fusefrontend: -allow_other: Use MknodatUser in Mknod FUSE call.

Instead of manually adjusting the user and mode after creating the device file, adjust effective permissions and let the kernel deal with it. Related to https://github.com/rfjakob/gocryptfs/issues/338.
author: Sebastian Lackner 2019-01-12 21:19:23 +0100
committer: Sebastian Lackner 2019-01-12 21:20:16 +0100
commit: 1fbe7798cf879d80cfbd755b05bdadae24bc5519 (patch)
tree: 43fdd12317feaebd3fa8d318ba09a9fce60d2d1f /internal/syscallcompat/sys_linux.go
parent: a525e33eaa59c6561653a5fc40e5c4d5a9a3184b (diff)
1 files changed, 22 insertions, 0 deletions
diff --git a/internal/syscallcompat/sys_linux.go b/internal/syscallcompat/sys_linux.go
index a431195..cf747b1 100644
--- a/internal/syscallcompat/sys_linux.go
+++ b/internal/syscallcompat/sys_linux.go
@@ -113,6 +113,28 @@ func Mknodat(dirfd int, path string, mode uint32, dev int) (err error) {
 	return syscall.Mknodat(dirfd, path, mode, dev)
 }
 
+// MknodatUser runs the Mknodat syscall in the context of a different user.
+func MknodatUser(dirfd int, path string, mode uint32, dev int, context *fuse.Context) (err error) {
+	if context != nil {
+		runtime.LockOSThread()
+		defer runtime.UnlockOSThread()
+
+		err = syscall.Setregid(-1, int(context.Owner.Gid))
+		if err != nil {
+			return err
+		}
+		defer syscall.Setregid(-1, 0)
+
+		err = syscall.Setreuid(-1, int(context.Owner.Uid))
+		if err != nil {
+			return err
+		}
+		defer syscall.Setreuid(-1, 0)
+	}
+
+	return Mknodat(dirfd, path, mode, dev)
+}
+
 // Dup3 wraps the Dup3 syscall. We want to use Dup3 rather than Dup2 because Dup2
 // is not implemented on arm64.
 func Dup3(oldfd int, newfd int, flags int) (err error) {
author	Sebastian Lackner	2019-01-12 21:19:23 +0100
committer	Sebastian Lackner	2019-01-12 21:20:16 +0100
commit	1fbe7798cf879d80cfbd755b05bdadae24bc5519 (patch)
tree	43fdd12317feaebd3fa8d318ba09a9fce60d2d1f /internal/syscallcompat/sys_linux.go
parent	a525e33eaa59c6561653a5fc40e5c4d5a9a3184b (diff)