diff options
author | Sebastian Lackner | 2019-01-12 20:42:05 +0100 |
---|---|---|
committer | Sebastian Lackner | 2019-01-12 20:54:39 +0100 |
commit | 03b9d65cce53fb95b7d489ecd03d0853b9b923fb (patch) | |
tree | 77f4bd028ab950861a6fa7af274fb56b271f1930 /internal/syscallcompat | |
parent | 669322482a9be3d62abbe0361a8cc2e10e99fc3e (diff) |
fusefrontend: -allow_other: Use OpenatUser in Create FUSE call.
Revert commit b22cc03c7516b2003880db8375d26c76d6dff093.
Instead of manually adjusting the user and mode after creating the
file, adjust effective permissions and let the kernel deal with it.
Related to https://github.com/rfjakob/gocryptfs/issues/338.
Diffstat (limited to 'internal/syscallcompat')
-rw-r--r-- | internal/syscallcompat/sys_darwin.go | 5 | ||||
-rw-r--r-- | internal/syscallcompat/sys_linux.go | 23 |
2 files changed, 28 insertions, 0 deletions
diff --git a/internal/syscallcompat/sys_darwin.go b/internal/syscallcompat/sys_darwin.go index 993c229..7defc5f 100644 --- a/internal/syscallcompat/sys_darwin.go +++ b/internal/syscallcompat/sys_darwin.go @@ -46,6 +46,11 @@ func Openat(dirfd int, path string, flags int, mode uint32) (fd int, err error) return emulateOpenat(dirfd, path, flags, mode) } +func OpenatUser(dirfd int, path string, flags int, mode uint32, context *fuse.Context) (fd int, err error) { + // FIXME: take into account context.Owner + return Openat(dirfd, path, flags, mode) +} + func Renameat(olddirfd int, oldpath string, newdirfd int, newpath string) (err error) { return emulateRenameat(olddirfd, oldpath, newdirfd, newpath) } diff --git a/internal/syscallcompat/sys_linux.go b/internal/syscallcompat/sys_linux.go index 5c180ec..595aa1d 100644 --- a/internal/syscallcompat/sys_linux.go +++ b/internal/syscallcompat/sys_linux.go @@ -3,6 +3,7 @@ package syscallcompat import ( "fmt" + "runtime" "sync" "syscall" @@ -75,6 +76,28 @@ func Openat(dirfd int, path string, flags int, mode uint32) (fd int, err error) return syscall.Openat(dirfd, path, flags, mode) } +// OpenatUser runs the Openat syscall in the context of a different user. +func OpenatUser(dirfd int, path string, flags int, mode uint32, context *fuse.Context) (fd int, err error) { + if context != nil { + runtime.LockOSThread() + defer runtime.UnlockOSThread() + + err = syscall.Setregid(-1, int(context.Owner.Gid)) + if err != nil { + return -1, err + } + defer syscall.Setregid(-1, 0) + + err = syscall.Setreuid(-1, int(context.Owner.Uid)) + if err != nil { + return -1, err + } + defer syscall.Setreuid(-1, 0) + } + + return Openat(dirfd, path, flags, mode) +} + // Renameat wraps the Renameat syscall. func Renameat(olddirfd int, oldpath string, newdirfd int, newpath string) (err error) { return syscall.Renameat(olddirfd, oldpath, newdirfd, newpath) |