Add a new "untrusted" option to the mount command. Its purpose
is to notify the kernel that the file system is untrusted and it should use more extensive checks on the file-system's metadata before using it. This option is intended to be used when mounting file systems from untrusted media such as USB memory sticks or other externally-provided media. It will initially be used by the UFS/FFS file system, but should likely be expanded to be used by other file systems that may appear on external media like msdosfs, exfat, and ext2fs. Reviewed by: kib Sponsored by: Netflix Differential Revision: https://reviews.freebsd.org/D20786
This commit is contained in:
parent
6c4395e3b5
commit
daba4da81d
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/head/; revision=349589
@ -58,6 +58,7 @@ struct mntopt {
|
|||||||
#define MOPT_ACLS { "acls", 0, MNT_ACLS, 0 }
|
#define MOPT_ACLS { "acls", 0, MNT_ACLS, 0 }
|
||||||
#define MOPT_NFS4ACLS { "nfsv4acls", 0, MNT_NFS4ACLS, 0 }
|
#define MOPT_NFS4ACLS { "nfsv4acls", 0, MNT_NFS4ACLS, 0 }
|
||||||
#define MOPT_AUTOMOUNTED { "automounted",0, MNT_AUTOMOUNTED, 0 }
|
#define MOPT_AUTOMOUNTED { "automounted",0, MNT_AUTOMOUNTED, 0 }
|
||||||
|
#define MOPT_UNTRUSTED { "untrusted", 0, MNT_UNTRUSTED, 0 }
|
||||||
|
|
||||||
/* Control flags. */
|
/* Control flags. */
|
||||||
#define MOPT_FORCE { "force", 0, MNT_FORCE, 0 }
|
#define MOPT_FORCE { "force", 0, MNT_FORCE, 0 }
|
||||||
@ -93,7 +94,8 @@ struct mntopt {
|
|||||||
MOPT_MULTILABEL, \
|
MOPT_MULTILABEL, \
|
||||||
MOPT_ACLS, \
|
MOPT_ACLS, \
|
||||||
MOPT_NFS4ACLS, \
|
MOPT_NFS4ACLS, \
|
||||||
MOPT_AUTOMOUNTED
|
MOPT_AUTOMOUNTED, \
|
||||||
|
MOPT_UNTRUSTED
|
||||||
|
|
||||||
void getmntopts(const char *, const struct mntopt *, int *, int *);
|
void getmntopts(const char *, const struct mntopt *, int *, int *);
|
||||||
void rmslashes(char *, char *);
|
void rmslashes(char *, char *);
|
||||||
|
@ -355,6 +355,12 @@ Lookups will be done in the mounted file system first.
|
|||||||
If those operations fail due to a non-existent file the underlying
|
If those operations fail due to a non-existent file the underlying
|
||||||
directory is then accessed.
|
directory is then accessed.
|
||||||
All creates are done in the mounted file system.
|
All creates are done in the mounted file system.
|
||||||
|
.It Cm untrusted
|
||||||
|
The file system is untrusted and the kernel should use more
|
||||||
|
extensive checks on the file-system's metadata before using it.
|
||||||
|
This option is intended to be used when mounting file systems
|
||||||
|
from untrusted media such as USB memory sticks or other
|
||||||
|
externally-provided media.
|
||||||
.El
|
.El
|
||||||
.Pp
|
.Pp
|
||||||
Any additional options specific to a file system type that is not
|
Any additional options specific to a file system type that is not
|
||||||
|
@ -118,6 +118,7 @@ static struct opt {
|
|||||||
{ MNT_GJOURNAL, "gjournal" },
|
{ MNT_GJOURNAL, "gjournal" },
|
||||||
{ MNT_AUTOMOUNTED, "automounted" },
|
{ MNT_AUTOMOUNTED, "automounted" },
|
||||||
{ MNT_VERIFIED, "verified" },
|
{ MNT_VERIFIED, "verified" },
|
||||||
|
{ MNT_UNTRUSTED, "untrusted" },
|
||||||
{ 0, NULL }
|
{ 0, NULL }
|
||||||
};
|
};
|
||||||
|
|
||||||
@ -972,6 +973,7 @@ flags2opts(int flags)
|
|||||||
if (flags & MNT_MULTILABEL) res = catopt(res, "multilabel");
|
if (flags & MNT_MULTILABEL) res = catopt(res, "multilabel");
|
||||||
if (flags & MNT_ACLS) res = catopt(res, "acls");
|
if (flags & MNT_ACLS) res = catopt(res, "acls");
|
||||||
if (flags & MNT_NFS4ACLS) res = catopt(res, "nfsv4acls");
|
if (flags & MNT_NFS4ACLS) res = catopt(res, "nfsv4acls");
|
||||||
|
if (flags & MNT_UNTRUSTED) res = catopt(res, "untrusted");
|
||||||
|
|
||||||
return (res);
|
return (res);
|
||||||
}
|
}
|
||||||
|
@ -296,6 +296,7 @@ void __mnt_vnode_markerfree_active(struct vnode **mvp, struct mount *);
|
|||||||
#define MNT_NOCLUSTERW 0x0000000080000000ULL /* disable cluster write */
|
#define MNT_NOCLUSTERW 0x0000000080000000ULL /* disable cluster write */
|
||||||
#define MNT_SUJ 0x0000000100000000ULL /* using journaled soft updates */
|
#define MNT_SUJ 0x0000000100000000ULL /* using journaled soft updates */
|
||||||
#define MNT_AUTOMOUNTED 0x0000000200000000ULL /* mounted by automountd(8) */
|
#define MNT_AUTOMOUNTED 0x0000000200000000ULL /* mounted by automountd(8) */
|
||||||
|
#define MNT_UNTRUSTED 0x0000000800000000ULL /* filesys metadata untrusted */
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* NFS export related mount flags.
