main: accept -dev, -nodev, -suid, -nosuid, -exec, -noexec

When mounted via /etc/fstab like this,

  /a /b fuse.gocryptfs default 0 0

we always get extra options passed. As reported by @mahkoh
at https://github.com/rfjakob/gocryptfs/pull/233 :

  mount passes `-o noexec` if `-o user` is set and `-o exec` is not set.
  If both `-o user` and `-o exec` are set, it passes `-o exec`.

Make these options work, and in addtion, also make -suid and -rw
work the same way.

Reported-by: @mahkoh

1 files changed, 18 insertions, 2 deletions

diff --git a/mount.go b/mount.go
index 54ceedc..cbe77b4 100644
--- a/mount.go
+++ b/mount.go
@@ -314,17 +314,33 @@ func initGoFuse(fs pathfs.FileSystem, args *argContainer) *fuse.Server {
 	if args.reverse {
 		mOpts.Name += "-reverse"
 	}
-
 	// Add a volume name if running osxfuse. Otherwise the Finder will show it as
 	// something like "osxfuse Volume 0 (gocryptfs)".
 	if runtime.GOOS == "darwin" {
 		mOpts.Options = append(mOpts.Options, "volname="+path.Base(args.mountpoint))
 	}
-
 	// The kernel enforces read-only operation, we just have to pass "ro".
 	// Reverse mounts are always read-only.
 	if args.ro || args.reverse {
 		mOpts.Options = append(mOpts.Options, "ro")
+	} else if args.rw {
+		mOpts.Options = append(mOpts.Options, "rw")
+	}
+	// If both "nosuid" and "suid" were passed, the safer option wins.
+	if args.nosuid {
+		mOpts.Options = append(mOpts.Options, "nosuid")
+	} else if args.suid {
+		mOpts.Options = append(mOpts.Options, "suid")
+	}
+	if args.nodev {
+		mOpts.Options = append(mOpts.Options, "nodev")
+	} else if args.dev {
+		mOpts.Options = append(mOpts.Options, "dev")
+	}
+	if args.noexec {
+		mOpts.Options = append(mOpts.Options, "noexec")
+	} else if args.exec {
+		mOpts.Options = append(mOpts.Options, "exec")
 	}
 	// Add additional mount options (if any) after the stock ones, so the user has
 	// a chance to override them.