1 files changed, 11 insertions, 5 deletions

diff --git a/mount.go b/mount.go
index 0eaa3dd..5c0f064 100644
--- a/mount.go
+++ b/mount.go
@@ -13,7 +13,6 @@ import (
 	"runtime"
 	"runtime/debug"
 	"strings"
-	"sync/atomic"
 	"syscall"
 	"time"
 
@@ -181,7 +180,7 @@ func idleMonitor(idleTimeout time.Duration, fs *fusefrontend.RootNode, srv *fuse
 	}
 	for {
 		// Atomically check whether the flag is 0 and reset it to 1 if so.
-		isIdle := !atomic.CompareAndSwapUint32(&fs.IsIdle, 0, 1)
+		isIdle := !fs.IsIdle.CompareAndSwap(false, true)
 		// Any form of current or recent access resets the idle counter.
 		openFileCount := openfiletable.CountOpenFiles()
 		if !isIdle || openFileCount > 0 {
@@ -316,9 +315,13 @@ func initFuseFrontend(args *argContainer) (rootNode fs.InodeEmbedder, wipeKeys f
 			}
 		}
 	}
-	// If allow_other is set and we run as root, try to give newly created files to
-	// the right user.
-	if args.allow_other && os.Getuid() == 0 {
+	// If allow_other is set and we run as root, create files as the accessing
+	// user.
+	// Except when -force_owner is set, because in this case the user may
+	// not have write permissions. And the point of -force_owner is to map uids,
+	// so we want the files on the backing dir to get the uid the gocryptfs process
+	// is running as.
+	if args.allow_other && os.Getuid() == 0 && args._forceOwner == nil {
 		frontendArgs.PreserveOwner = true
 	}
 
@@ -469,6 +472,9 @@ func initGoFuse(rootNode fs.InodeEmbedder, args *argContainer) *fuse.Server {
 	} else if args.exec {
 		opts["exec"] = ""
 	}
+	if args.context != "" {
+		opts["context"] = args.context
+	}
 	// Add additional mount options (if any) after the stock ones, so the user has
 	// a chance to override them.
 	if args.ko != "" {