From d6a2f067979186eb1c8422317ea2816d98eee083 Mon Sep 17 00:00:00 2001 From: Antonio SJ Musumeci Date: Sun, 29 Oct 2023 01:44:18 -0500 Subject: [PATCH] Only set allow_other when running as root --- libfuse/lib/mount_generic.c | 21 +++++++++++---------- src/mergerfs.cpp | 11 ++++++++--- src/option_parser.cpp | 6 +++++- 3 files changed, 24 insertions(+), 14 deletions(-) diff --git a/libfuse/lib/mount_generic.c b/libfuse/lib/mount_generic.c index f4252587..9d1cdd23 100644 --- a/libfuse/lib/mount_generic.c +++ b/libfuse/lib/mount_generic.c @@ -61,6 +61,7 @@ enum { }; struct mount_opts { + int allow_other; int ishelp; int flags; int auto_unmount; @@ -76,13 +77,15 @@ struct mount_opts { #define FUSE_MOUNT_OPT(t, p) { t, offsetof(struct mount_opts, p), 1 } static const struct fuse_opt fuse_mount_opts[] = { + FUSE_MOUNT_OPT("allow_other", allow_other), FUSE_MOUNT_OPT("blkdev", blkdev), - FUSE_MOUNT_OPT("auto_unmount", auto_unmount), + FUSE_MOUNT_OPT("auto_unmount", auto_unmount), FUSE_MOUNT_OPT("fsname=%s", fsname), FUSE_MOUNT_OPT("subtype=%s", subtype), + FUSE_OPT_KEY("allow_other", KEY_KERN_OPT), FUSE_OPT_KEY("auto_unmount", KEY_FUSERMOUNT_OPT), - FUSE_OPT_KEY("blkdev", KEY_FUSERMOUNT_OPT), - FUSE_OPT_KEY("fsname=", KEY_FUSERMOUNT_OPT), + FUSE_OPT_KEY("blkdev", KEY_FUSERMOUNT_OPT), + FUSE_OPT_KEY("fsname=", KEY_FUSERMOUNT_OPT), FUSE_OPT_KEY("subtype=", KEY_SUBTYPE_OPT), FUSE_OPT_KEY("large_read", KEY_KERN_OPT), FUSE_OPT_KEY("blksize=", KEY_KERN_OPT), @@ -98,18 +101,18 @@ static const struct fuse_opt fuse_mount_opts[] = { FUSE_OPT_KEY("ro", KEY_KERN_FLAG), FUSE_OPT_KEY("rw", KEY_KERN_FLAG), FUSE_OPT_KEY("suid", KEY_KERN_FLAG), - FUSE_OPT_KEY("nosuid", KEY_KERN_FLAG), + FUSE_OPT_KEY("nosuid", KEY_KERN_FLAG), FUSE_OPT_KEY("dev", KEY_KERN_FLAG), FUSE_OPT_KEY("nodev", KEY_KERN_FLAG), FUSE_OPT_KEY("exec", KEY_KERN_FLAG), - FUSE_OPT_KEY("noexec", KEY_KERN_FLAG), + FUSE_OPT_KEY("noexec", KEY_KERN_FLAG), FUSE_OPT_KEY("async", KEY_KERN_FLAG), FUSE_OPT_KEY("sync", KEY_KERN_FLAG), - FUSE_OPT_KEY("dirsync", KEY_KERN_FLAG), + FUSE_OPT_KEY("dirsync", KEY_KERN_FLAG), FUSE_OPT_KEY("atime", KEY_KERN_FLAG), - FUSE_OPT_KEY("noatime", KEY_KERN_FLAG), + FUSE_OPT_KEY("noatime", KEY_KERN_FLAG), FUSE_OPT_KEY("-h", KEY_HELP), - FUSE_OPT_KEY("--help", KEY_HELP), + FUSE_OPT_KEY("--help", KEY_HELP), FUSE_OPT_KEY("-V", KEY_VERSION), FUSE_OPT_KEY("--version", KEY_VERSION), FUSE_OPT_END @@ -549,8 +552,6 @@ int fuse_kern_mount(const char *mountpoint, struct fuse_args *args) fuse_opt_parse(args, &mo, fuse_mount_opts, fuse_mount_opt_proc) == -1) return -1; - fuse_opt_add_opt(&mo.kernel_opts,"allow_other"); - res = 0; if (mo.ishelp) goto out; diff --git a/src/mergerfs.cpp b/src/mergerfs.cpp index 89bf531e..6460c134 100644 --- a/src/mergerfs.cpp +++ b/src/mergerfs.cpp @@ -249,6 +249,7 @@ namespace l main(const int argc_, char **argv_) { + int rv; Config::Read cfg; Config::ErrVec errs; fuse_args args; @@ -283,9 +284,13 @@ namespace l procfs::init(); - return fuse_main(args.argc, - args.argv, - &ops); + rv = fuse_main(args.argc, + args.argv, + &ops); + + syslog_info("exiting main loop with return code %d",rv); + + return rv; } } diff --git a/src/option_parser.cpp b/src/option_parser.cpp index 4d14a467..8bd3e613 100644 --- a/src/option_parser.cpp +++ b/src/option_parser.cpp @@ -26,6 +26,7 @@ #include "num.hpp" #include "policy.hpp" #include "str.hpp" +#include "syslog.hpp" #include "version.hpp" #include "fuse.h" @@ -116,6 +117,10 @@ void set_default_options(fuse_args *args_) { set_option("default_permissions",args_); + if(geteuid() == 0) + set_option("allow_other",args_); + else + syslog_notice("not auto setting allow_other since not running as root"); } static @@ -124,7 +129,6 @@ should_ignore(const std::string &key_) { static const std::set IGNORED_KEYS = { - "allow_other", "atomic_o_trunc", "big_writes", "cache.open",