Regression: umount exits non null due to restrictive permissions of utab.lock in 2.40

[jspricke]

Starting with c14bee4 /run/mount/utab.lock has no longer read permissions for group and others.
This results in an exit code of 16 instead of 0 when using umount in a user namespace.
You can reproduce this on Debian by creating a VM like this:

$ truncate -s2M image.img
$ /sbin/mkfs.ext4 image.img
$ debvm-create --release=unstable -- --include=uidmap --chrooted-customize-hook='echo "/dev/vdb /mnt ext4 defaults,user 0 0" >> /etc/fstab' --hook-dir=/usr/share/mmdebstrap/hooks/useradd
$ debvm-run -- -drive if=virtio,format=raw,file=image.img
# inside debvm
$ su - user
$ dpkg -l libmount1
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name            Version      Architecture Description
+++-===============-============-============-=================================
ii  libmount1:amd64 2.40-6       amd64        device mounting library
$ ls -l /run/mount/utab.lock
-rw------- 1 root root 0 Apr 21 06:28 /run/mount/utab.lock
$ mkdir sys
$ unshare --map-root-user --mount
$ mount --rbind /sys sys
$ umount --lazy sys; echo $?
umount: /home/user/sys: filesystem was unmounted, but failed to update userspace mount table.
16

Changing unstable to testing (currently with util-linux 2.39.3) or stable (2.38.1) fixes this as the utab.lock has read permissions for everyone.

I would propose to partly revert the commit like this:

--- a/libmount/src/lock.c
+++ b/libmount/src/lock.c
@@ -187,7 +187,7 @@ static int lock_simplelock(struct libmnt_lock *ml)
        const char *lfile;
        int rc;
        struct stat sb;
-       const mode_t lock_mask = S_IRUSR|S_IWUSR;
+       const mode_t lock_mask = S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH;

        assert(ml);

Alternatively we could make something like umount --no-mtab the default.

[karelzak]

The permissions are fine; if you have no write access to the utab then you do not need the lock ;-)

The problem is that libmount checks for access to the file but ignores the result of the check. See debug output
(LIBMOUNT_DEBUG=all env. variable)

1545: libmount:    CXT: [0x561d0ff1a6c0]: checking for writable tab files
1545: libmount:    UTILS: utab: /run/mount/utab
1545: libmount:    UTILS: try write /run/mount/utab dir: (null)
1545: libmount:    UTILS:  access FAILED
1545: libmount:    UPDATE: [0x561d0ff20020]: allocate

In this case, the library needs to ignore the utab update. Fixed version:

1659: libmount:      CXT: [0xbc4b70]: checking for writable tab files
1659: libmount:    UTILS: utab: /run/mount/utab
1659: libmount:    UTILS: try write /run/mount/utab dir: (null)
1659: libmount:    UTILS:  access FAILED
1659: libmount:    CXT: [0xbc4b70]: skip update: no writable destination

and it exits with 0. Fix:

diff --git a/libmount/src/context.c b/libmount/src/context.c
index 952287a26..5206c1d58 100644
--- a/libmount/src/context.c
+++ b/libmount/src/context.c
@@ -367,8 +367,7 @@ const char *mnt_context_get_writable_tabpath(struct libmnt_context *cxt)
 {
        assert(cxt);
 
-       context_init_paths(cxt, 1);
-       return cxt->utab_path;
+       return mnt_context_utab_writable(cxt) ? cxt->utab_path : NULL;
 }

I'll prepare a pull request with the fix.