usermount is dead. Ok? natano
Index: lib/libc/gen/sysctl.3 =================================================================== RCS file: /cvs/src/lib/libc/gen/sysctl.3,v retrieving revision 1.267 diff -u -p -r1.267 sysctl.3 --- lib/libc/gen/sysctl.3 20 Jul 2016 09:15:28 -0000 1.267 +++ lib/libc/gen/sysctl.3 4 Sep 2016 21:11:14 -0000 @@ -474,7 +474,6 @@ information. .It Dv KERN_TIMECOUNTER Ta "node" Ta "not applicable" .It Dv KERN_TTY Ta "node" Ta "not applicable" .It Dv KERN_TTYCOUNT Ta "integer" Ta "no" -.It Dv KERN_USERMOUNT Ta "integer" Ta "yes" .It Dv KERN_VERSION Ta "string" Ta "no" .It Dv KERN_WATCHDOG Ta "node" Ta "not applicable" .It Dv KERN_WXABORT Ta "integer" Ta "yes" @@ -1016,8 +1015,6 @@ Returns the number of input characters i Number of available .Xr tty 4 devices. -.It Dv KERN_USERMOUNT -Currently a no-op. .It Dv KERN_VERSION The system version string. .It Dv KERN_WATCHDOG Index: sbin/sysctl/sysctl.8 =================================================================== RCS file: /cvs/src/sbin/sysctl/sysctl.8,v retrieving revision 1.204 diff -u -p -r1.204 sysctl.8 --- sbin/sysctl/sysctl.8 27 Jul 2016 20:51:46 -0000 1.204 +++ sbin/sysctl/sysctl.8 4 Sep 2016 21:04:44 -0000 @@ -139,7 +139,6 @@ and a few require a kernel compiled with .It kern.osversion Ta string Ta no .It kern.somaxconn Ta integer Ta yes .It kern.sominconn Ta integer Ta yes -.It kern.usermount Ta integer Ta yes .It kern.nosuidcoredump Ta integer Ta yes .It kern.fsync Ta integer Ta no .It kern.sysvmsg Ta integer Ta no Index: sys/isofs/cd9660/cd9660_vfsops.c =================================================================== RCS file: /cvs/src/sys/isofs/cd9660/cd9660_vfsops.c,v retrieving revision 1.82 diff -u -p -r1.82 cd9660_vfsops.c --- sys/isofs/cd9660/cd9660_vfsops.c 2 Sep 2016 10:16:03 -0000 1.82 +++ sys/isofs/cd9660/cd9660_vfsops.c 4 Sep 2016 20:02:52 -0000 @@ -179,19 +179,6 @@ cd9660_mount(mp, path, data, ndp, p) return (ENXIO); } - /* - * If mount by non-root, then verify that user has necessary - * permissions on the device. - */ - if (suser(p, 0) != 0) { - vn_lock(devvp, LK_EXCLUSIVE | LK_RETRY, p); - error = VOP_ACCESS(devvp, VREAD, p->p_ucred, p); - if (error) { - vput(devvp); - return (error); - } - VOP_UNLOCK(devvp, p); - } if ((mp->mnt_flag & MNT_UPDATE) == 0) error = iso_mountfs(devvp, mp, p, &args); else { Index: sys/isofs/udf/udf_vfsops.c =================================================================== RCS file: /cvs/src/sys/isofs/udf/udf_vfsops.c,v retrieving revision 1.54 diff -u -p -r1.54 udf_vfsops.c --- sys/isofs/udf/udf_vfsops.c 25 Aug 2016 00:06:44 -0000 1.54 +++ sys/isofs/udf/udf_vfsops.c 4 Sep 2016 20:04:57 -0000 @@ -170,17 +170,6 @@ udf_mount(struct mount *mp, const char * return (ENXIO); } - /* Check the access rights on the mount device */ - if (p->p_ucred->cr_uid) { - vn_lock(devvp, LK_EXCLUSIVE | LK_RETRY, p); - error = VOP_ACCESS(devvp, VREAD, p->p_ucred, p); - VOP_UNLOCK(devvp, p); - if (error) { - vrele(devvp); - return (error); - } - } - if ((error = udf_mountfs(devvp, mp, args.lastblock, p))) { vrele(devvp); return (error); Index: sys/kern/kern_sysctl.c =================================================================== RCS file: /cvs/src/sys/kern/kern_sysctl.c,v retrieving revision 1.308 diff -u -p -r1.308 kern_sysctl.c --- sys/kern/kern_sysctl.c 4 