linux - Is it possible to perform a CIFS mount with user permissions after namespace isolation using clone() or unshare() - Stac

admin•2025-04-19 03:36:45•questions•阅读1

I'm working on isolating namespaces using clone() in a Linux environment and I have a question reg

I'm working on isolating namespaces using clone() in a Linux environment and I have a question regarding CIFS mounts.

If I use clone() to isolate the network namespace (and potentially other namespaces) for a process, would it be possible to perform a CIFS mount from that process with user permissions only (without root access)?

Specifically:

Can CIFS mounts be performed in a namespace-isolated environment without root privileges?

If it’s not possible to mount CIFS with user permissions, does the process need root access within the isolated namespace to successfully perform the mount?

Any insights or experiences regarding namespace isolation and mounting filesystems like CIFS without root would be greatly appreciated!

Thanks in advance!

I tried using unshare with newns or newuser to isolate the namespace and perform the mount, but I encountered the error: 'mount: Operation not permitted'.

i tried this code

#define _GNU_SOURCE
#include <stdio.h>
#include <stdarg.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <sys/mount.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <sched.h>
#include <errno.h>

void write_to_file(const char *path, const char *format, ...) {
    FILE *fp = fopen(path, "w");
    if (!fp) {
        perror("fopen");
        exit(EXIT_FAILURE);
    }

    va_list args;
    va_start(args, format);
    if (vfprintf(fp, format, args) < 0) {
        perror("vfprintf");
        exit(EXIT_FAILURE);
    }
    fclose(fp);
    va_end(args);
}

int create_directory_if_needed(const char *path) {
    if (mkdir(path, 0777) == -1 && errno != EEXIST) {
        perror("mkdir");
        return -1;
    }
    return 0;
}

static int setup_mount_environment() {
    const char *mount_point = "/tmp/test/smb_share";
    const char *smb_share = "//192.168.1.1/shared_folder";

    if (create_directory_if_needed(mount_point)) {
        return -1;
    }
    printf("[*] do mount!\n");
    if (mount(smb_share, mount_point, "cifs", 0,
            "username=guest,password=,uid=0,gid=0,vers=3.0") == -1) {
        int saved_errno = errno;  
        printf("[DEBUG] Mount failed: %s\n", strerror(saved_errno));  
        system("dmesg | tail -n 10");  
        return -1;
    }

    return 0;
}

int main() {
    printf("[*] Unsharing namespaces...\n");
    
    if (unshare(CLONE_NEWUSER | CLONE_NEWNS) == -1) {
        perror("unshare failed");
        return EXIT_FAILURE;
    }

    printf("[*] Setting UID/GID mappings...\n");
    write_to_file("/proc/self/uid_map", "0 %d 1", getuid());
    write_to_file("/proc/self/setgroups", "deny");
    write_to_file("/proc/self/gid_map", "0 %d 1", getgid());

    printf("[*] Attempting SMB mount...\n");
    if (setup_mount_environment() == -1) {
        return EXIT_FAILURE;
    }

    printf("[*] SMB mount success!\n");
    return EXIT_SUCCESS;
}

发布者：admin，转转请注明出处：http://www.yc00.com/questions/1744321633a4568445.html

admin

questions
javascript - Sending json to (not REST) WCF service - Stack Overflow
I need to have a javascript which will send object as json to WCF service to save it.I have javascript
admin
24分钟前
30
questions
.net - Is it possible to have nuget delay download until build? - Stack Overflow
I have a project that needs a reference to a nuget package, containing a number of dlls that it will us
admin
23分钟前
10
questions
Implementation of custom Angular schematics inside a project - Stack Overflow
I have an Angular 19 project and would like to add some schematics to it. Since these will depend on pr
admin
21分钟前
10
questions
Powershell click on javascript link - Stack Overflow
Here is hyperlink code<a href="javascript:void(1)" onclick="server_playOn(17,2, '
admin
17分钟前
10
questions
javascript - Storing the option values of a select box and storing them into a variable (by comma separated values) - Stack Over
How can I store the list of option values from a select box into a variable, delimited by ma?ie:<!DO
admin
17分钟前
10
questions
jquery - How to show Facebook comments using JavaScript? - Stack Overflow
I want to add Facebook ments using JavaScript (jQuery) to be able to customise the data-href. I used th
admin
14分钟前
10
questions
Javascript function as QML property defined from c++ - Stack Overflow
I have the following QML object defined in c++:class MyObj : public QQuickItem {Q_OBJECTQ_PROPERTY(QVar
admin
14分钟前
10
questions
advanced custom fields - ACF Flexible Content with Bootstrap Carousel Repeater
I'm trying to add a counter for each instance of this flexible content carousel built with Bootstrap. I've tri
admin
13分钟前
10
questions
javascript - React.js tells you to cancel promises. Official Promises can't be cancelled. What am I supposed to do inste
In order to prevent phantom updates to an unmounted React ponent, React tells you to cancel any pending
admin
9分钟前
10
questions
Deactivate Plugin on Theme Switch
I am developing a plugin, let's call it DahPlugin, that provides additional customizer options for a free theme I d
admin
9分钟前
10
questions
How to create Copilot agent to read information about a specific script in SharePoint? - Stack Overflow
I have done a ton of research and Googling on this but can't find a solution. I am trying to creat
admin
8分钟前
10
questions
c# - Using jQuery to post back to a controller - Stack Overflow
I'm using jQuery to post back to my controller, but i'm wondering how you pass values as para
admin
7分钟前
10
questions
java - What exactly makes Compare-and-swap (CAS) loop a better choice in highly concurrent environment? - Stack Overflow
Assuming we have just 1 cpu core and for the sake of example given the following CAS loop (in Java lang
admin
7分钟前
20
questions
javascript - Document.ready function - Stack Overflow
I have some code in the - $(document).ready(function(){ - that shuffles stuff around, the code is fired
admin
6分钟前
10
questions
javascript - How to click on navigation bar using selenium web driver - Stack Overflow
I Want toclick on navigation bar using selenium web driverMy Html code is<div class="navbar-i
admin
5分钟前
00
questions
performance - WordPress Meta description - is it better to use manual configuration?
I was wondering: aside from the fact that plugins are easier to use, wouldn't it be better to configure meta descri
admin
4分钟前
10
questions
regex - JavaScript: Search string from position - Stack Overflow
JavaScript has two useful methods, both which nearly do what I need.String.prototype.indexOf() will sea
admin
4分钟前
00
questions
javascript - NG-Options doesn't let me set the value - Stack Overflow
Currently I am trying to load a selectbox using the ng-options directive.However I am not able to chang
admin
3分钟前
00
questions
javascript - Typescript. Check if methodproperty exists in the variable of unknown type - Stack Overflow
TS v3.x brought new type: unknown. But it's not very clear how to easily use this type instead of
admin
1分钟前
00
questions
javascript - Which is better: HTML rendering on server or on client in JS? - Stack Overflow
I have a best practicesperformance question.I am creating an ASP.NET MVC 2 project, and I have sever
admin
40秒前
00

发表回复

评论列表（0条）

暂无评论

linux - Is it possible to perform a CIFS mount with user permissions after namespace isolation using clone() or unshare() - Stac

发表回复

评论列表（0条）

联系我们

400-800-8888

linux - Is it possible to perform a CIFS mount with user permissions after namespace isolation using clone() or unshare() - Stac

相关推荐

发表回复

评论列表（0条）

联系我们

400-800-8888