From da7c9b228aaf31f37684e106b75262055ca440de Mon Sep 17 00:00:00 2001
From: Mattias Nissler <mnissler@chromium.org>
Date: Fri, 31 Aug 2018 09:44:04 +0200
Subject: Add unprivileged option in `mount.fuse3`

The unprivileged option allows to run the FUSE file system process
without privileges by dropping capabilities and preventing them from
being re-acquired via setuid / fscaps etc. To accomplish this,
mount.fuse sets up the `/dev/fuse` file descriptor and mount itself
and passes the file descriptor via the `/dev/fd/%u` mountpoint syntax
to the FUSE file system.
---
 ChangeLog.rst | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'ChangeLog.rst')

diff --git a/ChangeLog.rst b/ChangeLog.rst
index 65f57d7..24b4d9c 100644
--- a/ChangeLog.rst
+++ b/ChangeLog.rst
@@ -12,6 +12,11 @@ Unreleased Changes
   special format `/dev/fd/%u`. This allows mounting to be handled by the parent
   so the FUSE filesystem process can run fully unprivileged.
 
+* Add a `drop_privileges` option to mount.fuse3 which causes it to open
+  `/dev/fuse` and mount the file system itself, then run the FUSE file
+  filesystem fully unprivileged and unable to re-acquire privilege via setuid,
+  fscaps, etc.
+
 libfuse 3.2.6 (2018-08-31)
 ==========================
 
-- 
cgit v1.2.3