|
* NFS export related mount flags.
|
||||||
@ -333,7 +334,8 @@ void __mnt_vnode_markerfree_active(struct vnode **mvp, struct mount *);
|
|||||||
MNT_NOCLUSTERW | MNT_SUIDDIR | MNT_SOFTDEP | \
|
MNT_NOCLUSTERW | MNT_SUIDDIR | MNT_SOFTDEP | \
|
||||||
MNT_IGNORE | MNT_EXPUBLIC | MNT_NOSYMFOLLOW | \
|
MNT_IGNORE | MNT_EXPUBLIC | MNT_NOSYMFOLLOW | \
|
||||||
MNT_GJOURNAL | MNT_MULTILABEL | MNT_ACLS | \
|
MNT_GJOURNAL | MNT_MULTILABEL | MNT_ACLS | \
|
||||||
MNT_NFS4ACLS | MNT_AUTOMOUNTED | MNT_VERIFIED)
|
MNT_NFS4ACLS | MNT_AUTOMOUNTED | MNT_VERIFIED | \
|
||||||
|
MNT_UNTRUSTED)
|
||||||
|
|
||||||
/* Mask of flags that can be updated. */
|
/* Mask of flags that can be updated. */
|
||||||
#define MNT_UPDATEMASK (MNT_NOSUID | MNT_NOEXEC | \
|
#define MNT_UPDATEMASK (MNT_NOSUID | MNT_NOEXEC | \
|
||||||
@ -342,7 +344,7 @@ void __mnt_vnode_markerfree_active(struct vnode **mvp, struct mount *);
|
|||||||
MNT_NOSYMFOLLOW | MNT_IGNORE | \
|
MNT_NOSYMFOLLOW | MNT_IGNORE | \
|
||||||
MNT_NOCLUSTERR | MNT_NOCLUSTERW | MNT_SUIDDIR | \
|
MNT_NOCLUSTERR | MNT_NOCLUSTERW | MNT_SUIDDIR | \
|
||||||
MNT_ACLS | MNT_USER | MNT_NFS4ACLS | \
|
MNT_ACLS | MNT_USER | MNT_NFS4ACLS | \
|
||||||
MNT_AUTOMOUNTED)
|
MNT_AUTOMOUNTED | MNT_UNTRUSTED)
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* External filesystem command modifier flags.
|
* External filesystem command modifier flags.
|
||||||
|
@ -145,7 +145,7 @@ static struct buf_ops ffs_ops = {
|
|||||||
static const char *ffs_opts[] = { "acls", "async", "noatime", "noclusterr",
|
static const char *ffs_opts[] = { "acls", "async", "noatime", "noclusterr",
|
||||||
"noclusterw", "noexec", "export", "force", "from", "groupquota",
|
"noclusterw", "noexec", "export", "force", "from", "groupquota",
|
||||||
"multilabel", "nfsv4acls", "fsckpid", "snapshot", "nosuid", "suiddir",
|
"multilabel", "nfsv4acls", "fsckpid", "snapshot", "nosuid", "suiddir",
|
||||||
"nosymfollow", "sync", "union", "userquota", NULL };
|
"nosymfollow", "sync", "union", "userquota", "untrusted", NULL };
|
||||||
|
|
||||||
static int
|
static int
|
||||||
ffs_mount(struct mount *mp)
|
ffs_mount(struct mount *mp)
|
||||||
@ -184,6 +184,9 @@ ffs_mount(struct mount *mp)
|
|||||||
return (error);
|
return (error);
|
||||||
|
|
||||||
mntorflags = 0;
|
mntorflags = 0;
|
||||||
|
if (vfs_getopt(mp->mnt_optnew, "untrusted", NULL, NULL) == 0)
|
||||||
|
mntorflags |= MNT_UNTRUSTED;
|
||||||
|
|
||||||
if (vfs_getopt(mp->mnt_optnew, "acls", NULL, NULL) == 0)
|
if (vfs_getopt(mp->mnt_optnew, "acls", NULL, NULL) == 0)
|
||||||
mntorflags |= MNT_ACLS;
|
mntorflags |= MNT_ACLS;
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user