Debian Bug report logs - #758090
ltspfs: lbmount use of "mount --move" incompatible with systemd

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Vagrant Cascadian <vagrant@debian.org>

To: submit@bugs.debian.org

Subject: ltspfs: lbmount use of "mount --move" incompatible with systemd

Date: Thu, 14 Aug 2014 01:21:34 -0700

[Message part 1 (text/plain, inline)]

Package: ltspfs
Version: 1.3-1
Justification: unusable with default init system
Severity: serious
X-Debbugs-Cc: alkisg@gmail.com

ltspfs doesn't appear to work with systemd, as it relies on mounting the
fuse based ltspfs filesystem in one location, and then using "mount
--move" to relocate it to another section. But using "mount --move" with
a system running systemd results in this:

  sudo mount --move test test2
  mount: wrong fs type, bad option, bad superblock on /media/test,
         missing codepage or helper program, or other error
         In some cases useful info is found in syslog - try
         dmesg | tail  or so

Apparently this has something to do with "MS_REC|MS_SHARED" and can be
disabled on a per-filesystem basis with "mount --make-private /", for
example. This may change behavior for other systems (such as containers)
which assume it is not marked private...

A quick workaround is to use "mount --bind" instead of "mount --move",
but this has the undesired side-effect of leaving two mounts in place,
one in /tmp/.USERNAME-ltspfs/MOUNT and one in /media/USERNAME/MOUNT.
Though some brief experiments show that unmounting the /tmp mount left
the /media mount in place when i tried it... that might make it a viable
workaround.

Honestly, I'd rather figure out a way to safely mount the ltspfs mount
directly without "mount --move". We could have a setuid wrapper that instead
creates the mountpoint directly as /media/USERNAME/MOUNT and ensures it
actually mounts, and some way of ensuring that it unmounts and removes
the /media/USERNAME/MOUNT directory when done... possibly with a
mount.helper and/or umount.helper.


live well,
  vagrant

[Message part 2 (application/pgp-signature, inline)]

Message #10 received at 758090@bugs.debian.org (full text, mbox, reply):

From: Vagrant Cascadian <vagrant@debian.org>

To: 758090@bugs.debian.org

Subject: Re: ltspfs: lbmount use of "mount --move" incompatible with systemd

Date: Thu, 14 Aug 2014 11:52:17 -0700

[Message part 1 (text/plain, inline)]

Control: tags -1 +patch

On 2014-08-14, Vagrant Cascadian wrote:
> A quick workaround is to use "mount --bind" instead of "mount --move",
> but this has the undesired side-effect of leaving two mounts in place,
> one in /tmp/.USERNAME-ltspfs/MOUNT and one in /media/USERNAME/MOUNT.
> Though some brief experiments show that unmounting the /tmp mount left
> the /media mount in place when i tried it... that might make it a viable
> workaround.

Patch that implements this, including the umounting:

diff --git a/scripts/ltspfsmounter b/scripts/ltspfsmounter
index 642202f..5322b23 100644
--- a/scripts/ltspfsmounter
+++ b/scripts/ltspfsmounter
@@ -32,6 +32,7 @@ def add_ltspfsmount(conn, path, root, dev, mediaroot):
     hidden_mount = '%s/%s' % (root, dev)
     lbmount_command = ['lbmount', dev]
     ltspfs_mount = ['ltspfs', conn+':'+path, root+'/'+dev]
+    ltspfs_umount=['fusermount', '-uzq', hidden_mount]
 
     if not os.access(root, 0):
         os.mkdir(root)
@@ -47,6 +48,7 @@ def add_ltspfsmount(conn, path, root, dev, mediaroot):
     try:
         call(lbmount_command)
         if os.access(hidden_mount, 0):
+            call(ltspfs_umount)
             os.rmdir(hidden_mount)
         if os.access(root, 0):
             os.rmdir(root)
diff --git a/src/lbmount.c b/src/lbmount.c
index 8421e25..c1a8067 100644
--- a/src/lbmount.c
+++ b/src/lbmount.c
@@ -155,7 +155,7 @@ int root_mounter(const char *path1, const char *path2)
         }
         /* Statically build command line to prevent monkey business */
         if (path2)
-            execle(mountprog, mountprog, "--move", path1, path2, NULL,
+            execle(mountprog, mountprog, "--bind", path1, path2, NULL,
                    null_env);
         else
             execle(umountprog, umountprog, "-l", path1, NULL, null_env);


live well,
  vagrant

[Message part 2 (application/pgp-signature, inline)]

Message #17 received at 758090@bugs.debian.org (full text, mbox, reply):

From: Vagrant Cascadian <vagrant@debian.org>

To: 758090@bugs.debian.org

Subject: Re: ltspfs: lbmount use of "mount --move" incompatible with systemd

Date: Thu, 14 Aug 2014 15:32:09 -0700

[Message part 1 (text/plain, inline)]

On 2014-08-14, Vagrant Cascadian wrote:
> Honestly, I'd rather figure out a way to safely mount the ltspfs mount
> directly without "mount --move". We could have a setuid wrapper that instead
> creates the mountpoint directly as /media/USERNAME/MOUNT 

Patch below which basically implements this part...


