2 * FUSE: Filesystem in Userspace
5 * This program can be distributed under the terms of the GNU GPLv2.
6 * See the file COPYING.
11 * This file system mirrors the existing file system hierarchy of the
12 * system, starting at the root file system. This is implemented by
13 * just "passing through" all requests to the corresponding user-space
14 * libc functions. In contrast to passthrough.c and passthrough_fh.c,
15 * this implementation uses the low-level API. Its performance should
16 * be the least bad among the three, but many operations are not
17 * implemented. In particular, it is not possible to remove files (or
18 * directories) because the code necessary to defer actual removal
19 * until the file is not opened anymore would make the example much
22 * When writeback caching is enabled (-o writeback mount option), it
23 * is only possible to write to files for which the mounting user has
24 * read permissions. This is because the writeback cache requires the
25 * kernel to be able to issue read requests for all files (which the
26 * passthrough filesystem cannot satisfy if it can't read the file in
27 * the underlying filesystem).
31 * gcc -Wall passthrough_ll.c `pkg-config fuse3 --cflags --libs` -o
35 * \include passthrough_ll.c
38 #include "qemu/osdep.h"
39 #include "fuse_virtio.h"
40 #include "fuse_lowlevel.h"
54 #include <sys/mount.h>
55 #include <sys/prctl.h>
56 #include <sys/resource.h>
57 #include <sys/syscall.h>
58 #include <sys/types.h>
60 #include <sys/xattr.h>
63 #include "passthrough_helpers.h"
68 struct lo_inode *inode;
76 /* Maps FUSE fh or ino values to internal objects */
78 struct lo_map_elem *elems;
84 struct lo_inode *next; /* protected by lo->mutex */
85 struct lo_inode *prev; /* protected by lo->mutex */
90 uint64_t refcount; /* protected by lo->mutex */
106 pthread_mutex_t mutex;
116 struct lo_inode root; /* protected by lo->mutex */
117 struct lo_map ino_map; /* protected by lo->mutex */
118 struct lo_map dirp_map; /* protected by lo->mutex */
119 struct lo_map fd_map; /* protected by lo->mutex */
121 /* An O_PATH file descriptor to /proc/self/fd/ */
125 static const struct fuse_opt lo_opts[] = {
126 { "writeback", offsetof(struct lo_data, writeback), 1 },
127 { "no_writeback", offsetof(struct lo_data, writeback), 0 },
128 { "source=%s", offsetof(struct lo_data, source), 0 },
129 { "flock", offsetof(struct lo_data, flock), 1 },
130 { "no_flock", offsetof(struct lo_data, flock), 0 },
131 { "xattr", offsetof(struct lo_data, xattr), 1 },
132 { "no_xattr", offsetof(struct lo_data, xattr), 0 },
133 { "timeout=%lf", offsetof(struct lo_data, timeout), 0 },
134 { "timeout=", offsetof(struct lo_data, timeout_set), 1 },
135 { "cache=never", offsetof(struct lo_data, cache), CACHE_NEVER },
136 { "cache=auto", offsetof(struct lo_data, cache), CACHE_NORMAL },
137 { "cache=always", offsetof(struct lo_data, cache), CACHE_ALWAYS },
138 { "norace", offsetof(struct lo_data, norace), 1 },
142 static void unref_inode(struct lo_data *lo, struct lo_inode *inode, uint64_t n);
145 pthread_mutex_t mutex;
148 /* That we loaded cap-ng in the current thread from the saved */
149 static __thread bool cap_loaded = 0;
151 static struct lo_inode *lo_find(struct lo_data *lo, struct stat *st);
153 static int is_dot_or_dotdot(const char *name)
155 return name[0] == '.' &&
156 (name[1] == '\0' || (name[1] == '.' && name[2] == '\0'));
159 /* Is `path` a single path component that is not "." or ".."? */
160 static int is_safe_path_component(const char *path)
162 if (strchr(path, '/')) {
166 return !is_dot_or_dotdot(path);
169 static struct lo_data *lo_data(fuse_req_t req)
171 return (struct lo_data *)fuse_req_userdata(req);
175 * Load capng's state from our saved state if the current thread
176 * hadn't previously been loaded.
