| Age | Commit message (Collapse) | Author | Lines |
|---|
|
Updating the mtab on Android fails due to differences in toybox's mount
command. Setting IGNORE_MTAB avoids that issue.
Signed-off-by: Daniel Rosenberg <drosen@google.com>
|
|
The pointer did not have any sanity check.
Addresses https://github.com/libfuse/libfuse/issues/979
|
|
This implements #651, tested with bindfs.
"x-*" options are comments meant to be interpreted by userspace.
#651 is about some 3rd party mount options like 'x-gvfs-notrash'.
This also removes the test if /etc/mtab is a symlink.
This test was added in commit 5f28cd15ab43c741f6d116be4d3a9aa5d82ab385
and the corresponding ChangeLog entry in this commit points to mount
issues for read-only mtab.
However, in all recent Linux distributions /etc/mtab is a symlink to
/proc/self/mounts and never writable. In fact, util-linux 2.39
(libmount) entirely removed support for a writable mtab.
At least since util-linux 2.19 (10-Feb-2011) /run/mount/utab is used
as replacement for userspace mount entries..
|
|
as well as <sys/mount.h> inclusion to new fuse_mount_compat.h file.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
|
|
This addresses: https://github.com/libfuse/libfuse/issues/724
HAVE_LIBC_VERSIONED_SYMBOLS configures the library if to use
versioned symbols and is set at meson configuration time.
External filesystems (the main target, actually)
include fuse headers and the preprocessor
then acts on HAVE_LIBC_VERSIONED_SYMBOLS. Problem was now that
'config.h' was not distributed with libfuse and so
HAVE_LIBC_VERSIONED_SYMBOLS was never defined with external
tools and the preprocessor did the wrong decision.
This commit also increases the the minimal meson version,
as this depends on meson feature only available in 0.50
<quote 'meson' >
WARNING: Project specifies a minimum meson_
version '>= 0.42' but uses features which were added
in newer versions:
* 0.50.0: {'install arg in configure_file'}
</quote>
Additionally the config file has been renamed to "fuse_config.h"
to avoid clashes - 'config.h' is not very specific.
|
|
kfreebsd is a FreeBSD kernel and a GNU libc
The only macro defined in that case is __FreeBSD_kernel__
Fix #580
|
|
70e25ea74e("Fix build on non-Linux") broke build on DragonFly BSD,
or likely anything other than FreeBSD and NetBSD that is not Linux.
Signed-off-by: Tomohiro Kusumi <kusumi.tomohiro@gmail.com>
|
|
* Update meson.build to add mount_util.c to libfuse_sources
unconditionally, it's non Linux-only
* FreeBSD, like NetBSD, doesn't have mntent.h, so don't include
that and define IGNORE_MTAB for both
* FreeBSD, like NetBSD, has no umount2() sysctl, so similarly define
it to unmount()
|
|
This adds support for a mode of operation in which a privileged parent
process opens `/dev/fuse` and takes care of mounting. The FUSE file
system daemon can then run as an unprivileged child that merely
processes requests on the FUSE file descriptor, which get passed using
the special `/dev/fd/%u` syntax for the mountpoint parameter.
The main benefit is that no privileged operations need to be performed
by the FUSE file system daemon itself directly or indirectly, so the
FUSE process can run with fully unprivileged and mechanisms like
securebits and no_new_privs can be used to prevent subprocesses from
re-acquiring privilege via setuid, fscaps, etc. This reduces risk in
case the FUSE file system gets exploited by malicious file system
data.
Below is an example that illustrates this. Note that I'm using shell
for presentation purposes, the expectation is that the parent process
will implement the equivalent of the `mount -i` and `capsh` commands.
```
\# example/hello can mount successfully with privilege
$ sudo sh -c "LD_LIBRARY_PATH=build/lib ./example/hello /mnt/tmp"
$ sudo cat /mnt/tmp/hello
Hello World!
$ sudo umount /mnt/tmp
\# example/hello fails to mount without privilege
$ sudo capsh --drop=all --secbits=0x2f -- -c 'LD_LIBRARY_PATH=build/lib ./example/hello -f /mnt/tmp'
fusermount3: mount failed: Operation not permitted
\# Passing FUSE file descriptor via /dev/fd/%u allows example/hello to work without privilege
$ sudo sh -c '
exec 17<>/dev/fuse
mount -i -o nodev,nosuid,noexec,fd=17,rootmode=40000,user_id=0,group_id=0 -t fuse hello /mnt/tmp
capsh --drop=all --secbits=0x2f -- -c "LD_LIBRARY_PATH=build/lib example/hello /dev/fd/17"
'
$ sudo cat /mnt/tmp/hello
Hello World!
$ sudo umount /mnt/tmp
```
|
|
Apparently, NetBSD does not have /etc/mtab. Setting IGNORE_MTAB
in this case makes the code a little nicer.
See also https://github.com/libfuse/libfuse/pull/123
|
|
This brings the default behavior in-line with that of the
regular `mount` command.
|
|
This should make more clear what file contains code for what
purpose.
|
|
|
|
Found by Tavis Ormandy (CVE-2015-3202).
|
|
|
|
This allows compiling fuse with musl.
|
|
add AC_SYS_LARGEFILE to your configure.ac instead.
|
|
|
|
|
|
--no-canonicalize
Remove "legacy" util-linux support as missing --no-canonicalize cannot
be worked around in fuse.
|
|
If umount(8) supports --fake and --no-canonicalize (util-linux-ng
version 2.18 or later), and umount(2) supports the UMOUNT_NOFOLLOW
flag (linux kernel version 2.6.35 or later) then, "fusermount -u" will
call the umount(2) system call and use "umount --fake ..." to update
/etc/mtab
Added --disable-legacy-umount option to configure. This disables the
runtime checking of umount(8) version. When built with this option
then "fusermount -u" will fail if umount(8) doesn't support the --fake
and --no-canonicalize options.
|
|
Open /dev/null for write instead of read for redirecting stdout and
stderr
|
|
|
|
The bulk of it is just about adding ifdef __NetBSD__ where there is
already an ifdef __FreeBSD__
Add a arch=netbsd to deal with NetBSD specifics. I suggests that
arch=bsd could be renamed to arch=freebsd
NetBSD specific linking with -lperfuse
NetBSD patches to lib/mount.c. It turned to be less itrusive to patch
mount;c than mount_bsd.c. I suggest mount_bsd.c could be renamed to
mount_freebsd.c
Patch from Emmanuel Dreyfus
|
|
* Using --no-canonicalize with umount(8) conflicts with the race
fix, sinceit assumes the supplied path is absolute, while the race
fix relies on the path being relative to the current directory
|
|
Reported by Dan Rosenberg
* Make sure that the path to be unmounted doesn't refer to a
symlink
|
|
util-linux-ng version 2.17 or greater) to avoid calling
readling(2) on the newly mounted filesystem before the mount
procedure is finished. This has caused a deadlock if audit was
enabled in the kernel. Also use '--no-canonicalize' for umount to
avoid touching the mounted filesystem.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
