diff options
author | Sebastian Lackner | 2019-01-12 20:57:31 +0100 |
---|---|---|
committer | Sebastian Lackner | 2019-01-12 21:20:07 +0100 |
commit | a525e33eaa59c6561653a5fc40e5c4d5a9a3184b (patch) | |
tree | b07cb803ad0f6fe3db093200084f841a93b7b52e /internal/syscallcompat | |
parent | 03b9d65cce53fb95b7d489ecd03d0853b9b923fb (diff) |
fusefrontend: -allow_other: Use MkdiratUser in Mkdir FUSE call.
Revert commit fcaca5fc94d981aa637beb752edc8cb3c2265e96.
Instead of manually adjusting the user and mode after creating the
directory, adjust effective permissions and let the kernel deal with it.
Related to https://github.com/rfjakob/gocryptfs/issues/338.
Diffstat (limited to 'internal/syscallcompat')
-rw-r--r-- | internal/syscallcompat/sys_darwin.go | 5 | ||||
-rw-r--r-- | internal/syscallcompat/sys_linux.go | 22 |
2 files changed, 27 insertions, 0 deletions
diff --git a/internal/syscallcompat/sys_darwin.go b/internal/syscallcompat/sys_darwin.go index 7defc5f..3c431b9 100644 --- a/internal/syscallcompat/sys_darwin.go +++ b/internal/syscallcompat/sys_darwin.go @@ -79,6 +79,11 @@ func Mkdirat(dirfd int, path string, mode uint32) (err error) { return emulateMkdirat(dirfd, path, mode) } +func MkdiratUser(dirfd int, path string, mode uint32, context *fuse.Context) (err error) { + // FIXME: take into account context.Owner + return Mkdirat(dirfd, path, mode) +} + func Fstatat(dirfd int, path string, stat *unix.Stat_t, flags int) (err error) { return emulateFstatat(dirfd, path, stat, flags) } diff --git a/internal/syscallcompat/sys_linux.go b/internal/syscallcompat/sys_linux.go index 595aa1d..a431195 100644 --- a/internal/syscallcompat/sys_linux.go +++ b/internal/syscallcompat/sys_linux.go @@ -180,6 +180,28 @@ func Mkdirat(dirfd int, path string, mode uint32) (err error) { return syscall.Mkdirat(dirfd, path, mode) } +// MkdiratUser runs the Mkdirat syscall in the context of a different user. +func MkdiratUser(dirfd int, path string, mode uint32, context *fuse.Context) (err error) { + if context != nil { + runtime.LockOSThread() + defer runtime.UnlockOSThread() + + err = syscall.Setregid(-1, int(context.Owner.Gid)) + if err != nil { + return err + } + defer syscall.Setregid(-1, 0) + + err = syscall.Setreuid(-1, int(context.Owner.Uid)) + if err != nil { + return err + } + defer syscall.Setreuid(-1, 0) + } + + return Mkdirat(dirfd, path, mode) +} + // Fstatat syscall. func Fstatat(dirfd int, path string, stat *unix.Stat_t, flags int) (err error) { // Why would we ever want to call this without AT_SYMLINK_NOFOLLOW? |