177 * returns 0 on success
179 static int load_capng(void)
182 pthread_mutex_lock(&cap.mutex);
183 capng_restore_state(&cap.saved);
185 * restore_state free's the saved copy
188 cap.saved = capng_save_state();
190 fuse_log(FUSE_LOG_ERR, "capng_save_state (thread)\n");
193 pthread_mutex_unlock(&cap.mutex);
196 * We want to use the loaded state for our pid,
199 capng_setpid(syscall(SYS_gettid));
206 * Helpers for dropping and regaining effective capabilities. Returns 0
207 * on success, error otherwise
209 static int drop_effective_cap(const char *cap_name, bool *cap_dropped)
213 cap = capng_name_to_capability(cap_name);
216 fuse_log(FUSE_LOG_ERR, "capng_name_to_capability(%s) failed:%s\n",
217 cap_name, strerror(errno));
223 fuse_log(FUSE_LOG_ERR, "load_capng() failed\n");
227 /* We dont have this capability in effective set already. */
228 if (!capng_have_capability(CAPNG_EFFECTIVE, cap)) {
233 if (capng_update(CAPNG_DROP, CAPNG_EFFECTIVE, cap)) {
235 fuse_log(FUSE_LOG_ERR, "capng_update(DROP,) failed\n");
239 if (capng_apply(CAPNG_SELECT_CAPS)) {
241 fuse_log(FUSE_LOG_ERR, "drop:capng_apply() failed\n");
254 static int gain_effective_cap(const char *cap_name)
259 cap = capng_name_to_capability(cap_name);
262 fuse_log(FUSE_LOG_ERR, "capng_name_to_capability(%s) failed:%s\n",
263 cap_name, strerror(errno));
269 fuse_log(FUSE_LOG_ERR, "load_capng() failed\n");
273 if (capng_update(CAPNG_ADD, CAPNG_EFFECTIVE, cap)) {
275 fuse_log(FUSE_LOG_ERR, "capng_update(ADD,) failed\n");
279 if (capng_apply(CAPNG_SELECT_CAPS)) {
281 fuse_log(FUSE_LOG_ERR, "gain:capng_apply() failed\n");
290 static void lo_map_init(struct lo_map *map)
297 static void lo_map_destroy(struct lo_map *map)
302 static int lo_map_grow(struct lo_map *map, size_t new_nelems)
304 struct lo_map_elem *new_elems;
307 if (new_nelems <= map->nelems) {
311 new_elems = realloc(map->elems, sizeof(map->elems[0]) * new_nelems);
316 for (i = map->nelems; i < new_nelems; i++) {
317 new_elems[i].freelist = i + 1;
318 new_elems[i].in_use = false;
320 new_elems[new_nelems - 1].freelist = -1;
322 map->elems = new_elems;
323 map->freelist = map->nelems;
324 map->nelems = new_nelems;
328 static struct lo_map_elem *lo_map_alloc_elem(struct lo_map *map)
330 struct lo_map_elem *elem;
332 if (map->freelist == -1 && !lo_map_grow(map, map->nelems + 256)) {
336 elem = &map->elems[map->freelist];
337 map->freelist = elem->freelist;
344 static struct lo_map_elem *lo_map_reserve(struct lo_map *map, size_t key)
348 if (!lo_map_grow(map, key + 1)) {
352 for (prev = &map->freelist; *prev != -1;
353 prev = &map->elems[*prev].freelist) {
355 struct lo_map_elem *elem = &map->elems[key];
357 *prev = elem->freelist;
365 static struct lo_map_elem *lo_map_get(struct lo_map *map, size_t key)
367 if (key >= map->nelems) {
370 if (!map->elems[key].in_use) {
373 return &map->elems[key];
376 static void lo_map_remove(struct lo_map *map, size_t key)
378 struct lo_map_elem *elem;
380 if (key >= map->nelems) {
384 elem = &map->elems[key];
389 elem->in_use = false;
391 elem->freelist = map->freelist;
395 /* Assumes lo->mutex is held */
396 static ssize_t lo_add_fd_mapping(fuse_req_t req, int fd)
398 struct lo_map_elem *elem;
400 elem = lo_map_alloc_elem(&lo_data(req)->fd_map);
406 return elem - lo_data(req)->fd_map.elems;
409 /* Assumes lo->mutex is held */
410 static ssize_t lo_add_dirp_mapping(fuse_req_t req, struct lo_dirp *dirp)
412 struct lo_map_elem *elem;
414 elem = lo_map_alloc_elem(&lo_data(req)->dirp_map);
420 return elem - lo_data(req)->dirp_map.elems;
423 /* Assumes lo->mutex is held */
