On Wed, Feb 27, 2019 at 3:24 PM Matthew Garrett
<matthewgarrett@xxxxxxxxxx> wrote:
> FUSE implementations may have a secure way to provide file hashes (eg,
> they're a front-end to a remote store that ties files to their hashes).
> Allow filesystems to expose this information, but require an option to
> be provided before it can be used. This is to avoid malicious users
> being able to mount an unprivileged FUSE filesystem that provides
> incorrect hashes.
>
> A sufficiently malicious FUSE filesystem may still simply swap out its
> contents after the hash has been obtained - this patchset does nothing
> to change that, and sysadmins should have appropriate policy in place to
> protect against that.
[...]
> diff --git a/fs/fuse/fuse_i.h b/fs/fuse/fuse_i.h
> index 2f2c92e6f8cb..f63920ebce85 100644
> --- a/fs/fuse/fuse_i.h
> +++ b/fs/fuse/fuse_i.h
> @@ -705,6 +705,13 @@ struct fuse_conn {
> /** Does the filesystem support copy_file_range? */
> unsigned no_copy_file_range:1;
>
> + /*
> + * Allow the underlying filesystem to the hash of a file. This is
nit: "to provide the", or something like that?
