On Wed, 10 Jul 2024 at 21:55, stsp <stsp2@xxxxxxxxx> wrote: > > Hi guys! > > I started to try my app with fuse, and > faced 2 problems that are not present > with other FSes. > > 1. fuse insists on saved-UID to match owner UID. > In fact, fuse_permissible_uidgid() in fs/fuse/dir.c > checks everything but fsuid, whereas other > FSes seem to check fsuid. > Can fuse change that and allow saved-UID > to mismatch? Perhaps by just checking fsuid > instead? Use the "allow_other" mount option. > 2. My app uses the "file server" which passes > the opened fds to the less-privileged process. > This doesn't work with fuse: the passed fd > gives EACCES on eg fstat() (and likely also on > all other syscalls, haven't checked further), > while with other FSes, most operations succeed. > Some are failing on other FSes as well, like > eg fsetxattr(). I moved them to the FS server > by the trial-and-error rounds, but they are very few. > Would it be possible for fuse to allow as much > operations on an open fd, as the other FSes do? > Otherwise the priv separation seems impossible. See above. Thanks, Miklos