424 static ssize_t lo_add_inode_mapping(fuse_req_t req, struct lo_inode *inode)
426 struct lo_map_elem *elem;
428 elem = lo_map_alloc_elem(&lo_data(req)->ino_map);
434 return elem - lo_data(req)->ino_map.elems;
437 static struct lo_inode *lo_inode(fuse_req_t req, fuse_ino_t ino)
439 struct lo_data *lo = lo_data(req);
440 struct lo_map_elem *elem;
442 pthread_mutex_lock(&lo->mutex);
443 elem = lo_map_get(&lo->ino_map, ino);
444 pthread_mutex_unlock(&lo->mutex);
453 static int lo_fd(fuse_req_t req, fuse_ino_t ino)
455 struct lo_inode *inode = lo_inode(req, ino);
456 return inode ? inode->fd : -1;
459 static bool lo_debug(fuse_req_t req)
461 return lo_data(req)->debug != 0;
464 static void lo_init(void *userdata, struct fuse_conn_info *conn)
466 struct lo_data *lo = (struct lo_data *)userdata;
468 if (conn->capable & FUSE_CAP_EXPORT_SUPPORT) {
469 conn->want |= FUSE_CAP_EXPORT_SUPPORT;
472 if (lo->writeback && conn->capable & FUSE_CAP_WRITEBACK_CACHE) {
474 fuse_log(FUSE_LOG_DEBUG, "lo_init: activating writeback\n");
476 conn->want |= FUSE_CAP_WRITEBACK_CACHE;
478 if (lo->flock && conn->capable & FUSE_CAP_FLOCK_LOCKS) {
480 fuse_log(FUSE_LOG_DEBUG, "lo_init: activating flock locks\n");
482 conn->want |= FUSE_CAP_FLOCK_LOCKS;
486 static void lo_getattr(fuse_req_t req, fuse_ino_t ino,
487 struct fuse_file_info *fi)
491 struct lo_data *lo = lo_data(req);
496 fstatat(lo_fd(req, ino), "", &buf, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW);
498 return (void)fuse_reply_err(req, errno);
501 fuse_reply_attr(req, &buf, lo->timeout);
504 static int lo_parent_and_name(struct lo_data *lo, struct lo_inode *inode,
505 char path[PATH_MAX], struct lo_inode **parent)
515 sprintf(procname, "%i", inode->fd);
517 res = readlinkat(lo->proc_self_fd, procname, path, PATH_MAX);
519 fuse_log(FUSE_LOG_WARNING, "%s: readlink failed: %m\n", __func__);
523 if (res >= PATH_MAX) {
524 fuse_log(FUSE_LOG_WARNING, "%s: readlink overflowed\n", __func__);
529 last = strrchr(path, '/');
531 /* Shouldn't happen */
534 "%s: INTERNAL ERROR: bad path read from proc\n", __func__);
539 pthread_mutex_lock(&lo->mutex);
541 pthread_mutex_unlock(&lo->mutex);
544 res = fstatat(AT_FDCWD, last == path ? "/" : path, &stat, 0);
547 fuse_log(FUSE_LOG_WARNING,
548 "%s: failed to stat parent: %m\n", __func__);
552 p = lo_find(lo, &stat);
555 fuse_log(FUSE_LOG_WARNING,
556 "%s: failed to find parent\n", __func__);
562 res = fstatat(p->fd, last, &stat, AT_SYMLINK_NOFOLLOW);
565 fuse_log(FUSE_LOG_WARNING,
566 "%s: failed to stat last\n", __func__);
570 if (stat.st_dev != inode->dev || stat.st_ino != inode->ino) {
572 fuse_log(FUSE_LOG_WARNING,
573 "%s: failed to match last\n", __func__);
578 memmove(path, last, strlen(last) + 1);
583 unref_inode(lo, p, 1);
594 static int utimensat_empty(struct lo_data *lo, struct lo_inode *inode,
595 const struct timespec *tv)
598 struct lo_inode *parent;
601 if (inode->is_symlink) {
602 res = utimensat(inode->fd, "", tv, AT_EMPTY_PATH);
603 if (res == -1 && errno == EINVAL) {
604 /* Sorry, no race free way to set times on symlink. */
613 sprintf(path, "%i", inode->fd);
615 return utimensat(lo->proc_self_fd, path, tv, 0);
618 res = lo_parent_and_name(lo, inode, path, &parent);
620 res = utimensat(parent->fd, path, tv, AT_SYMLINK_NOFOLLOW);
621 unref_inode(lo, parent, 1);
627 static int lo_fi_fd(fuse_req_t req, struct fuse_file_info *fi)
629 struct lo_data *lo = lo_data(req);
630 struct lo_map_elem *elem;
632 pthread_mutex_lock(&lo->mutex);
633 elem = lo_map_get(&lo->fd_map, fi->fh);
