Hi guys! I started to try my app with fuse, and faced 2 problems that are not present with other FSes. 1. fuse insists on saved-UID to match owner UID. In fact, fuse_permissible_uidgid() in fs/fuse/dir.c checks everything but fsuid, whereas other FSes seem to check fsuid. Can fuse change that and allow saved-UID to mismatch? Perhaps by just checking fsuid instead? 2. My app uses the "file server" which passes the opened fds to the less-privileged process. This doesn't work with fuse: the passed fd gives EACCES on eg fstat() (and likely also on all other syscalls, haven't checked further), while with other FSes, most operations succeed. Some are failing on other FSes as well, like eg fsetxattr(). I moved them to the FS server by the trial-and-error rounds, but they are very few. Would it be possible for fuse to allow as much operations on an open fd, as the other FSes do? Otherwise the priv separation seems impossible.
