Rearrange util/fusermount.c umount_fuse_locked() so that

umount2 is called with privs dropped, not raised. This works around a clash with NFS permissions: if FUSE mounted on NFS client directory with root_squash in effect, and some directory in the path leading to the mount point denies permissions to others, umount2 will fail because userid 0 cannot search it. Since drop_privs merely sets the file- system user- and group-ID without changing the CAP_SYS_ADMIN capability needed to unmount a file system (which fusermount has because it is set-user-ID root), umount2 works fine.
author: Norman Wilson <norman@teach.cs.toronto.edu> 2024-08-12 14:16:30 -0400
committer: Bernd Schubert <bernd.schubert@fastmail.fm> 2024-08-21 23:58:25 +0200
commit: c9bf7d3e20ec5c86dd590f695b92e65142491d0e (patch)
tree: cc59f1349331126ad505d3ae573f4bf0e4242d7e
parent: 0750b4a194019c991d1c8a7f5e59fb5f4be50e3c (diff)
download: libfuse-c9bf7d3e20ec5c86dd590f695b92e65142491d0e.tar.gz
1 files changed, 4 insertions, 2 deletions
diff --git a/util/fusermount.c b/util/fusermount.c
index e40c457..f37c616 100644
--- a/util/fusermount.c
+++ b/util/fusermount.c
@@ -523,11 +523,13 @@ static int unmount_fuse_locked(const char *mnt, int quiet, int lazy)
 
 	drop_privs();
 	res = chdir_to_parent(copy, &last);
-	restore_privs();
-	if (res == -1)
+	if (res == -1) {
+		restore_privs();
 		goto out;
+	}
 
 	res = umount2(last, umount_flags);
+	restore_privs();
 	if (res == -1 && !quiet) {
 		fprintf(stderr, "%s: failed to unmount %s: %s\n",
 			progname, mnt, strerror(errno));
author	Norman Wilson <norman@teach.cs.toronto.edu>	2024-08-12 14:16:30 -0400
committer	Bernd Schubert <bernd.schubert@fastmail.fm>	2024-08-21 23:58:25 +0200
commit	c9bf7d3e20ec5c86dd590f695b92e65142491d0e (patch)
tree	cc59f1349331126ad505d3ae573f4bf0e4242d7e
parent	0750b4a194019c991d1c8a7f5e59fb5f4be50e3c (diff)
download	libfuse-c9bf7d3e20ec5c86dd590f695b92e65142491d0e.tar.gz