634 pthread_mutex_unlock(&lo->mutex);
643 static void lo_setattr(fuse_req_t req, fuse_ino_t ino, struct stat *attr,
644 int valid, struct fuse_file_info *fi)
648 struct lo_data *lo = lo_data(req);
649 struct lo_inode *inode;
654 inode = lo_inode(req, ino);
656 fuse_reply_err(req, EBADF);
662 /* If fi->fh is invalid we'll report EBADF later */
664 fd = lo_fi_fd(req, fi);
667 if (valid & FUSE_SET_ATTR_MODE) {
669 res = fchmod(fd, attr->st_mode);
671 sprintf(procname, "%i", ifd);
672 res = fchmodat(lo->proc_self_fd, procname, attr->st_mode, 0);
678 if (valid & (FUSE_SET_ATTR_UID | FUSE_SET_ATTR_GID)) {
679 uid_t uid = (valid & FUSE_SET_ATTR_UID) ? attr->st_uid : (uid_t)-1;
680 gid_t gid = (valid & FUSE_SET_ATTR_GID) ? attr->st_gid : (gid_t)-1;
682 res = fchownat(ifd, "", uid, gid, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW);
687 if (valid & FUSE_SET_ATTR_SIZE) {
693 sprintf(procname, "%i", ifd);
694 truncfd = openat(lo->proc_self_fd, procname, O_RDWR);
700 res = ftruncate(truncfd, attr->st_size);
710 if (valid & (FUSE_SET_ATTR_ATIME | FUSE_SET_ATTR_MTIME)) {
711 struct timespec tv[2];
715 tv[0].tv_nsec = UTIME_OMIT;
716 tv[1].tv_nsec = UTIME_OMIT;
718 if (valid & FUSE_SET_ATTR_ATIME_NOW) {
719 tv[0].tv_nsec = UTIME_NOW;
720 } else if (valid & FUSE_SET_ATTR_ATIME) {
721 tv[0] = attr->st_atim;
724 if (valid & FUSE_SET_ATTR_MTIME_NOW) {
725 tv[1].tv_nsec = UTIME_NOW;
726 } else if (valid & FUSE_SET_ATTR_MTIME) {
727 tv[1] = attr->st_mtim;
731 res = futimens(fd, tv);
733 res = utimensat_empty(lo, inode, tv);
740 return lo_getattr(req, ino, fi);
744 fuse_reply_err(req, saverr);
747 static struct lo_inode *lo_find(struct lo_data *lo, struct stat *st)
750 struct lo_inode *ret = NULL;
752 pthread_mutex_lock(&lo->mutex);
753 for (p = lo->root.next; p != &lo->root; p = p->next) {
754 if (p->ino == st->st_ino && p->dev == st->st_dev) {
755 assert(p->refcount > 0);
761 pthread_mutex_unlock(&lo->mutex);
765 static int lo_do_lookup(fuse_req_t req, fuse_ino_t parent, const char *name,
766 struct fuse_entry_param *e)
771 struct lo_data *lo = lo_data(req);
772 struct lo_inode *inode, *dir = lo_inode(req, parent);
774 memset(e, 0, sizeof(*e));
775 e->attr_timeout = lo->timeout;
776 e->entry_timeout = lo->timeout;
778 /* Do not allow escaping root directory */
779 if (dir == &lo->root && strcmp(name, "..") == 0) {
783 newfd = openat(lo_fd(req, parent), name, O_PATH | O_NOFOLLOW);
788 res = fstatat(newfd, "", &e->attr, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW);
793 inode = lo_find(lo_data(req), &e->attr);
798 struct lo_inode *prev, *next;
801 inode = calloc(1, sizeof(struct lo_inode));
806 inode->is_symlink = S_ISLNK(e->attr.st_mode);
809 inode->ino = e->attr.st_ino;
810 inode->dev = e->attr.st_dev;
812 pthread_mutex_lock(&lo->mutex);
813 inode->fuse_ino = lo_add_inode_mapping(req, inode);
820 pthread_mutex_unlock(&lo->mutex);
822 e->ino = inode->fuse_ino;
825 fuse_log(FUSE_LOG_DEBUG, " %lli/%s -> %lli\n",
826 (unsigned long long)parent, name, (unsigned long long)e->ino);
839 static void lo_lookup(fuse_req_t req, fuse_ino_t parent, const char *name)
841 struct fuse_entry_param e;
845 fuse_log(FUSE_LOG_DEBUG, "lo_lookup(parent=%" PRIu64 ", name=%s)\n",
850 * Don't use is_safe_path_component(), allow "." and ".." for NFS export
853 if (strchr(name, '/')) {
854 fuse_reply_err(req, EINVAL);
858 err = lo_do_lookup(req, parent, name, &e);
860 fuse_reply_err(req, err);
862 fuse_reply_entry(req, &e);
867 * On some archs, setres*id is limited to 2^16 but they
868 * provide setres*id32 variants that allow 2^32.
