From da7c9b228aaf31f37684e106b75262055ca440de Mon Sep 17 00:00:00 2001 From: Mattias Nissler Date: Fri, 31 Aug 2018 09:44:04 +0200 Subject: Add unprivileged option in `mount.fuse3` The unprivileged option allows to run the FUSE file system process without privileges by dropping capabilities and preventing them from being re-acquired via setuid / fscaps etc. To accomplish this, mount.fuse sets up the `/dev/fuse` file descriptor and mount itself and passes the file descriptor via the `/dev/fd/%u` mountpoint syntax to the FUSE file system. --- lib/helper.c | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) (limited to 'lib/helper.c') diff --git a/lib/helper.c b/lib/helper.c index e1de362..5b80c6e 100644 --- a/lib/helper.c +++ b/lib/helper.c @@ -420,3 +420,21 @@ struct fuse_conn_info_opts* fuse_parse_conn_info_opts(struct fuse_args *args) } return opts; } + +int fuse_open_channel(const char *mountpoint, const char* options) +{ + struct mount_opts *opts = NULL; + int fd = -1; + const char *argv[] = { "", "-o", options }; + int argc = sizeof(argv) / sizeof(argv[0]); + struct fuse_args args = FUSE_ARGS_INIT(argc, (char**) argv); + + opts = parse_mount_opts(&args); + if (opts == NULL) + return -1; + + fd = fuse_kern_mount(mountpoint, opts); + destroy_mount_opts(opts); + + return fd; +} -- cgit v1.2.3