| Age | Commit message (Collapse) | Author | Lines | 
|---|
|  | linux/close_range.h is only available since kernel 5.9 and
https://github.com/torvalds/linux/commit/60997c3d45d9a67daf01c56d805ae4fec37e0bd8
resulting in the following build failure:
../util/fusermount.c:40:10: fatal error: linux/close_range.h: No such file or directory
So let's check for header presence and emit HAVE_LINUX_CLOSE_RANGE_H
accordingly and check for it when including <linux/close_range.h> and
calling close_range() instead of checking for close_range() function in
meson and check against HAVE_CLOSE_RANGE.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com> | 
|  | Redirect stdin/stdout/stderr to /dev/null to prevent newly opened
file descriptors from reusing these low numbers (0,1,2) and
potential issues with that.
Signed-off-by: Bernd Schubert <bschubert@ddn.com> | 
|  | Added PanFSto whitelist. This should allow us to mount gocryptfs onto the parallel filesystem.
Signed-off-by: Jacob Riley <jnr0006@uah.edu> | 
|  | The UFSD super magic is larger than 32-bit - I don't
know if truncating to 32-bit would work - we just
exclude it for now.
Signed-off-by: Bernd Schubert <bschubert@ddn.com> | 
|  | Add a wrapper around strtol for more rigorous error checking
and convert uses of atoi and strtol to use this instead. | 
|  | close_range() is much more efficient.
Also remove the lower limit of 3 and set it to 0, as 0 to 1
might have been closed by the application and might be valid. | 
|  | When using the auto_unmount option, the fusermount3
watchdog process retains any inherited file descriptors.
This PR ensures they are closed.
Reason is that FDs that are kept open for a long time might
cause issues for applications using libfuse, for example
if these expect a pipe close, but the pipe is kept open
through the inherited file descriptor.
See for example: https://github.com/cvmfs/cvmfs/issues/3645
Signed-off-by: MJ Harvey <mharvey@jumptrading.com>
Signed-off-by: Bernd Schubert <bschubert@ddn.com> | 
|  | umount2 is called with privs dropped, not raised.  This
works around a clash with NFS permissions: if FUSE mounted
on NFS client directory with root_squash in effect, and
some directory in the path leading to the mount point denies
permissions to others, umount2 will fail because userid 0
cannot search it.  Since drop_privs merely sets the file-
system user- and group-ID without changing the CAP_SYS_ADMIN
capability needed to unmount a file system (which fusermount
has because it is set-user-ID root), umount2 works fine. | 
|  | The option to the path of the binary had been accidentally removed
in the scripts that can parse backtraces.
The dump_stack() function had left over debug messages. | 
|  |  | 
|  | This option is handled in VFS.
Added in Linux 5.10
dab741e0e02bd3c4f5e2e97be74b39df2523fc6e
Signed-off-by: Tyler Hall <tylerwhall@gmail.com> | 
|  | Addresses issue https://github.com/libfuse/libfuse/issues/982 | 
|  | Fixes: 73cd124d0408 ("Add clone_fd to custom IO (#927)")
Signed-off-by: Xiaoguang Wang <lege.wang@jaguarmicro.com> | 
|  | x_mnt_opts was not initialized to 0, but strncat was done
Spotted by cppcheck running on our ddn branch. | 
|  | Client code might allocate a lot of memory before starting the mount.
Fork is slow for processes that are using a lot of memory.  But
posix_spawn fixes that.
Another issue with fork is if the process is also doing RDMA - this
might lead to data corruption, as least if memory used for RDMA
is not marked with MADV_DONTFORK.  At least with linux kernels
before 5.12.
Also see https://blog.nelhage.com/post/a-cursed-bug/ for more details
Change by Bernd:
This also prepares the new fusermount option "--comm-fd", but keeps
the previous way to pass the parameter as env variable. In a future
release (exact data to be determined) we are going to remove usage
of the env variable and will switch to the new parameter. | 
|  | Commit 74b1df2e introduced a heap-buffer-overflow, as
allocated memory was not initialized and extract_x_options
was also not checking for the remaining buffer size.
Fix is to initialize the buffer and to also not exceed the buffer
size. Actually not exceeding buffer size is rather complex with C
and introduced quite some code changes.
Also fixed is a memory leak of allocated buffers in the commit
mentioned above. | 
|  | This implements #651, tested with bindfs.
"x-*" options are comments meant to be interpreted by userspace.