869 * Others just let setres*id do 2^32 anyway.
871 #ifdef SYS_setresgid32
872 #define OURSYS_setresgid SYS_setresgid32
874 #define OURSYS_setresgid SYS_setresgid
877 #ifdef SYS_setresuid32
878 #define OURSYS_setresuid SYS_setresuid32
880 #define OURSYS_setresuid SYS_setresuid
884 * Change to uid/gid of caller so that file is created with
885 * ownership of caller.
886 * TODO: What about selinux context?
888 static int lo_change_cred(fuse_req_t req, struct lo_cred *old)
892 old->euid = geteuid();
893 old->egid = getegid();
895 res = syscall(OURSYS_setresgid, -1, fuse_req_ctx(req)->gid, -1);
900 res = syscall(OURSYS_setresuid, -1, fuse_req_ctx(req)->uid, -1);
902 int errno_save = errno;
904 syscall(OURSYS_setresgid, -1, old->egid, -1);
911 /* Regain Privileges */
912 static void lo_restore_cred(struct lo_cred *old)
916 res = syscall(OURSYS_setresuid, -1, old->euid, -1);
918 fuse_log(FUSE_LOG_ERR, "seteuid(%u): %m\n", old->euid);
922 res = syscall(OURSYS_setresgid, -1, old->egid, -1);
924 fuse_log(FUSE_LOG_ERR, "setegid(%u): %m\n", old->egid);
929 static void lo_mknod_symlink(fuse_req_t req, fuse_ino_t parent,
930 const char *name, mode_t mode, dev_t rdev,
935 struct lo_inode *dir;
936 struct fuse_entry_param e;
937 struct lo_cred old = {};
939 if (!is_safe_path_component(name)) {
940 fuse_reply_err(req, EINVAL);
944 dir = lo_inode(req, parent);
946 fuse_reply_err(req, EBADF);
952 saverr = lo_change_cred(req, &old);
957 res = mknod_wrapper(dir->fd, name, link, mode, rdev);
961 lo_restore_cred(&old);
967 saverr = lo_do_lookup(req, parent, name, &e);
973 fuse_log(FUSE_LOG_DEBUG, " %lli/%s -> %lli\n",
974 (unsigned long long)parent, name, (unsigned long long)e.ino);
977 fuse_reply_entry(req, &e);
981 fuse_reply_err(req, saverr);
984 static void lo_mknod(fuse_req_t req, fuse_ino_t parent, const char *name,
985 mode_t mode, dev_t rdev)
987 lo_mknod_symlink(req, parent, name, mode, rdev, NULL);
990 static void lo_mkdir(fuse_req_t req, fuse_ino_t parent, const char *name,
993 lo_mknod_symlink(req, parent, name, S_IFDIR | mode, 0, NULL);
996 static void lo_symlink(fuse_req_t req, const char *link, fuse_ino_t parent,
999 lo_mknod_symlink(req, parent, name, S_IFLNK, 0, link);
1002 static int linkat_empty_nofollow(struct lo_data *lo, struct lo_inode *inode,
1003 int dfd, const char *name)
1006 struct lo_inode *parent;
1007 char path[PATH_MAX];
1009 if (inode->is_symlink) {
1010 res = linkat(inode->fd, "", dfd, name, AT_EMPTY_PATH);
1011 if (res == -1 && (errno == ENOENT || errno == EINVAL)) {
1012 /* Sorry, no race free way to hard-link a symlink. */
1022 sprintf(path, "%i", inode->fd);
1024 return linkat(lo->proc_self_fd, path, dfd, name, AT_SYMLINK_FOLLOW);
1027 res = lo_parent_and_name(lo, inode, path, &parent);
1029 res = linkat(parent->fd, path, dfd, name, 0);
1030 unref_inode(lo, parent, 1);
1036 static void lo_link(fuse_req_t req, fuse_ino_t ino, fuse_ino_t parent,
1040 struct lo_data *lo = lo_data(req);
1041 struct lo_inode *inode;
1042 struct fuse_entry_param e;
1045 if (!is_safe_path_component(name)) {
1046 fuse_reply_err(req, EINVAL);
1050 inode = lo_inode(req, ino);
1052 fuse_reply_err(req, EBADF);
1056 memset(&e, 0, sizeof(struct fuse_entry_param));
1057 e.attr_timeout = lo->timeout;
1058 e.entry_timeout = lo->timeout;
1060 res = linkat_empty_nofollow(lo, inode, lo_fd(req, parent), name);
1065 res = fstatat(inode->fd, "", &e.attr, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW);
1070 pthread_mutex_lock(&lo->mutex);
1072 pthread_mutex_unlock(&lo->mutex);
1073 e.ino = inode->fuse_ino;
1075 if (lo_debug(req)) {
1076 fuse_log(FUSE_LOG_DEBUG, " %lli/%s -> %lli\n",
