| Age | Commit message (Collapse) | Author | Lines |
|---|
|
|
|
It should be 2020 rather than 2010. Thanks.
|
|
|
|
This commit defines a new capability called `FUSE_CAP_CACHE_SYMLINKS`.
It is off by default but you can now enable it by setting this flag in
in the `want` field of the `fuse_conn_info` structure.
When enabled, the kernel will save symlinks in its page cache,
by making use of the feature introduced in kernel 4.20:
https://github.com/torvalds/linux/commit/5571f1e65486be025f73fa6aa30fb03725d362a2
|
|
|
|
|
|
|
|
|
|
Last two changes were not part of the released version.
|
|
|
|
Fixes #467.
|
|
Define FUSE_USE_VERSION < 35 to get old ioctl prototype
with int commands; define FUSE_USE_VERSION >= 35 to get
new ioctl prototype with unsigned int commands.
Fixes #463.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Introduce an API for custom log handler functions. This allows libfuse
applications to send messages to syslog(3) or other logging systems.
See include/fuse_log.h for details.
Convert libfuse from fprintf(stderr, ...) to log_fuse(level, ...). Most
messages are error messages with FUSE_LOG_ERR log level. There are also
some debug messages which now use the FUSE_LOG_DEBUG log level.
Note that lib/mount_util.c is used by both libfuse and fusermount3.
Since fusermount3 does not link against libfuse, we cannot call
fuse_log() from lib/mount_util.c. This file will continue to use
fprintf(stderr, ...) until someone figures out how to split it up.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
|
|
|
|
sysconfdir defaults to /usr/local/etc which is almost always the wrong
choice.
Fixes: #427
|
|
|
|
|
|
Starting with kernel version 4.20 fuse supports a new property
'max_pages' which is the maximum number of pages that can be used per
request. This can be set via an argument during initialization.
This new property allows writes to be larger than 128k.
This patch sets the property if the matching capability is set
(FUSE_MAX_PAGES). It will also set max_write to 1MiB. Filesystems have
the possibility to decrease this size by setting max_write to a smaller
size. The max_pages and bufsize fields are adjusted accordingly.
Cc: Constantine Shulyupin <const@MakeLinux.com>
Signed-off-by: Markus Pargmann <scosu@quobyte.com>
|
|
passthrough_hp puts emphasis and performance and correctness, rather
than simplicity.
|
|
|
|
|
|
cache_readdir flag is a new feature.
|
|
Fixes: #394.
|
|
See also https://bugzilla.redhat.com/1694552#c7
Signed-off-by: Peter Lemenkov <lemenkov@gmail.com>
|
|
Instead of the Posix ioctl(2) command, Linux uses its own variant of ioctl()
in which the commands are requested as "unsigned long" and truncated to
32 bits by the fuse kernel module. Transmitting the commands to user space
file systems as "unsigned int" is a workaround for processing ioctl()
commands which do not fit into a signed int.
|
|
|
|
|
|
Fixes: #336.
|
|
Fixes: #338.
|
|
|
|
|
|
The passthrough example filesystem can be used for validating the API
and the implementation in the FUSE kernel module.
|
|
|
|
If a fuse filesystem was mounted in auto_unmount mode on top of an
already mounted filesystem, we would end up doing a double-unmount
when the fuse filesystem was unmounted properly.
Make the auto_unmount code less eager: unmount only if the mounted
filesystem has proper type and is returning 'Transport endpoint not
connected'.
|
|
|
|
The unprivileged option allows to run the FUSE file system process
without privileges by dropping capabilities and preventing them from
being re-acquired via setuid / fscaps etc. To accomplish this,
mount.fuse sets up the `/dev/fuse` file descriptor and mount itself
and passes the file descriptor via the `/dev/fd/%u` mountpoint syntax
to the FUSE file system.
|
|
This adds support for a mode of operation in which a privileged parent
process opens `/dev/fuse` and takes care of mounting. The FUSE file
system daemon can then run as an unprivileged child that merely
processes requests on the FUSE file descriptor, which get passed using
the special `/dev/fd/%u` syntax for the mountpoint parameter.
The main benefit is that no privileged operations need to be performed
by the FUSE file system daemon itself directly or indirectly, so the
FUSE process can run with fully unprivileged and mechanisms like
securebits and no_new_privs can be used to prevent subprocesses from
re-acquiring privilege via setuid, fscaps, etc. This reduces risk in
case the FUSE file system gets exploited by malicious file system
data.
Below is an example that illustrates this. Note that I'm using shell
for presentation purposes, the expectation is that the parent process
will implement the equivalent of the `mount -i` and `capsh` commands.
```
\# example/hello can mount successfully with privilege
$ sudo sh -c "LD_LIBRARY_PATH=build/lib ./example/hello /mnt/tmp"
$ sudo cat /mnt/tmp/hello
Hello World!
$ sudo umount /mnt/tmp
\# example/hello fails to mount without privilege
$ sudo capsh --drop=all --secbits=0x2f -- -c 'LD_LIBRARY_PATH=build/lib ./example/hello -f /mnt/tmp'
fusermount3: mount failed: Operation not permitted
\# Passing FUSE file descriptor via /dev/fd/%u allows example/hello to work without privilege
$ sudo sh -c '
exec 17<>/dev/fuse
mount -i -o nodev,nosuid,noexec,fd=17,rootmode=40000,user_id=0,group_id=0 -t fuse hello /mnt/tmp
capsh --drop=all --secbits=0x2f -- -c "LD_LIBRARY_PATH=build/lib example/hello /dev/fd/17"
'
$ sudo cat /mnt/tmp/hello
Hello World!
$ sudo umount /mnt/tmp
```
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
