Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fuse: support special /dev/fd/N mountpoint #26

Merged
merged 2 commits into from
Aug 6, 2024
Merged

fuse: support special /dev/fd/N mountpoint #26

merged 2 commits into from
Aug 6, 2024

Conversation

jiefenghuang
Copy link

rfjakob added 2 commits August 6, 2024 14:42
@rfjakob @jiefenghuang
fuse: move fusermount logic to new callFusermount() helper
6ffb07f 
This makes the function available to testing, which will
be used in the next commit.

Change-Id: I2df7aaf50748f209964da6f14764e81237d49027
@rfjakob @jiefenghuang
fuse: support special /dev/fd/N mountpoint
09dcd03 
libfuse introduced [1] a special `/dev/fd/N` syntax for the mountpoint:
It means that a privileged parent process:

 * Opened /dev/fuse
 * Called mount() on a real mountpoint directory
 * Inherited the fd to /dev/fuse to us
 * Informs us about the fd number via /dev/fd/N

This functionality is used to allow FUSE mounts inside containers
that have neither root permissions nor suid binaries [2], and
for the --drop_privileges flag of mount.fuse3 [4]

Tested with singularity and gocryptfs and actually works [3].

v2: Added doccomment for NewServer.
v3: Added specific error message on Server.Unmount().
v4: Moved mount details to package comment

[1] libfuse/libfuse@64e1107
[2] rfjakob/gocryptfs#590
[3] $ singularity run --fusemount "host:gocryptfs --extpass echo --extpass test /tmp/a /mnt" docker://ubuntu
    INFO:    Using cached SIF image
    Reading password from extpass program "echo", arguments: ["test"]
    Decrypting master key
    bash: /home/jakob/.cargo/env: No such file or directory
    bash: /home/jakob/.cargo/env: No such file or directory
    bash: /home/jakob/.cargo/env: No such file or directory
    Singularity> Filesystem mounted and ready.
[4] man mount.fuse3

Change-Id: Ibcc2464b0ef1e3d236207981b487fd9a7d94c910
@jiefenghuang jiefenghuang merged commit 5dbad4f into master Aug 6, 2024
@jiefenghuang jiefenghuang deleted the feat/fd branch August 6, 2024 06:46
@jiefenghuang jiefenghuang mentioned this pull request Sep 20, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@jiefenghuang @rfjakob