1077 (unsigned long long)parent, name, (unsigned long long)e.ino);
1080 fuse_reply_entry(req, &e);
1085 fuse_reply_err(req, saverr);
1088 static void lo_rmdir(fuse_req_t req, fuse_ino_t parent, const char *name)
1091 if (!is_safe_path_component(name)) {
1092 fuse_reply_err(req, EINVAL);
1096 res = unlinkat(lo_fd(req, parent), name, AT_REMOVEDIR);
1098 fuse_reply_err(req, res == -1 ? errno : 0);
1101 static void lo_rename(fuse_req_t req, fuse_ino_t parent, const char *name,
1102 fuse_ino_t newparent, const char *newname,
1107 if (!is_safe_path_component(name) || !is_safe_path_component(newname)) {
1108 fuse_reply_err(req, EINVAL);
1113 fuse_reply_err(req, EINVAL);
1117 res = renameat(lo_fd(req, parent), name, lo_fd(req, newparent), newname);
1119 fuse_reply_err(req, res == -1 ? errno : 0);
1122 static void lo_unlink(fuse_req_t req, fuse_ino_t parent, const char *name)
1126 if (!is_safe_path_component(name)) {
1127 fuse_reply_err(req, EINVAL);
1131 res = unlinkat(lo_fd(req, parent), name, 0);
1133 fuse_reply_err(req, res == -1 ? errno : 0);
1136 static void unref_inode(struct lo_data *lo, struct lo_inode *inode, uint64_t n)
1142 pthread_mutex_lock(&lo->mutex);
1143 assert(inode->refcount >= n);
1144 inode->refcount -= n;
1145 if (!inode->refcount) {
1146 struct lo_inode *prev, *next;
1153 lo_map_remove(&lo->ino_map, inode->fuse_ino);
1154 pthread_mutex_unlock(&lo->mutex);
1158 pthread_mutex_unlock(&lo->mutex);
1162 static void lo_forget_one(fuse_req_t req, fuse_ino_t ino, uint64_t nlookup)
1164 struct lo_data *lo = lo_data(req);
1165 struct lo_inode *inode;
1167 inode = lo_inode(req, ino);
1172 if (lo_debug(req)) {
1173 fuse_log(FUSE_LOG_DEBUG, " forget %lli %lli -%lli\n",
1174 (unsigned long long)ino, (unsigned long long)inode->refcount,
1175 (unsigned long long)nlookup);
1178 unref_inode(lo, inode, nlookup);
1181 static void lo_forget(fuse_req_t req, fuse_ino_t ino, uint64_t nlookup)
1183 lo_forget_one(req, ino, nlookup);
1184 fuse_reply_none(req);
1187 static void lo_forget_multi(fuse_req_t req, size_t count,
1188 struct fuse_forget_data *forgets)
1192 for (i = 0; i < count; i++) {
1193 lo_forget_one(req, forgets[i].ino, forgets[i].nlookup);
1195 fuse_reply_none(req);
1198 static void lo_readlink(fuse_req_t req, fuse_ino_t ino)
1200 char buf[PATH_MAX + 1];
1203 res = readlinkat(lo_fd(req, ino), "", buf, sizeof(buf));
1205 return (void)fuse_reply_err(req, errno);
1208 if (res == sizeof(buf)) {
1209 return (void)fuse_reply_err(req, ENAMETOOLONG);
1214 fuse_reply_readlink(req, buf);
1219 struct dirent *entry;
1223 static struct lo_dirp *lo_dirp(fuse_req_t req, struct fuse_file_info *fi)
1225 struct lo_data *lo = lo_data(req);
1226 struct lo_map_elem *elem;
1228 pthread_mutex_lock(&lo->mutex);
1229 elem = lo_map_get(&lo->dirp_map, fi->fh);
1230 pthread_mutex_unlock(&lo->mutex);
1238 static void lo_opendir(fuse_req_t req, fuse_ino_t ino,
1239 struct fuse_file_info *fi)
1242 struct lo_data *lo = lo_data(req);
1247 d = calloc(1, sizeof(struct lo_dirp));
1252 fd = openat(lo_fd(req, ino), ".", O_RDONLY);
1257 d->dp = fdopendir(fd);
1258 if (d->dp == NULL) {
1265 pthread_mutex_lock(&lo->mutex);
1266 fh = lo_add_dirp_mapping(req, d);
1267 pthread_mutex_unlock(&lo->mutex);
1273 if (lo->cache == CACHE_ALWAYS) {
1276 fuse_reply_open(req, fi);
1291 fuse_reply_err(req, error);
1294 static void lo_do_readdir(fuse_req_t req, fuse_ino_t ino, size_t size,
1295 off_t offset, struct fuse_file_info *fi, int plus)
1297 struct lo_data *lo = lo_data(req);
1299 struct lo_inode *dinode;
1305 dinode = lo_inode(req, ino);
1310 d = lo_dirp(req, fi);
1316 buf = calloc(1, size);
