summaryrefslogtreecommitdiff
path: root/internal/syscallcompat/sys_darwin.go
AgeCommit message (Collapse)Author
2019-01-14syscallcompat: rework Fchmodat to FchmodatNofollowJakob Unterwurzacher
We never want Fchmodat to follow symlinks, so follow what Qemu does, and call our function FchmodatNofollow.
2019-01-14syscallcompat: Drop Fstatat emulation on macOS.Sebastian Lackner
2019-01-14syscallcompat: Drop Mkdirat emulation on macOS.Sebastian Lackner
2019-01-14syscallcompat: Drop Symlinkat emulation on macOS.Sebastian Lackner
2019-01-14syscallcompat: Drop Fchownat emulation on macOS.Sebastian Lackner
2019-01-14syscallcompat: Drop Fchmodat emulation on macOS.Sebastian Lackner
On macOS the function has a flags argument, so we don't need the /proc/self/fd trick used on Linux.
2019-01-14syscallcompat: Drop Unlinkat emulation on macOS.Sebastian Lackner
2019-01-14syscallcompat: Drop Renameat emulation on macOS.Sebastian Lackner
2019-01-14syscallcompat: Drop Openat emulation on macOS.Sebastian Lackner
2019-01-14syscallcompat: Use pthread_setugid_np() to implement *User() functions on macOS.Sebastian Lackner
Fixes -allow_other mode on macOS.
2019-01-13macos: filter SUID and SGID bits in OpenatUser, MknodatUser, MkdiratUserJakob Unterwurzacher
When gocryptfs runs as root, we don't want to allow people to create SUID root files.
2019-01-12fusefrontend: -allow_other: Use SymlinkatUser in Symlink FUSE call.Sebastian Lackner
Instead of manually adjusting the user after creating the symlink, adjust effective permissions and let the kernel deal with it. Related to https://github.com/rfjakob/gocryptfs/issues/338.
2019-01-12fusefrontend: -allow_other: Use MknodatUser in Mknod FUSE call.Sebastian Lackner
Instead of manually adjusting the user and mode after creating the device file, adjust effective permissions and let the kernel deal with it. Related to https://github.com/rfjakob/gocryptfs/issues/338.
2019-01-12fusefrontend: -allow_other: Use MkdiratUser in Mkdir FUSE call.Sebastian Lackner
Revert commit fcaca5fc94d981aa637beb752edc8cb3c2265e96. Instead of manually adjusting the user and mode after creating the directory, adjust effective permissions and let the kernel deal with it. Related to https://github.com/rfjakob/gocryptfs/issues/338.
2019-01-12fusefrontend: -allow_other: Use OpenatUser in Create FUSE call.Sebastian Lackner
Revert commit b22cc03c7516b2003880db8375d26c76d6dff093. Instead of manually adjusting the user and mode after creating the file, adjust effective permissions and let the kernel deal with it. Related to https://github.com/rfjakob/gocryptfs/issues/338.
2018-09-08syscallcompat: use O_PATH in OpenDirNofollowJakob Unterwurzacher
This fixes the "0100 directory" problem in reverse mode, and should be slightly faster.
2018-07-04macos: fix O_DIRECT build failureJakob Unterwurzacher
O_DIRECT has no direct equivalent on MacOS (check out https://github.com/libuv/libuv/issues/1600 for details). Just define it to zero there.
2017-12-03syscallcompat: add Fstatat + emulation + testJakob Unterwurzacher
Fstatat has recently been added to x/sys/unix. Make it available for use in gocryptfs.
2017-11-30syscallcompat: build emulated syscalls under linux, tooJakob Unterwurzacher
This will allow to test them under linux as well.
2017-11-29fusefrontend: allow_other: close race between mkdir and chownSebastian Lackner
Fixes the same problem as described in 72b975867a3b9bdf53fc2da62e2ba4a328d7e4ab, except for directories instead of device nodes.
2017-11-29fusefrontend: Use Fchmodat to implement ChmodSebastian Lackner
2017-11-29syscallcompat: Introduce unlinkat syscall with flags argumentSebastian Lackner
2017-11-28fusefrontend: Use the Symlinkat syscall for longname handlingSebastian Lackner
2017-11-28syscallcompat: Fix Fchownat syscall wrapper on darwinSebastian Lackner
* Acquire the lock before reading the current directory * Fix a file descriptor leak
2017-11-27fusefronted: allow_other: close race between mknod and chownJakob Unterwurzacher
If the user manages to replace the directory with a symlink at just the right time, we could be tricked into chown'ing the wrong file. This change fixes the race by using fchownat, which unfortunately is not available on darwin, hence a compat wrapper is added. Scenario, as described by @slackner at https://github.com/rfjakob/gocryptfs/issues/177 : 1. Create a forward mount point with `plaintextnames` enabled 2. Mount as root user with `allow_other` 3. For testing purposes create a file `/tmp/file_owned_by_root` which is owned by the root user 4. As a regular user run inside of the GoCryptFS mount: ``` mkdir tempdir mknod tempdir/file_owned_by_root p & mv tempdir tempdir2 ln -s /tmp tempdir ``` When the steps are done fast enough and in the right order (run in a loop!), the device file will be created in `tempdir`, but the `lchown` will be executed by following the symlink. As a result, the ownership of the file located at `/tmp/file_owned_by_root` will be changed.
2017-06-18main, syscallcompat: use Dup3 instead of Dup2Jakob Unterwurzacher
Dup2 is not implemented on linux/arm64. Fixes https://github.com/rfjakob/gocryptfs/issues/121 . Also adds cross-compilation to CI.
2017-02-16syscallcompat: OSX compat: fix variable warningsJakob Unterwurzacher
As suggested by https://github.com/rfjakob/gocryptfs/issues/15#issuecomment-279130217
2016-07-03syscallcompat: OSX: add Mknodat wrapperJakob Unterwurzacher
Protip: find naked *at syscalls using: git grep "syscall." | grep "at(" | grep -v syscallcompat
2016-07-03syscallcompat: OSX: add Unlinkat wrapperJakob Unterwurzacher
Also, replace remaining naked syscall.Openat calls.
2016-07-03syscallcompat: OSX: add Renamat wrapperJakob Unterwurzacher
Adds a poor man's renameat implementation for OSX.
2016-07-03syscallcompat: OSX: add Fallocate and Openat wrappersJakob Unterwurzacher
...and convert all calls to syscall.{Fallocate,Openat} to syscallcompat . Both syscalls are not available on OSX. We emulate Openat and just return EOPNOTSUPP for Fallocate.
2016-07-03syscallcompat: move syscall wrapper to their own packageJakob Unterwurzacher
We will get more of them as OSX also lacks support for openat.