c5f4c1ae003b79b1dc33a6c 100644 (file)
--- a/mount.cifs.c
+++ b/mount.cifs.c
@@ -1898,8 +1898,13 @@ mount_retry:
        else
                fstype = cifs_fstype;
 
-       if (!parsed_info->fakemnt
-           && mount(dev_name, ".", fstype, parsed_info->flags, options)) {
+       if (!parsed_info->fakemnt) {
+               toggle_dac_capability(0, 1);
+               rc = mount(dev_name, ".", fstype, parsed_info->flags, options);
+               toggle_dac_capability(0, 0);
+               if (rc == 0)
+                       goto do_mtab;
+
                switch (errno) {
                case ECONNREFUSED:
                case EHOSTUNREACH:
@@ -1934,6 +1939,7 @@ mount_retry:
                goto mount_exit;
        }
 
+do_mtab:
        if (!parsed_info->nomtab && !mtab_unusable())
                rc = add_mtab(orig_dev, mountpoint, parsed_info->flags, fstype);