1322 if (offset != d->offset) {
1323 seekdir(d->dp, offset);
1334 d->entry = readdir(d->dp);
1336 if (errno) { /* Error */
1339 } else { /* End of stream */
1344 nextoff = d->entry->d_off;
1345 name = d->entry->d_name;
1347 fuse_ino_t entry_ino = 0;
1348 struct fuse_entry_param e = (struct fuse_entry_param){
1349 .attr.st_ino = d->entry->d_ino,
1350 .attr.st_mode = d->entry->d_type << 12,
1353 /* Hide root's parent directory */
1354 if (dinode == &lo->root && strcmp(name, "..") == 0) {
1355 e.attr.st_ino = lo->root.ino;
1356 e.attr.st_mode = DT_DIR << 12;
1360 if (!is_dot_or_dotdot(name)) {
1361 err = lo_do_lookup(req, ino, name, &e);
1368 entsize = fuse_add_direntry_plus(req, p, rem, name, &e, nextoff);
1370 entsize = fuse_add_direntry(req, p, rem, name, &e.attr, nextoff);
1372 if (entsize > rem) {
1373 if (entry_ino != 0) {
1374 lo_forget_one(req, entry_ino, 1);
1383 d->offset = nextoff;
1389 * If there's an error, we can only signal it if we haven't stored
1390 * any entries yet - otherwise we'd end up with wrong lookup
1391 * counts for the entries that are already in the buffer. So we
1392 * return what we've collected until that point.
1394 if (err && rem == size) {
1395 fuse_reply_err(req, err);
1397 fuse_reply_buf(req, buf, size - rem);
1402 static void lo_readdir(fuse_req_t req, fuse_ino_t ino, size_t size,
1403 off_t offset, struct fuse_file_info *fi)
1405 lo_do_readdir(req, ino, size, offset, fi, 0);
1408 static void lo_readdirplus(fuse_req_t req, fuse_ino_t ino, size_t size,
1409 off_t offset, struct fuse_file_info *fi)
1411 lo_do_readdir(req, ino, size, offset, fi, 1);
1414 static void lo_releasedir(fuse_req_t req, fuse_ino_t ino,
1415 struct fuse_file_info *fi)
1417 struct lo_data *lo = lo_data(req);
1422 d = lo_dirp(req, fi);
1424 fuse_reply_err(req, EBADF);
1428 pthread_mutex_lock(&lo->mutex);
1429 lo_map_remove(&lo->dirp_map, fi->fh);
1430 pthread_mutex_unlock(&lo->mutex);
1434 fuse_reply_err(req, 0);
1437 static void lo_create(fuse_req_t req, fuse_ino_t parent, const char *name,
1438 mode_t mode, struct fuse_file_info *fi)
1441 struct lo_data *lo = lo_data(req);
1442 struct fuse_entry_param e;
1444 struct lo_cred old = {};
1446 if (lo_debug(req)) {
1447 fuse_log(FUSE_LOG_DEBUG, "lo_create(parent=%" PRIu64 ", name=%s)\n",
1451 if (!is_safe_path_component(name)) {
1452 fuse_reply_err(req, EINVAL);
1456 err = lo_change_cred(req, &old);
1461 fd = openat(lo_fd(req, parent), name, (fi->flags | O_CREAT) & ~O_NOFOLLOW,
1463 err = fd == -1 ? errno : 0;
1464 lo_restore_cred(&old);
1469 pthread_mutex_lock(&lo->mutex);
1470 fh = lo_add_fd_mapping(req, fd);
1471 pthread_mutex_unlock(&lo->mutex);
1474 fuse_reply_err(req, ENOMEM);
1479 err = lo_do_lookup(req, parent, name, &e);
1481 if (lo->cache == CACHE_NEVER) {
1483 } else if (lo->cache == CACHE_ALWAYS) {
1489 fuse_reply_err(req, err);
1491 fuse_reply_create(req, &e, fi);
1495 static void lo_fsyncdir(fuse_req_t req, fuse_ino_t ino, int datasync,
1496 struct fuse_file_info *fi)
1504 d = lo_dirp(req, fi);
1506 fuse_reply_err(req, EBADF);
1512 res = fdatasync(fd);
1516 fuse_reply_err(req, res == -1 ? errno : 0);
1519 static void lo_open(fuse_req_t req, fuse_ino_t ino, struct fuse_file_info *fi)
1524 struct lo_data *lo = lo_data(req);
1526 if (lo_debug(req)) {
1527 fuse_log(FUSE_LOG_DEBUG, "lo_open(ino=%" PRIu64 ", flags=%d)\n", ino,
1532 * With writeback cache, kernel may send read requests even
1533 * when userspace opened write-only
1535 if (lo->writeback && (fi->flags & O_ACCMODE) == O_WRONLY) {
1536 fi->flags &= ~O_ACCMODE;
1537 fi->flags |= O_RDWR;
1541 * With writeback cache, O_APPEND is handled by the kernel.
