Received: by 2002:a05:6358:1087:b0:cb:c9d3:cd90 with SMTP id j7csp3436415rwi; Sun, 16 Oct 2022 10:49:50 -0700 (PDT) X-Google-Smtp-Source: AMsMyM5q6CYinLD/IixydADliigLSn6gjBnnTq0ka+Basplca/+mgWt3jQTvl4ki6K+s3msZnGAJ X-Received: by 2002:a05:6a00:1406:b0:565:dc13:bb36 with SMTP id l6-20020a056a00140600b00565dc13bb36mr8606697pfu.46.1665942590009; Sun, 16 Oct 2022 10:49:50 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1665942589; cv=none; d=google.com; s=arc-20160816; b=GPlhCQmku9y4ngjLyiPpP+a4ZMmMkY42OtlvgKWk3CkGX602vH1TmZXtAYKKFuLs3A 80f2irYQszYIJvCjFgdYfJFKoQQ1VgBEQoJRx+nCk7y9blHSiEonENO6unjOokhsSO/A gAE534104/IWHPWFOvZ74NX47mNq5/llslPpPo0lKGM5RbD+RBkqQ4eZ4uEsll92TaEp 4Pm4QzIeClageMInTKXCsW5j/VSAGhHuifd+CpA4YbvmSJ7hvyNQxzLoqFbUNjcarDZm gkeSqtU75gPhYMWYKlc9+Ku4npedEUTzhX3BMdZZRzc0s9CFlX1r5Lprs1pUWFD9fYXb 5A2w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from:dkim-signature; bh=L8K2pDAN2Z/HQd5nsHpx4sK4Nu+9ojPx80Rt7M7yDV0=; b=fUJJRLJ64KjH+SJMktux4+ok+e8W1QqsOTmFwogA5Z1MqLoVWvYakdVE79kj3G11Wc E49uL01x6/zD0X2ZAXyb0BovpN7W2pexSS00G7NPtrdeaiu5ZD8T5v999F7DCSu03eNq bwzd8Al7RVvUKstaH+Es/L9B2tv27rUNMluh/K+1g4F9GDJgJHuieWQ+FqDTiiqcqMKF FhHX5yqi9ebsmEu+4qlVxVTzVG8bLusaoDTVtxsYboJ1gqgleBd5F5epTck1qh1KHXFU BkFnznCVm6oBwzyu3rVp2AUBEmm75szCM0IuO/aW+VBiowtnhH2V0/WemIv6iA5LCbLG TpGA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@nightmared.fr header.s=docker header.b="OQlTis/M"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=nightmared.fr Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id j193-20020a638bca000000b00461b86dd4b0si9240834pge.461.2022.10.16.10.49.37; Sun, 16 Oct 2022 10:49:49 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@nightmared.fr header.s=docker header.b="OQlTis/M"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=nightmared.fr Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229768AbiJPRRT (ORCPT + 99 others); Sun, 16 Oct 2022 13:17:19 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40062 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229694AbiJPRRR (ORCPT ); Sun, 16 Oct 2022 13:17:17 -0400 X-Greylist: delayed 977 seconds by postgrey-1.37 at lindbergh.monkeyblade.net; Sun, 16 Oct 2022 10:17:13 PDT Received: from mail.nightmared.fr (mail.nightmared.fr [51.158.148.24]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 0630B2EF04 for ; Sun, 16 Oct 2022 10:17:12 -0700 (PDT) Received: from localhost.localdomain (lfbn-tou-1-1359-241.w90-89.abo.wanadoo.fr [90.89.169.241]) by mail.nightmared.fr (Postfix) with ESMTPSA id 67B2D10809AB; Sun, 16 Oct 2022 17:00:54 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=nightmared.fr; s=docker; t=1665939654; bh=rFuWgWDJKl7wKLx6gi6Yjs/HLUNqC+F5W1fg2LDaI08=; h=From:To:Cc:Subject:Date; b=OQlTis/MwJ5XHf3DzPZYpj9JSjk/V+Q/+6TnDUBgBqB1VvpMyovQgj5XQOooKSWej UBpRbDmfAZJEqv+rRXoD8vXp0eBXuJehpaDUk1YwsXh2gIEnilQIwj5HWB++oLnm5L Wr/0u9hzDEMjTXiFpH+Pk+wGFWiz1HqShf58/OptpM8oWSbhc8OwTAs2AWiU8WiEh9 6epFgHGatpv43TdIAJjk0ztONN8UFBZdT4RQW6FWajl+HhUSQz8AkcAw21cq1YbGfW H1p6u5N34QSn8jFDdViLP4JsKb8JOHYldrkZ4/df1rQ+IRKAXSmRIle+UNawCTDG8u dW7KNVbDRgZ3g== From: Simon Thoby To: Miklos Szeredi Cc: Simon Thoby , CONZELMANN Francois , "Eric W . Biederman" , linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH] fuse: enable unprivileged mounts for fuseblk Date: Sun, 16 Oct 2022 19:00:46 +0200 Message-Id: <20221016170046.171936-1-work.viveris@nightmared.fr> X-Mailer: git-send-email 2.38.0 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Commit 4ad769f3c346ec3d458e255548dec26ca5284cf6 ("fuse: Allow fully unprivileged mounts") enabled mounting filesystems with the 'fuse' type for any user with CAP_SYS_ADMIN inside their respective user namespace, but did not do so for the 'fuseblk' filesystem type. Some FUSE filesystems implementations - like ntfs-3g - prefer using 'fuseblk' over 'fuse', which imply unprivileged users could not use these tools - in their "out-of-the-box" configuration, as these tools can always be patched to use the 'fuse' filesystem type to circumvent the problem. Enable unprivileged mounts for the 'fuseblk' type, thus uniformizing the behavior of the two FUSE filesystem types. Signed-off-by: Simon Thoby --- fs/fuse/inode.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fs/fuse/inode.c b/fs/fuse/inode.c index 6b3beda16c1b..d17f87531dc8 100644 --- a/fs/fuse/inode.c +++ b/fs/fuse/inode.c @@ -1839,7 +1839,7 @@ static struct file_system_type fuseblk_fs_type = { .init_fs_context = fuse_init_fs_context, .parameters = fuse_fs_parameters, .kill_sb = fuse_kill_sb_blk, - .fs_flags = FS_REQUIRES_DEV | FS_HAS_SUBTYPE, + .fs_flags = FS_REQUIRES_DEV | FS_HAS_SUBTYPE | FS_USERNS_MOUNT, }; MODULE_ALIAS_FS("fuseblk"); base-commit: 472c7791cc2b48010af3ce61ce76edbaa26500d2 -- 2.38.0