Sep 2016 09:22:29 -0000 1.308 +++ sys/kern/kern_sysctl.c 4 Sep 2016 21:07:46 -0000 @@ -414,10 +414,6 @@ kern_sysctl(int *name, u_int namelen, vo return (sysctl_int(oldp, oldlenp, newp, newlen, &somaxconn)); case KERN_SOMINCONN: return (sysctl_int(oldp, oldlenp, newp, newlen, &sominconn)); - case KERN_USERMOUNT: { - int usermount = 0; - return (sysctl_rdint(oldp, oldlenp, newp, usermount)); - } case KERN_ARND: { char buf[512]; Index: sys/kern/vfs_syscalls.c =================================================================== RCS file: /cvs/src/sys/kern/vfs_syscalls.c,v retrieving revision 1.263 diff -u -p -r1.263 vfs_syscalls.c --- sys/kern/vfs_syscalls.c 14 Jul 2016 15:39:40 -0000 1.263 +++ sys/kern/vfs_syscalls.c 4 Sep 2016 20:28:57 -0000 @@ -110,7 +110,6 @@ sys_mount(struct proc *p, void *v, regis int error, mntflag = 0; char fstypename[MFSNAMELEN]; char fspath[MNAMELEN]; - struct vattr va; struct nameidata nd; struct vfsconf *vfsp; int flags = SCARG(uap, flags); @@ -150,29 +149,6 @@ sys_mount(struct proc *p, void *v, regis return (EOPNOTSUPP); /* Needs translation */ } - /* - * Only root, or the user that did the original mount is - * permitted to update it. - */ - if (mp->mnt_stat.f_owner != p->p_ucred->cr_uid && - (error = suser(p, 0))) { - vput(vp); - return (error); - } - /* - * Do not allow NFS export by non-root users. Silently - * enforce MNT_NOSUID and MNT_NODEV for non-root users, and - * inherit MNT_NOEXEC from the mount point. - */ - if (suser(p, 0) != 0) { - if (flags & MNT_EXPORTED) { - vput(vp); - return (EPERM); - } - flags |= MNT_NOSUID | MNT_NODEV; - if (mntflag & MNT_NOEXEC) - flags |= MNT_NOEXEC; - } if ((error = vfs_busy(mp, VB_READ|VB_NOWAIT)) != 0) { vput(vp); return (error); @@ -180,30 +156,6 @@ sys_mount(struct proc *p, void *v, regis mp->mnt_flag |= flags & (MNT_RELOAD | MNT_UPDATE); goto update; } - /* - * If the user is not root, ensure that they own the directory - * onto which we are attempting to mount. - */ - if ((error = VOP_GETATTR(vp, &va, p->p_ucred, p)) || - (va.va_uid != p->p_ucred->cr_uid && - (error = suser(p, 0)))) { - vput(vp); - return (error); - } - /* - * Do not allow NFS export by non-root users. Silently - * enforce MNT_NOSUID and MNT_NODEV for non-root users, and inherit - * MNT_NOEXEC from the mount point. - */ - if (suser(p, 0) != 0) { - if (flags & MNT_EXPORTED) { - vput(vp); - return (EPERM); - } - flags |= MNT_NOSUID | MNT_NODEV; - if (vp->v_mount->mnt_flag & MNT_NOEXEC) - flags |= MNT_NOEXEC; - } if ((error = vinvalbuf(vp, V_SAVE, p->p_ucred, p, 0, 0)) != 0) { vput(vp); return (error); @@ -374,22 +326,15 @@ sys_unmount(struct proc *p, void *v, reg int error; struct nameidata nd; + if ((error = suser(p, 0)) != 0) + return (error); + NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF, UIO_USERSPACE, SCARG(uap, path), p); if ((error = namei(&nd)) != 0) return (error); vp = nd.ni_vp; mp = vp->v_mount; - - /* - * Only root, or the user that did the original mount is - * permitted to unmount this filesystem. - */ - if ((mp->mnt_stat.f_owner != p->p_ucred->cr_uid) && - (error = suser(p, 0))) { - vput(vp); - return (error); - } /* * Don't allow unmounting the root file system. Index: sys/msdosfs/msdosfs_vfsops.c =================================================================== RCS file: /cvs/src/sys/msdosfs/msdosfs_vfsops.c,v