From ed6ed513d7f06178c0de02e8a372c33fe8f842f1 Mon Sep 17 00:00:00 2001
From: Jakob Unterwurzacher
Date: Sun, 30 Sep 2018 19:33:52 +0200
Subject: fusefrontend: make Access() symlink-safe.

Make Access() symlink-safe through use of faccessat.
---
 internal/fusefrontend/fs.go | 14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)

(limited to 'internal/fusefrontend')

diff --git a/internal/fusefrontend/fs.go b/internal/fusefrontend/fs.go
index c0d6151..d2f4867 100644
--- a/internal/fusefrontend/fs.go
+++ b/internal/fusefrontend/fs.go
@@ -581,16 +581,20 @@ func (fs *FS) Link(oldPath string, newPath string, context *fuse.Context) (code
 	return fuse.ToStatus(err)
 }
 
-// Access implements pathfs.Filesystem.
-func (fs *FS) Access(path string, mode uint32, context *fuse.Context) (code fuse.Status) {
-	if fs.isFiltered(path) {
+// Access - FUSE call. Check if a file can be accessed in the specified mode(s)
+// (read, write, execute).
+//
+// Symlink-safe through use of faccessat.
+func (fs *FS) Access(relPath string, mode uint32, context *fuse.Context) (code fuse.Status) {
+	if fs.isFiltered(relPath) {
 		return fuse.EPERM
 	}
-	cPath, err := fs.getBackingPath(path)
+	dirfd, cName, err := fs.openBackingDir(relPath)
 	if err != nil {
 		return fuse.ToStatus(err)
 	}
-	return fuse.ToStatus(syscall.Access(cPath, mode))
+	err = unix.Faccessat(dirfd, cName, mode, unix.AT_SYMLINK_NOFOLLOW)
+	return fuse.ToStatus(err)
 }
 
 // reportMitigatedCorruption is used to report a corruption that was transparently
-- 
cgit v1.2.3