summaryrefslogtreecommitdiff
path: root/internal/syscallcompat
diff options
context:
space:
mode:
authorSebastian Lackner2019-01-12 20:57:31 +0100
committerSebastian Lackner2019-01-12 21:20:07 +0100
commita525e33eaa59c6561653a5fc40e5c4d5a9a3184b (patch)
treeb07cb803ad0f6fe3db093200084f841a93b7b52e /internal/syscallcompat
parent03b9d65cce53fb95b7d489ecd03d0853b9b923fb (diff)
fusefrontend: -allow_other: Use MkdiratUser in Mkdir FUSE call.
Revert commit fcaca5fc94d981aa637beb752edc8cb3c2265e96. Instead of manually adjusting the user and mode after creating the directory, adjust effective permissions and let the kernel deal with it. Related to https://github.com/rfjakob/gocryptfs/issues/338.
Diffstat (limited to 'internal/syscallcompat')
-rw-r--r--internal/syscallcompat/sys_darwin.go5
-rw-r--r--internal/syscallcompat/sys_linux.go22
2 files changed, 27 insertions, 0 deletions
diff --git a/internal/syscallcompat/sys_darwin.go b/internal/syscallcompat/sys_darwin.go
index 7defc5f..3c431b9 100644
--- a/internal/syscallcompat/sys_darwin.go
+++ b/internal/syscallcompat/sys_darwin.go
@@ -79,6 +79,11 @@ func Mkdirat(dirfd int, path string, mode uint32) (err error) {
return emulateMkdirat(dirfd, path, mode)
}
+func MkdiratUser(dirfd int, path string, mode uint32, context *fuse.Context) (err error) {
+ // FIXME: take into account context.Owner
+ return Mkdirat(dirfd, path, mode)
+}
+
func Fstatat(dirfd int, path string, stat *unix.Stat_t, flags int) (err error) {
return emulateFstatat(dirfd, path, stat, flags)
}
diff --git a/internal/syscallcompat/sys_linux.go b/internal/syscallcompat/sys_linux.go
index 595aa1d..a431195 100644
--- a/internal/syscallcompat/sys_linux.go
+++ b/internal/syscallcompat/sys_linux.go
@@ -180,6 +180,28 @@ func Mkdirat(dirfd int, path string, mode uint32) (err error) {
return syscall.Mkdirat(dirfd, path, mode)
}
+// MkdiratUser runs the Mkdirat syscall in the context of a different user.
+func MkdiratUser(dirfd int, path string, mode uint32, context *fuse.Context) (err error) {
+ if context != nil {
+ runtime.LockOSThread()
+ defer runtime.UnlockOSThread()
+
+ err = syscall.Setregid(-1, int(context.Owner.Gid))
+ if err != nil {
+ return err
+ }
+ defer syscall.Setregid(-1, 0)
+
+ err = syscall.Setreuid(-1, int(context.Owner.Uid))
+ if err != nil {
+ return err
+ }
+ defer syscall.Setreuid(-1, 0)
+ }
+
+ return Mkdirat(dirfd, path, mode)
+}
+
// Fstatat syscall.
func Fstatat(dirfd int, path string, stat *unix.Stat_t, flags int) (err error) {
// Why would we ever want to call this without AT_SYMLINK_NOFOLLOW?