retrieving revision 1.79 diff -u -p -r1.79 msdosfs_vfsops.c --- sys/msdosfs/msdosfs_vfsops.c 13 Aug 2016 20:53:17 -0000 1.79 +++ sys/msdosfs/msdosfs_vfsops.c 4 Sep 2016 20:06:48 -0000 @@ -106,7 +106,6 @@ msdosfs_mount(struct mount *mp, const ch char fname[MNAMELEN]; char fspec[MNAMELEN]; int error, flags; - mode_t accessmode; error = copyin(data, &args, sizeof(struct msdosfs_args)); if (error) @@ -138,22 +137,9 @@ msdosfs_mount(struct mount *mp, const ch if (error) return (error); if ((pmp->pm_flags & MSDOSFSMNT_RONLY) && - (mp->mnt_flag & MNT_WANTRDWR)) { - /* - * If upgrade to read-write by non-root, then verify - * that user has necessary permissions on the device. - */ - if (suser(p, 0) != 0) { - devvp = pmp->pm_devvp; - vn_lock(devvp, LK_EXCLUSIVE | LK_RETRY, p); - error = VOP_ACCESS(devvp, VREAD | VWRITE, - p->p_ucred, p); - VOP_UNLOCK(devvp, p); - if (error) - return (error); - } + (mp->mnt_flag & MNT_WANTRDWR)) pmp->pm_flags &= ~MSDOSFSMNT_RONLY; - } + if (args.fspec == NULL) { #ifdef __notyet__ /* doesn't work correctly with current mountd XXX */ if (args.flags & MSDOSFSMNT_MNTOPT) { @@ -195,21 +181,6 @@ msdosfs_mount(struct mount *mp, const ch if (major(devvp->v_rdev) >= nblkdev) { error = ENXIO; goto error_devvp; - } - - /* - * If mount by non-root, then verify that user has necessary - * permissions on the device. - */ - if (suser(p, 0) != 0) { - accessmode = VREAD; - if ((mp->mnt_flag & MNT_RDONLY) == 0) - accessmode |= VWRITE; - vn_lock(devvp, LK_EXCLUSIVE | LK_RETRY, p); - error = VOP_ACCESS(devvp, accessmode, p->p_ucred, p); - VOP_UNLOCK(devvp, p); - if (error) - goto error_devvp; } if ((mp->mnt_flag & MNT_UPDATE) == 0) Index: sys/ntfs/ntfs_vfsops.c =================================================================== RCS file: /cvs/src/sys/ntfs/ntfs_vfsops.c,v retrieving revision 1.54 diff -u -p -r1.54 ntfs_vfsops.c --- sys/ntfs/ntfs_vfsops.c 1 Sep 2016 08:40:39 -0000 1.54 +++ sys/ntfs/ntfs_vfsops.c 4 Sep 2016 20:13:08 -0000 @@ -187,18 +187,6 @@ ntfs_mount(struct mount *mp, const char goto error_2; } - /* - * If we are not root, make sure we have permission to access the - * requested device. - */ - if (p->p_ucred->cr_uid) { - vn_lock(devvp, LK_EXCLUSIVE | LK_RETRY, p); - err = VOP_ACCESS(devvp, VREAD, p->p_ucred, p); - VOP_UNLOCK(devvp, p); - if (err) - goto error_2; - } - if (mp->mnt_flag & MNT_UPDATE) { #if 0 /* Index: sys/sys/sysctl.h =================================================================== RCS file: /cvs/src/sys/sys/sysctl.h,v retrieving revision 1.164 diff -u -p -r1.164 sysctl.h --- sys/sys/sysctl.h 4 Sep 2016 09:22:29 -0000 1.164 +++ sys/sys/sysctl.h 4 Sep 2016 21:06:28 -0000 @@ -130,7 +130,7 @@ struct ctlname { #define KERN_OSVERSION 27 /* string: kernel build version */ #define KERN_SOMAXCONN 28 /* int: listen queue maximum */ #define KERN_SOMINCONN 29 /* int: half-open controllable param */ -#define KERN_USERMOUNT 30 /* int: users may mount filesystems */ +/* was KERN_USERMOUNT 30 */ /* was KERN_RND 31 */ #define KERN_NOSUIDCOREDUMP 32 /* int: no setuid coredumps ever */ #define KERN_FSYNC 33 /* int: file synchronization support */ @@ -217,7 +217,7 @@ struct ctlname { { "osversion", CTLTYPE_STRING }, \ { "somaxconn", CTLTYPE_INT }, \ { "sominconn", CTLTYPE_INT }, \ - { "usermount", CTLTYPE_INT }, \ + { "gap", 0 }, \ { "random", CTLTYPE_STRUCT }, \ { "nosuidcoredump", CTLTYPE_INT }, \ { "fsync", CTLTYPE_INT }, \ Index: sys/ufs/ext2fs/ext2fs_vfsops.c =================================================================== RCS file: /cvs/src/sys/ufs/ext2fs/ext2fs_vfsops.c,v retrieving revision 1.95 diff -u -p -r1.95 ext2fs_vfsops.c --- sys/ufs/ext2fs/ext2fs_vfsops.c 13 Aug 2016 21:28:09 -0000 1.95 +++ sys/ufs/ext2fs/ext2fs_vfsops.c 4 Sep 2016 20:14:49 -0000 @@ -170,7 +170,6 @@ ext2fs_mount(struct mount *mp, const cha char fname[MNAMELEN]; char fspec[MNAMELEN]; int error, flags; - mode_t accessmode; error = copyin(data, &args, sizeof(struct ufs_args)); if (error) @@ -204,19 +203,6 @@ ext2fs_mount(struct mount *mp, const cha return (error); } if (fs->e2fs_ronly && (mp->mnt_flag & MNT_WANTRDWR)) { - /* - * If upgrade to read-write by non-root, then verify - * that user has necessary permissions on the device. - */ - if (suser(p, 0) != 0) { - devvp = ump->um_devvp; - vn_lock(devvp, LK_EXCLUSIVE | LK_RETRY, p); - error = VOP_ACCESS(devvp, VREAD | VWRITE, - p->p_ucred, p); - VOP_UNLOCK(devvp, p); - if (error) - return (error); - } fs->e2fs_ronly = 0; if (fs->e2fs.e2fs_state == E2FS_ISCLEAN) fs->e2fs.e2fs_state = 0; @@ -255,20 +241,6 @@ ext2fs_mount(struct mount *mp, const cha if (major(devvp->v_rdev) >= nblkdev) { error = ENXIO; goto error_devvp; - } - /* - * If mount by non-root, then verify that user has necessary - * permissions on the device. - */ - if (suser(p, 0) != 0) { - accessmode = VREAD; - if ((mp->mnt_flag & MNT_RDONLY) == 0) - accessmode |= VWRITE; - vn_lock(devvp, LK_EXCLUSIVE | LK_RETRY, p); - error = VOP_ACCESS(devvp, accessmode, p->p_ucred, p); - VOP_UNLOCK(devvp, p); - if (error) - goto error_devvp; } if ((mp->mnt_flag & MNT_UPDATE) == 0) error = ext2fs_mountfs(devvp, mp, p); Index: sys/ufs/ffs/ffs_vfsops.c =================================================================== RCS file: /cvs/src/sys/ufs/ffs/ffs_vfsops.c,v retrieving revision 1.162 diff -u -p -r1.162 ffs_vfsops.c --- sys/ufs/ffs/ffs_vfsops.c 13 Aug 2016 21:28:09 -0000 1.162 +++ sys/ufs/ffs/ffs_vfsops.c 4 Sep 2016 20:14:33 -0000 @@ -213,7 +213,6 @@ ffs_mount(struct mount *mp, const char * char fspec[MNAMELEN]; int error = 0, flags; int ronly; - mode_t accessmode; error = copyin(data, &args, sizeof(struct ufs_args)); if (error) @@ -305,19 +304,6 @@ ffs_mount(struct mount *mp, const char * goto error_1; if (ronly && (mp->mnt_flag & MNT_WANTRDWR)) { - /* - * If upgrade to read-write by non-root, then verify - * that user has necessary permissions on the device. - */ - if (suser(p, 0)) { - vn_lock(devvp, LK_EXCLUSIVE | LK_RETRY, p); - error = VOP_ACCESS(devvp, VREAD | VWRITE, - p->p_ucred, p); - VOP_UNLOCK(devvp, p); - if (error) - goto error_1; - } - if (fs->fs_clean == 0) { #if 0 /* @@ -394,21 +380,6 @@ ffs_mount(struct mount *mp, const char * if (major(devvp->v_rdev) >= nblkdev) { error = ENXIO; goto error_2; - } - - /* - * If mount by non-root, then verify that user has necessary - * permissions on the device. - */ - if (suser(p, 0)) { - accessmode = VREAD; - if ((mp->mnt_flag & MNT_RDONLY) == 0) - accessmode |= VWRITE; - vn_lock(devvp, LK_EXCLUSIVE | LK_RETRY, p); - error = VOP_ACCESS(devvp, accessmode, p->p_ucred, p); - VOP_UNLOCK(devvp, p); - if (error) - goto error_2; } if (mp->mnt_flag & MNT_UPDATE) {