> and ensures it actually mounts, and some way of ensuring that it
> unmounts and removes the /media/USERNAME/MOUNT directory when
> done... possibly with a mount.helper and/or umount.helper

It doesn't include a mount/umount helper, or prevent the user from using
lbmount to create arbitrary /media/USERNAME/* dirs owned by them.

It is a huge reduction in setuid root code:

 scripts/ltspfsmounter | 37 +++++++++++--------------------------
 src/lbmount.c         | 68 --------------------------------------------------------------------
 2 files changed, 11 insertions(+), 94 deletions(-)

diff --git a/scripts/ltspfsmounter b/scripts/ltspfsmounter
index 5322b23..97b45ff 100644
--- a/scripts/ltspfsmounter
+++ b/scripts/ltspfsmounter
@@ -28,47 +28,35 @@ def run_hooks(mode, mountpoint):
 def get_var(name):
     return os.environ.get(name)
 
-def add_ltspfsmount(conn, path, root, dev, mediaroot):
-    hidden_mount = '%s/%s' % (root, dev)
+def add_ltspfsmount(conn, path, dev, mediaroot):
     lbmount_command = ['lbmount', dev]
-    ltspfs_mount = ['ltspfs', conn+':'+path, root+'/'+dev]
-    ltspfs_umount=['fusermount', '-uzq', hidden_mount]
-
-    if not os.access(root, 0):
-        os.mkdir(root)
-    if not os.access(hidden_mount, 0):
-        os.mkdir(hidden_mount)
+    ltspfs_mount = ['ltspfs', conn+':'+path, mediaroot+'/'+dev]
 
     env = os.environ.copy()
 
     try:
-        call(ltspfs_mount, env=env)
-    except OSError, e:
-        print >>sys.stderr, "mount failed:", e
-    try:
         call(lbmount_command)
-        if os.access(hidden_mount, 0):
-            call(ltspfs_umount)
-            os.rmdir(hidden_mount)
-        if os.access(root, 0):
-            os.rmdir(root)
         run_hooks('add', os.path.join(mediaroot, dev))
     except OSError, e:
         print >>sys.stderr, "suid mount failed:", e
+    try:
+        call(ltspfs_mount, env=env)
+    except OSError, e:
+        print >>sys.stderr, "mount failed:", e
 
 def remove_ltspfsmount(root, dev):
     lbumount_command=['lbmount', '--umount', dev]
     ltspfs_umount=['fusermount', '-uzq', root+'/'+dev]
 
     try:
-        call(lbumount_command)
-    except OSError, e:
-        print >>sys.stderr, "suid umount failed:", e
-    try:
         call(ltspfs_umount)
         run_hooks('remove', os.path.join(root, dev))
     except OSError, e:
         print >>sys.stderr, "umount failed:", e
+    try:
+        call(lbumount_command)
+    except OSError, e:
+        print >>sys.stderr, "suid umount failed:", e
 
 def cleanup(user):
     known_mounts = open( '/proc/mounts', 'r' ).readlines()
@@ -78,8 +66,6 @@ def cleanup(user):
                 mountpoint=mount.split()[1]
                 device=mountpoint.split('/')[-1]
                 if dir=='/media' and mountpoint.startswith(dir):
-                    call(['lbmount', '--umount', device])
-                elif dir=='/tmp' and mountpoint.startswith(dir):
                     call(['fusermount', '-uzq', mountpoint])
                     if os.access(mountpoint, 0):
                         os.rmdir(mountpoint)
@@ -104,7 +90,6 @@ def main():
     path = sys.argv[1]
     command = sys.argv[2]
     username = get_var('USER')
-    root = "/tmp/.%s-ltspfs" % username
     mediaroot = "/media/%s" % username
 
     if not get_var('SSH_CONNECTION'):
@@ -116,7 +101,7 @@ def main():
     dev = path.split('/')[-1]
 
