| Age | Commit message (Collapse) | Author | Lines |
|---|
|
The passthrough example filesystem can be used for validating the API
and the implementation in the FUSE kernel module.
|
|
Add support for the relatively new copy_file_range() syscall. Backend
filesystems can now implement an efficient way of cloning/duplicating
data ranges within files. See 'man 2 copy_file_range' for more details.
|
|
Taken from Linux kernel commit 3b7008b226f3.
|
|
Currently, mounting on FreeBSD fails like this:
mount_fusefs: ZZZZ<snip> on /mountpoint: No such file or directory
This happens because right after doing argv[a++] = fdnam it's
getting freed before calling execvp().
So move this free() call after execvp(). Also, when asprintf()
fails for fdnam, close device fd before calling exit().
|
|
* Update meson.build to add mount_util.c to libfuse_sources
unconditionally, it's non Linux-only
* FreeBSD, like NetBSD, doesn't have mntent.h, so don't include
that and define IGNORE_MTAB for both
* FreeBSD, like NetBSD, has no umount2() sysctl, so similarly define
it to unmount()
|
|
Fixes: #319.
|
|
|
|
There is no gcc-6 package anymore.
|
|
This reverts commit 161983e2416bc6e26bbbe89664fff62c48c70858,
because this causes resource leaks when threads are terminated
by pthread_cancel().
Fixes: #313.
|
|
If a fuse filesystem was mounted in auto_unmount mode on top of an
already mounted filesystem, we would end up doing a double-unmount
when the fuse filesystem was unmounted properly.
Make the auto_unmount code less eager: unmount only if the mounted
filesystem has proper type and is returning 'Transport endpoint not
connected'.
|
|
|
|
Fixes: #304
Signed-off-by: Valentin Plugaru <valentin.plugaru@uni.lu>
|
|
|
|
According to user reports (https://github.com/libfuse/libfuse/pull/300),
we need at least version 0.42.
|
|
Fixes: #213.
|
|
|
|
For '.' and '..' entries only the file type in e.attr.st_mode and the inode
number in e.attr.st_ino are used. But it's prudent to at least initialize
the other fields of struct fuse_entry_param as well, instead of using
random values from the stack.
|
|
Caching can be controlled with the following options:
"cache=never": disable caching
"cache=normal": enable caching but also refresh after the timeout
"cache=always": never refresh cache
The timeout can be controlled with the "timeout=SEC" option, where SEC is
the number of seconds and can be an arbitrary non-negative floating point
number.
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
|
|
The extended attribute functionality is enabled with the "xattr" option
(default) and disabled with the "no_xatt" option.
New operations added:
- getxattr
- listxattr
- setxattr
- removexattr
Caveat: none of these operations will work on a symbolic link, because it's
difficult to implement that without races that can result in incorrect
operation.
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
|
|
Conditionally enable flock() locking on underlying filesystem, based on the
flock/no_flock options. Default is "no_flock", meaning locking will be
local to the fuse filesystem and won't be propagated to the filesystem
passed through.
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
|
|
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
|
|
Add method forget_multi() to forget multiple inodes in a single message.
Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
|
|
Right now, passthrough_ll will use "/" as source directory for passthrough.
We need more flexibility where user can specify path of directory to be
passed through. Hence add an option "source=<source-dir>".
Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
|
|
New operations added:
- mkdir
- mknod
- symlink
- link
- unlink
- rmdir
- rename
- setattr
- fsyncdir
- flush
- fsync
- statfs
- fallocate
Caveats:
- The utimes(2) family of syscalls will fail on symlinks on 4.18 and
earlier kernels. Hoping to add support to later kernels.
- The link(2) and linkat(2) system calls will fail on symlinks unless running
with privileges (CAP_DAC_READ_SEARCH).
Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
|
|
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
|
|
Like all the other passthrough examples.
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
|
|
Kernel is not expecting an elevated lookup count for the "." and ".."
entries when doing READDIRPLUS.
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
|
|
Otherwise it may crash when running multithreaded.
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
|
|
The unprivileged option allows to run the FUSE file system process
without privileges by dropping capabilities and preventing them from
being re-acquired via setuid / fscaps etc. To accomplish this,
mount.fuse sets up the `/dev/fuse` file descriptor and mount itself
and passes the file descriptor via the `/dev/fd/%u` mountpoint syntax
to the FUSE file system.
|
|
This adds support for a mode of operation in which a privileged parent
process opens `/dev/fuse` and takes care of mounting. The FUSE file
system daemon can then run as an unprivileged child that merely
processes requests on the FUSE file descriptor, which get passed using
the special `/dev/fd/%u` syntax for the mountpoint parameter.
The main benefit is that no privileged operations need to be performed
by the FUSE file system daemon itself directly or indirectly, so the
FUSE process can run with fully unprivileged and mechanisms like
securebits and no_new_privs can be used to prevent subprocesses from
re-acquiring privilege via setuid, fscaps, etc. This reduces risk in
case the FUSE file system gets exploited by malicious file system
data.
Below is an example that illustrates this. Note that I'm using shell
for presentation purposes, the expectation is that the parent process
will implement the equivalent of the `mount -i` and `capsh` commands.
```
\# example/hello can mount successfully with privilege
$ sudo sh -c "LD_LIBRARY_PATH=build/lib ./example/hello /mnt/tmp"
$ sudo cat /mnt/tmp/hello
Hello World!
$ sudo umount /mnt/tmp
\# example/hello fails to mount without privilege
$ sudo capsh --drop=all --secbits=0x2f -- -c 'LD_LIBRARY_PATH=build/lib ./example/hello -f /mnt/tmp'
fusermount3: mount failed: Operation not permitted
\# Passing FUSE file descriptor via /dev/fd/%u allows example/hello to work without privilege
$ sudo sh -c '
exec 17<>/dev/fuse
mount -i -o nodev,nosuid,noexec,fd=17,rootmode=40000,user_id=0,group_id=0 -t fuse hello /mnt/tmp
capsh --drop=all --secbits=0x2f -- -c "LD_LIBRARY_PATH=build/lib example/hello /dev/fd/17"
'
$ sudo cat /mnt/tmp/hello
Hello World!
$ sudo umount /mnt/tmp
```
|
|
Allow skipping utils build & installation (-Dutils=false) and examples
build (-Dexamples=false). By default behaviour is unchanged (both are
true: utils and examples get build).
|
|
|
|
|
|
|
|
This is only used in fuse_do_work(), so we can put it on
the stack.
|
|
We already support out of source builds without this.
|
|
|
|
|
|
|
|
Return different error codes from fuse_main()
|
|
|
|
|
|
Multiple meson build scripts improvements including:
* Bump meson requirement to 0.40.1 (0.40 already required)
* Declare a dependency object for main library
* Stop using add_global_arguments()
* Various minor style fixes
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
