[PATCH] FUSE: remove allow_root mount option

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



This patch removes the "allow_root" mount option, since it can be done
in userspace.  Based on Jamie Lokier's idea.

Signed-off-by: Miklos Szeredi <[email protected]>

diff -rup linux-2.6.12-rc2-mm3/fs/fuse/dir.c linux-fuse/fs/fuse/dir.c
--- linux-2.6.12-rc2-mm3/fs/fuse/dir.c	2005-04-22 15:37:21.000000000 +0200
+++ linux-fuse/fs/fuse/dir.c	2005-04-22 15:38:04.000000000 +0200
@@ -420,9 +420,7 @@ static int fuse_revalidate(struct dentry
 
 	if (get_node_id(inode) == FUSE_ROOT_ID) {
 		if (!(fc->flags & FUSE_ALLOW_OTHER) &&
-		    current->fsuid != fc->user_id &&
-		    (!(fc->flags & FUSE_ALLOW_ROOT) ||
-		     !capable(CAP_DAC_OVERRIDE)))
+		    current->fsuid != fc->user_id)
 			return -EACCES;
 	} else if (time_before_eq(jiffies, fi->i_time))
 		return 0;
@@ -434,8 +432,7 @@ static int fuse_permission(struct inode 
 {
 	struct fuse_conn *fc = get_fuse_conn(inode);
 
-	if (!(fc->flags & FUSE_ALLOW_OTHER) && current->fsuid != fc->user_id &&
-	    (!(fc->flags & FUSE_ALLOW_ROOT) || !capable(CAP_DAC_OVERRIDE)))
+	if (!(fc->flags & FUSE_ALLOW_OTHER) && current->fsuid != fc->user_id)
 		return -EACCES;
 	else if (fc->flags & FUSE_DEFAULT_PERMISSIONS) {
 		int err = generic_permission(inode, mask, NULL);
diff -rup linux-2.6.12-rc2-mm3/fs/fuse/fuse_i.h linux-fuse/fs/fuse/fuse_i.h
--- linux-2.6.12-rc2-mm3/fs/fuse/fuse_i.h	2005-04-22 15:37:21.000000000 +0200
+++ linux-fuse/fs/fuse/fuse_i.h	2005-04-22 15:38:04.000000000 +0200
@@ -37,10 +37,6 @@
 /** Bypass the page cache for read and write operations  */
 #define FUSE_DIRECT_IO           (1 << 3)
 
-/** Allow root and setuid-root programs to access fuse-mounted
-    filesystems */
-#define FUSE_ALLOW_ROOT		 (1 << 4)
-
 /** FUSE inode */
 struct fuse_inode {
 	/** Inode data */
diff -rup linux-2.6.12-rc2-mm3/fs/fuse/inode.c linux-fuse/fs/fuse/inode.c
--- linux-2.6.12-rc2-mm3/fs/fuse/inode.c	2005-04-22 15:37:21.000000000 +0200
+++ linux-fuse/fs/fuse/inode.c	2005-04-22 15:38:04.000000000 +0200
@@ -248,7 +247,6 @@ enum {
 	OPT_USER_ID,
 	OPT_DEFAULT_PERMISSIONS,
 	OPT_ALLOW_OTHER,
-	OPT_ALLOW_ROOT,
 	OPT_KERNEL_CACHE,
 	OPT_DIRECT_IO,
 	OPT_MAX_READ,
@@ -261,7 +259,6 @@ static match_table_t tokens = {
 	{OPT_USER_ID,			"user_id=%u"},
 	{OPT_DEFAULT_PERMISSIONS,	"default_permissions"},
 	{OPT_ALLOW_OTHER,		"allow_other"},
-	{OPT_ALLOW_ROOT,		"allow_root"},
 	{OPT_KERNEL_CACHE,		"kernel_cache"},
 	{OPT_DIRECT_IO,			"direct_io"},
 	{OPT_MAX_READ,			"max_read=%u"},
@@ -310,10 +307,6 @@ static int parse_fuse_opt(char *opt, str
 			d->flags |= FUSE_ALLOW_OTHER;
 			break;
 
-		case OPT_ALLOW_ROOT:
-			d->flags |= FUSE_ALLOW_ROOT;
-			break;
-
 		case OPT_KERNEL_CACHE:
 			d->flags |= FUSE_KERNEL_CACHE;
 			break;
@@ -347,8 +340,6 @@ static int fuse_show_options(struct seq_
 		seq_puts(m, ",default_permissions");
 	if (fc->flags & FUSE_ALLOW_OTHER)
 		seq_puts(m, ",allow_other");
-	if (fc->flags & FUSE_ALLOW_ROOT)
-		seq_puts(m, ",allow_root");
 	if (fc->flags & FUSE_KERNEL_CACHE)
 		seq_puts(m, ",kernel_cache");
 	if (fc->flags & FUSE_DIRECT_IO)
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]
  Powered by Linux