     if command=='add':
-        add_ltspfsmount(conn, path, root, dev, mediaroot)
+        add_ltspfsmount(conn, path, dev, mediaroot)
     elif command=='remove':
         remove_ltspfsmount(mediaroot, dev)
     elif command=='cleanup':
diff --git a/src/lbmount.c b/src/lbmount.c
index 61152f5..dea7bd6 100644
--- a/src/lbmount.c
+++ b/src/lbmount.c
@@ -53,8 +53,6 @@ static uid_t uidReal;           /* Users real userid */
  */
 
 static char *mediadir = "/media";
-static char *ltspfsdir1 = "/tmp/.";
-static char *ltspfsdir2 = "-ltspfs/";
 static char *mountprog = "/bin/mount";  /* system mount program */
 static char *umountprog = "/bin/umount";        /* system umount program */
 
@@ -135,52 +133,6 @@ void mkdir_safe(char *dir)
 }
 
 /*
- * domount: actually bindmounts path1 onto path2.
- */
-
-int root_mounter(const char *path1, const char *path2)
-{
-    int status;
-    pid_t child;
-    char *program;
-    char *null_env[] = { NULL };
-
-    child = fork();
-
-    if (child == 0) {
-        if (setreuid(0, -1)) {
-            /* Couldn't become root */
-            perror("Couldn't obtain root privs");
-            exit(1);
-        }
-        /* Statically build command line to prevent monkey business */
-        if (path2)
-            execle(mountprog, mountprog, "--bind", path1, path2, NULL,
-                   null_env);
-        else
-            execle(umountprog, umountprog, "-l", path1, NULL, null_env);
-        perror("Error: execl() returned");
-        exit(1);                                 /* exec should never return */
-    } else if (child > 0) {
-        if (waitpid(child, &status, 0) < 0) {
-            perror("Error: wait() call failed");
-            exit(1);
-        }
-    } else if (child < 0) {
-        perror("Error: fork() failed");
-        exit(1);
-    }
-
-    if (!WIFEXITED(status)) {
-        fprintf(stderr, "Error: execle() returned no status");
-        exit(1);
-    }
-
-    return WEXITSTATUS(status);
-}
-
-
-/*
  * mainline
  */
 
@@ -190,7 +142,6 @@ int main(int argc, char **argv)
     struct passwd *pwent;
     char *mountpoint = NULL;    /* command line supplied media name */
     char mediamount[PATH_MAX];  /* fully pathed mountpoint in /media */
-    char ltspfsmount[PATH_MAX]; /* fully pathed ltspfs mount in /tmp */
 
     int option;
     static struct option long_opts[] = {
@@ -257,17 +208,7 @@ int main(int argc, char **argv)
         exit(1);
     }
 
-    /*
-     * Build our ltspfs mountpoint string, and check and see if it exists.
-     */
-
-    snprintf(ltspfsmount, sizeof(ltspfsmount), "%s%s%s%s",
-             ltspfsdir1, pwent->pw_name, ltspfsdir2, mountpoint);
-
     if (!umount) {
-        if (!is_mounted(ltspfsmount))
-            exit(1);
-
         /* OK, name's a normal size, and looks valid. Begin creating the media
          * mount point. First, we need to create /media/uid */
 
@@ -282,21 +223,12 @@ int main(int argc, char **argv)
                  pwent->pw_name, mountpoint);
 
         mkdir_safe(mediamount);
-
-        return root_mounter(ltspfsmount, mediamount);
     } else {
         /* umount */
 
         snprintf(mediamount, sizeof(mediamount), "%s/%s/%s", mediadir,
                  pwent->pw_name, mountpoint);
 
-        if (is_mounted(mediamount))
-            root_mounter(mediamount, NULL);
-        else {
-            fprintf(stderr, "Error: %s unmountable", mediamount);
-            exit(1);
-        }
-
         if (rmdir(mediamount)) {
             perror("Unable to rmdir() in /media");
             exit(1);


live well,
  vagrant

[Message part 2 (application/pgp-signature, inline)]

Message #22 received at 758090-close@bugs.debian.org (full text, mbox, reply):