#651 is about some 3rd party mount options like 'x-gvfs-notrash'.
This also removes the test if /etc/mtab is a symlink.
This test was added in commit 5f28cd15ab43c741f6d116be4d3a9aa5d82ab385
and the corresponding ChangeLog entry in this commit points to mount
issues for read-only mtab.
However, in all recent Linux distributions /etc/mtab is a symlink to
/proc/self/mounts and never writable. In fact, util-linux 2.39
(libmount) entirely removed support for a writable mtab.
At least since util-linux 2.19 (10-Feb-2011) /run/mount/utab is used
as replacement for userspace mount entries.. | 
|  | With Linux Kernel 5.15 new ntfs kernel driver NTFS3 was included. It must be whitelisted as a permitted mount target. | 
|  | * Improve wording of user_allow_other usage instructions
* Remove dated comment from mount_max usage instructions | 
|  |  | 
|  | (#801)
make the udev dependency optional
just show a big warning if `udevrulesdir` is empty | 
|  | PR_SET_NO_NEW_PRIVS was added in linux 3.5 according to prtcl(2) man page
https://elixir.bootlin.com/linux/v4.3/source/include/uapi/linux/prctl.h#L174 | 
|  | This is just to [keep address sanitizer happy](https://github.com/libfuse/libfuse/actions/runs/4730520764/jobs/8394347666?pr=784).  The OS would normally clean this up anyway.
Co-authored-by: Nikolaus Rath <Nikolaus@rath.org> | 
|  | * Fuse mount: make auto_unmount compatible with suid/dev mount options
> When you run as root, fuse normally does not call fusermount but uses
> the mount system call directly. When you specify auto_unmount, it goes
> through fusermount instead. However, fusermount is a setuid binary that
> is normally called by regular users, so it cannot in general accept suid
> or dev options.
In this patch, we split up how fuse mounts as root when `auto_unmount`
is specified.
First, we mount using system calls directly, then we reach out to
fusermount to set up auto_unmount only (with no actual mounting done in
fusermount).
Fixes: #148 | 
|  | And slightly bump minimum meson version. | 
|  | Mostly for consistency with mount(8).
Co-authored-by: Nikolaus Rath <Nikolaus@rath.org> | 
|  | as well as <sys/mount.h> inclusion to new fuse_mount_compat.h file.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com> | 
|  | Fixes https://github.com/libfuse/libfuse/issues/634 and https://github.com/mpartel/bindfs/issues/106 | 
|  |  | 
|  |  | 
|  | In
https://github.com/libfuse/libfuse/blob/77d662459a0fcdf358d515477d33795837e859d5/util/fusermount.c#L1219
`open` is executed as root which does not have access to the mount
point if `allow_other` was not used and the real user id is not 0. Since
`allow_other` usually cannot be specified by unprivileged users,
`auto_unmount` has no effect for unprivileged users.
In this commit, we work around this limitation:
We first try to open the mountpoint as root, and if we get `EACCES`, we
retry as the user who started fusermount, and see if we get `ENOTCONN`.
In my testing, I found that `setfsuid` and `setfsgid` don't work to get
around the lack of `allow_other`.  (Sorry, I don't know enough about the
Linux kernel to tell whether that's significant.)  As a workaround, I
decided to use `setresuid` and `setresgid` in a forked child process,
and communicate via its exit status.
Please give feedback on correctness, style and suggest tests.
Fixes https://github.com/libfuse/libfuse/issues/586 | 
|  | Previous patch had forgotten fusermount. And also had "lazyatime"
instead of "lazytime". | 
|  | This addresses: https://github.com/libfuse/libfuse/issues/724
HAVE_LIBC_VERSIONED_SYMBOLS configures the library if to use
versioned symbols and is set at meson configuration time.
External filesystems (the main target, actually)
include fuse headers and the preprocessor
then acts on HAVE_LIBC_VERSIONED_SYMBOLS. Problem was now that
'config.h' was not distributed with libfuse and so
HAVE_LIBC_VERSIONED_SYMBOLS was never defined with external
tools and the preprocessor did the wrong decision.
