From 2b04a791b76cfe0457fb1827300a853ec82f582b Mon Sep 17 00:00:00 2001
From: Antonio SJ Musumeci <trapexit@spawn.link>
Date: Fri, 25 Apr 2025 14:33:10 -0500
Subject: [PATCH] Add config option to control default_permissions

Defaults true but there might be some situations where it is useful to
disable.
---
 mkdocs/docs/config/export-support.md          |  3 ++-
 .../docs/config/kernel-permissions-check.md   | 19 ++++++++++++++++
 mkdocs/mkdocs.yml                             |  1 +
 src/config.cpp                                |  2 ++
 src/config.hpp                                |  1 +
 src/option_parser.cpp                         | 22 ++++++++++++++-----
 6 files changed, 42 insertions(+), 6 deletions(-)
 create mode 100644 mkdocs/docs/config/kernel-permissions-check.md

diff --git a/mkdocs/docs/config/export-support.md b/mkdocs/docs/config/export-support.md
index c238e68b..11c5868c 100644
--- a/mkdocs/docs/config/export-support.md
+++ b/mkdocs/docs/config/export-support.md
@@ -1,7 +1,8 @@
 # export-support
 
 * `export-support=true|false`
-* Defaults to `true`.
+* Default: `true`
+
 
 In theory, this flag should not be exposed to the end user. It is a
 low-level FUSE flag which indicates whether or not the kernel can send
diff --git a/mkdocs/docs/config/kernel-permissions-check.md b/mkdocs/docs/config/kernel-permissions-check.md
new file mode 100644
index 00000000..547c818a
--- /dev/null
+++ b/mkdocs/docs/config/kernel-permissions-check.md
@@ -0,0 +1,19 @@
+# kernel-permissions-check
+
+* `kernel-permissions-check=true|false`
+* Default: `true`
+
+
+[FUSE](https://www.kernel.org/doc./html/next/filesystems/fuse.html)
+has a feature which mergerfs leverages which allows the kernel to do
+file permission checking rather than leaving it to the FUSE server (in
+this case mergerfs.) This improves performance. However, it also
+limits flexibility.
+
+mergerfs should work fine regardless of this setting but there might
+be some currently unknown edge cases where disabling the feature might
+help. Like [export-support](export-support.md) this is mostly for
+debugging.
+
+This option is a kernel mount option so unable to be changed at
+runtime.
diff --git a/mkdocs/mkdocs.yml b/mkdocs/mkdocs.yml
index 9a3a8937..e41c4c6a 100644
--- a/mkdocs/mkdocs.yml
+++ b/mkdocs/mkdocs.yml
@@ -88,6 +88,7 @@ nav:
   - config/statfs.md
   - config/flush-on-close.md
   - config/export-support.md
+  - config/kernel-permissions-check.md
 - error_handling_and_logging.md
 - runtime_interfaces.md
 - remote_filesystems.md
diff --git a/src/config.cpp b/src/config.cpp
index 4946cbd0..8fe82788 100644
--- a/src/config.cpp
+++ b/src/config.cpp
@@ -63,6 +63,7 @@ namespace l
     IFERT("export-support");
     IFERT("fsname");
     IFERT("fuse_msg_size");
+    IFERT("kernel-permissions-check");
     IFERT("mount");
     IFERT("nullrw");
     IFERT("pid");
@@ -186,6 +187,7 @@ Config::Config()
   _map["ignorepponrename"]       = &ignorepponrename;
   _map["inodecalc"]              = &inodecalc;
   _map["kernel_cache"]           = &kernel_cache;
+  _map["kernel-permissions-check"] = &kernel_permissions_check;
   _map["lazy-umount-mountpoint"] = &lazy_umount_mountpoint;
   _map["link_cow"]               = &link_cow;
   _map["link-exdev"]             = &link_exdev;
diff --git a/src/config.hpp b/src/config.hpp
index 6d925dc5..ca20e347 100644
--- a/src/config.hpp
+++ b/src/config.hpp
@@ -133,6 +133,7 @@ public:
   ConfigBOOL     ignorepponrename;
   InodeCalc      inodecalc;
   ConfigBOOL     kernel_cache;
+  ConfigBOOL     kernel_permissions_check = true;
   ConfigBOOL     lazy_umount_mountpoint;
   ConfigBOOL     link_cow;
   LinkEXDEV      link_exdev;
diff --git a/src/option_parser.cpp b/src/option_parser.cpp
index 18a4c5cb..b9a616a7 100644
--- a/src/option_parser.cpp
+++ b/src/option_parser.cpp
@@ -32,11 +32,14 @@
 #include "fuse.h"
 #include "fuse_config.hpp"
 
+#include "nonstd/string_view.hpp"
+
 #include <fstream>
 #include <iomanip>
 #include <iostream>
 #include <string>
 #include <vector>
+#include <array>
 
 #include <stddef.h>
 #include <stdio.h>
@@ -114,9 +117,12 @@ set_subtype(fuse_args *args_)
 
 static
 void
-set_default_options(fuse_args *args_)
+set_default_options(fuse_args     *args_,
+                    Config::Write &cfg_)
 {
-  set_option("default_permissions",args_);
+  if(cfg_->kernel_permissions_check)
+    set_option("default_permissions",args_);
+
   if(geteuid() == 0)
     set_option("allow_other",args_);
   else
@@ -127,7 +133,7 @@ static
 bool
 should_ignore(const std::string &key_)
 {
-  static const std::set<std::string> IGNORED_KEYS =
+  constexpr const std::array<nonstd::string_view,13> ignored_keys =
     {
       "atomic_o_trunc",
       "big_writes",
@@ -144,7 +150,13 @@ should_ignore(const std::string &key_)
       "use_ino",
     };
 
-  return (IGNORED_KEYS.find(key_) != IGNORED_KEYS.end());
+  for(const auto &key : ignored_keys)
+    {
+      if(key == key_)
+        return true;
+    }
+
+  return false;
 }
 
 static
@@ -464,7 +476,7 @@ namespace options
 
     check_for_mount_loop(cfg,errs_);
 
-    set_default_options(args_);
+    set_default_options(args_,cfg);
     set_fsname(cfg,args_);
     set_subtype(args_);
     set_fuse_threads(cfg);