From: Vagrant Cascadian <vagrant@debian.org>

To: 758090-close@bugs.debian.org

Subject: Bug#758090: fixed in ltspfs 1.4-1

Date: Mon, 18 Aug 2014 17:33:37 +0000

Source: ltspfs
Source-Version: 1.4-1

We believe that the bug you reported is fixed in the latest version of
ltspfs, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 758090@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Vagrant Cascadian <vagrant@debian.org> (supplier of updated ltspfs package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 18 Aug 2014 09:48:57 -0700
Source: ltspfs
Binary: ltspfs ltspfsd ltspfsd-core
Architecture: all source
Version: 1.4-1
Distribution: unstable
Urgency: medium
Maintainer: Debian LTSP Maintainers <pkg-ltsp-devel@lists.alioth.debian.org>
Changed-By: Vagrant Cascadian <vagrant@debian.org>
Closes: 758090 758093
Description: 
 ltspfsd-core - Fuse based remote filesystem daemon for LTSP thin clients
 ltspfsd    - Fuse based remote filesystem hooks for LTSP thin clients
 ltspfs     - Fuse based remote filesystem for LTSP thin clients
Changes:
 ltspfs (1.4-1) unstable; urgency=medium
 .
   * New upstream version:
     - Fix filesystem size calculations. Thanks to datube for the initial
       patch! (LP: #1021579).
     - Mount ltspfs filesystem directly to /media/username/mountpoint
       (Closes: #758090).
     - Add support for starting ltspfsd from systemd service file when
       systemd is running (Closes: #758093).
     - ltspfsd: Don't add duplicate entries to ltspfs_fstab.
Checksums-Sha1: 
 c3c6eb96b9d03de7b829aee29f7b75cf34f16750 2061 ltspfs_1.4-1.dsc
 962839af8fefaeff068d3274b1692da46008b9e0 44329 ltspfs_1.4.orig.tar.gz
 bdcf927196e9a270d9a286d1d88631b49eb1554b 8460 ltspfs_1.4-1.debian.tar.xz
 7e96bfb46eed1274aa296fc0fa60606397a3e3ff 17158 ltspfsd_1.4-1_all.deb
Checksums-Sha256: 
 e76020eaaf97561a48cd213f36cb081ae33c61783891d37695d35c03f6298185 2061 ltspfs_1.4-1.dsc
 601f6a355c3494c6cf2eef3f02babd6043a1aea77e1d6170c7a9e6d0ad328a23 44329 ltspfs_1.4.orig.tar.gz
 0911488c701727a3aa1c4692ee6abc700475880dc55719f18e53b237ad92db5c 8460 ltspfs_1.4-1.debian.tar.xz
 9ada0236d68b6620dc140b7386b5e2e912b44263525c08241346a816d12d321f 17158 ltspfsd_1.4-1_all.deb
Files: 
 c0005daf491bcafdd26fa1dd0ab9c9ae 2061 net optional ltspfs_1.4-1.dsc
 c25775a308059f228697176119551325 44329 net optional ltspfs_1.4.orig.tar.gz
 cb7f723a763efcd14216c56a04f6082e 8460 net optional ltspfs_1.4-1.debian.tar.xz
 ed5a0fd92542601e3031e6cb58392e0b 17158 net optional ltspfsd_1.4-1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJT8jbIAAoJELeLgtSBS5G2nK0P/2MQdLUhdyyxMeWY18NaB7xa
+EYrUcTccXn+bi0zNZMtQYJZbK0C0DNoq81I2MFGMox3m7UYJlcV5P9oStDs80NF
Bda0sabutzlrpUEmL+7PEQK0TfQNIwU9VWLqLtMnATBO44Nl909YpHts+rL+YThG
8uh99448B1WOUckl/2s6s7nFNx9BGF1frYdVw3R+gaRQNVUXLrrcc/Nd+vt2oIoy
rHwxyGuTcQI0m+TRq8n0egk2yrzWkFOmgLe5wBVyzWE82+zExAzWAMsT1Rq79Lz8
SefTWKbvnVlrW4cny3iCNUBbs+9TvctqpjJcHMynpvnJUpz4NOdwJjSd1BsivzQg
Hr7E6MZtE6cFZE8RKhnR3m4wXh2kBj2/09OJuhsBe9qcbbURqOI6A1FxoGyRVFE9
UThWpt4Xr1OFyxU6FQmcrj3/Y/Z/ruLpKFMuIknpmU3gtQtae/b3fvnLiCmFNfYb
F5QlQjJDgk+2O9LbMbamfSQV1HTH0eMVN/7FOk36ei1Gb6lyp286ovQm3q6IXBy7
ZPFfxdA+OlHJTA5a2IQbA26XVd0MPKWaeVfXu4cP+HW7kMTKqTBtlVmMqbyf8r9C
AeRSAvvbo7pCGmVAQX+c5dETAy5dmGitYOqSVgTXfm6mtAvyW6teLecq54X/FeFt
jMOWMOQk7rbFMKjh7W+h
=eL1e
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.