Add unprivileged option in `mount.fuse3`

The unprivileged option allows to run the FUSE file system process without privileges by dropping capabilities and preventing them from being re-acquired via setuid / fscaps etc. To accomplish this, mount.fuse sets up the `/dev/fuse` file descriptor and mount itself and passes the file descriptor via the `/dev/fd/%u` mountpoint syntax to the FUSE file system.
author: Mattias Nissler <mnissler@chromium.org> 2018-08-31 09:44:04 +0200
committer: Nikolaus Rath <Nikolaus@rath.org> 2018-10-09 20:36:22 +0100
commit: da7c9b228aaf31f37684e106b75262055ca440de (patch)
tree: 548cb7e54d87af7c2cfdcde3dcb01d0f184f0315 /ChangeLog.rst
parent: 64e11073b9347fcf9c6d1eea143763ba9e946f70 (diff)
download: libfuse-da7c9b228aaf31f37684e106b75262055ca440de.tar.gz
1 files changed, 5 insertions, 0 deletions
diff --git a/ChangeLog.rst b/ChangeLog.rst
index 65f57d7..24b4d9c 100644
--- a/ChangeLog.rst
+++ b/ChangeLog.rst
@@ -12,6 +12,11 @@ Unreleased Changes
   special format `/dev/fd/%u`. This allows mounting to be handled by the parent
   so the FUSE filesystem process can run fully unprivileged.
 
+* Add a `drop_privileges` option to mount.fuse3 which causes it to open
+  `/dev/fuse` and mount the file system itself, then run the FUSE file
+  filesystem fully unprivileged and unable to re-acquire privilege via setuid,
+  fscaps, etc.
+
 libfuse 3.2.6 (2018-08-31)
 ==========================
author	Mattias Nissler <mnissler@chromium.org>	2018-08-31 09:44:04 +0200
committer	Nikolaus Rath <Nikolaus@rath.org>	2018-10-09 20:36:22 +0100
commit	da7c9b228aaf31f37684e106b75262055ca440de (patch)
tree	548cb7e54d87af7c2cfdcde3dcb01d0f184f0315 /ChangeLog.rst
parent	64e11073b9347fcf9c6d1eea143763ba9e946f70 (diff)
download	libfuse-da7c9b228aaf31f37684e106b75262055ca440de.tar.gz