This commit also increases the the minimal meson version,
as this depends on meson feature only available in 0.50
<quote 'meson' >
WARNING: Project specifies a minimum meson_
version '>= 0.42' but uses features which were added
 in newer versions:
 * 0.50.0: {'install arg in configure_file'}
</quote>
Additionally the config file has been renamed to "fuse_config.h"
to avoid clashes - 'config.h' is not very specific. | 
|  | Also allows to disable the installation if desired | 
|  | struct fuse_loop_config was passed as a plain struct, without any
version identifer. This had two implications
1) Any addition of new parameters required a FUSE_SYMVER for
fuse_session_loop_mt() and fuse_loop_mt() as otherwise a read
beyond end-of previous struct size might have happened.
2) Filesystems also might have been recompiled and the developer
might not have noticed the struct extensions and unexpected for
the developer (or people recomliling the code) uninitialized
parameters would have been passed.
Code is updated to have struct fuse_loop_config as an opaque/private
data type for file systems that want version 312
(FUSE_MAKE_VERSION(3, 12)). The deprecated fuse_loop_config_v1
is visible, but should not be used outside of internal
conversion functions
File systems that want version >= 32 < 312 get the previous
struct (through ifdefs) and the #define of fuse_loop_mt
and fuse_session_loop_mt ensures that these recompiled file
systems call into the previous API, which then converts
the struct. This is similar to existing compiled applications
when just libfuse updated, but binaries it is solved with
the FUSE_SYMVER ABI compact declarations.
Signed-off-by: Bernd Schubert <bschubert@ddn.com> | 
|  | (#682)"
This reverts commit 8db2ba06fef10f38f90b0f3213dd39ec07678e2f. This Meson version is not
yet generally available, so we do not want to depend on it.. | 
|  | meson was complaining:
Build targets in project: 27
NOTICE: Future-deprecated features used:
 * 0.56.0: {'Dependency.get_pkgconfig_variable'}
So change to .get_variable(pkgconfig : 'type' and also increase
the meson minimal version to be able to handle it.
Co-authored-by: Bernd Schubert <bschubert@ddn.com> | 
|  | The command isn't freed and the fuse_fd isn't
closed if execl failed. Fix it.
Signed-off-by: Lixiaokeng <lixiaokeng@huawei.com> | 
|  |  | 
|  | Commit 0bef21e8543d removed "-o nonempty" since mounting over
non-empty directories is always allowed. But this broke tools which
specify "-o nonempty". Since the expected behaviour is the same
anyway, ignoring the "nonempty" option seems safe, and allows programs
specifying "-o nonempty" to continue working with fusermount3.
This would fix https://bugs.debian.org/939767
Signed-off-by: Stephen Kitt <steve@sk2.org> | 
|  | It is perfectly legal to execute a program with argc == 0 and therefore
no argv.
fusermount needs to check for this case, otherwise it will pass a NULL
poiunter to strdup() and cause undefined behavior.
Especially since fusermount is setuid root, we need to extra be careful.
Signed-off-by: Richard Weinberger <richard@nod.at> | 
|  | UMOUNT_NOFOLLOW was added in Kernel 2.6.34. It's been 10 years since it's been added
Kernel 5.9, and 5.10 break this check mechanism[1]. Let's deprecate it.
[1]: https://lore.kernel.org/linux-fsdevel/20201223102604.2078-1-sargun@sargun.me/
Signed-off-by: Sargun Dhillon <sargun@sargun.me> | 
|  |  | 
|  | In mount.fuse.c, there are several memory leak problems in
main func. For example, setuid_name is allocated by calling
xstrdup func, however it is not freed before calling execl func.
Signed-off-by: Zhiqiang Liu <liuzhiqiang26@huawei.com>
Signed-off-by: Haotian Li <lihaotian9@huawei.com> | 
|  | In mount.fuse.c, pwd is set by calling getpwnam func.
If the matching entry is not found or an error occurs in
getpwnam func, pwd will be NULL. So we need to check
whether pwd is NULL before accessing it.
Signed-off-by: Zhiqiang Liu <liuzhiqiang26@huawei.com>
Signed-off-by: Haotian Li <lihaotian9@huawei.com> | 
|  |  | 
|  | IN a bunch of comments we say 'under the terms of the GNU GPL', make
it clear this is GPLv2 (as LICENSE says).
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com> | 
|  | Define FUSE_USE_VERSION < 35 to get old ioctl prototype
with int commands; define FUSE_USE_VERSION >= 35 to get
new ioctl prototype with unsigned int commands.
Fixes #463. | 
|  |  | 
|  | sysconfdir defaults to /usr/local/etc which is almost always the wrong
choice.
Fixes: #427 |