1542 * This breaks atomicity (since the file may change in the
1543 * underlying filesystem, so that the kernel's idea of the
1544 * end of the file isn't accurate anymore). In this example,
1545 * we just accept that. A more rigorous filesystem may want
1546 * to return an error here
1548 if (lo->writeback && (fi->flags & O_APPEND)) {
1549 fi->flags &= ~O_APPEND;
1552 sprintf(buf, "%i", lo_fd(req, ino));
1553 fd = openat(lo->proc_self_fd, buf, fi->flags & ~O_NOFOLLOW);
1555 return (void)fuse_reply_err(req, errno);
1558 pthread_mutex_lock(&lo->mutex);
1559 fh = lo_add_fd_mapping(req, fd);
1560 pthread_mutex_unlock(&lo->mutex);
1563 fuse_reply_err(req, ENOMEM);
1568 if (lo->cache == CACHE_NEVER) {
1570 } else if (lo->cache == CACHE_ALWAYS) {
1573 fuse_reply_open(req, fi);
1576 static void lo_release(fuse_req_t req, fuse_ino_t ino,
1577 struct fuse_file_info *fi)
1579 struct lo_data *lo = lo_data(req);
1584 fd = lo_fi_fd(req, fi);
1586 pthread_mutex_lock(&lo->mutex);
1587 lo_map_remove(&lo->fd_map, fi->fh);
1588 pthread_mutex_unlock(&lo->mutex);
1591 fuse_reply_err(req, 0);
1594 static void lo_flush(fuse_req_t req, fuse_ino_t ino, struct fuse_file_info *fi)
1598 res = close(dup(lo_fi_fd(req, fi)));
1599 fuse_reply_err(req, res == -1 ? errno : 0);
1602 static void lo_fsync(fuse_req_t req, fuse_ino_t ino, int datasync,
1603 struct fuse_file_info *fi)
1609 fuse_log(FUSE_LOG_DEBUG, "lo_fsync(ino=%" PRIu64 ", fi=0x%p)\n", ino,
1613 struct lo_data *lo = lo_data(req);
1615 res = asprintf(&buf, "%i", lo_fd(req, ino));
1617 return (void)fuse_reply_err(req, errno);
1620 fd = openat(lo->proc_self_fd, buf, O_RDWR);
1623 return (void)fuse_reply_err(req, errno);
1626 fd = lo_fi_fd(req, fi);
1630 res = fdatasync(fd);
1637 fuse_reply_err(req, res == -1 ? errno : 0);
1640 static void lo_read(fuse_req_t req, fuse_ino_t ino, size_t size, off_t offset,
1641 struct fuse_file_info *fi)
1643 struct fuse_bufvec buf = FUSE_BUFVEC_INIT(size);
1645 if (lo_debug(req)) {
1646 fuse_log(FUSE_LOG_DEBUG,
1647 "lo_read(ino=%" PRIu64 ", size=%zd, "
1649 ino, size, (unsigned long)offset);
1652 buf.buf[0].flags = FUSE_BUF_IS_FD | FUSE_BUF_FD_SEEK;
1653 buf.buf[0].fd = lo_fi_fd(req, fi);
1654 buf.buf[0].pos = offset;
1656 fuse_reply_data(req, &buf);
1659 static void lo_write_buf(fuse_req_t req, fuse_ino_t ino,
1660 struct fuse_bufvec *in_buf, off_t off,
1661 struct fuse_file_info *fi)
1665 struct fuse_bufvec out_buf = FUSE_BUFVEC_INIT(fuse_buf_size(in_buf));
1666 bool cap_fsetid_dropped = false;
1668 out_buf.buf[0].flags = FUSE_BUF_IS_FD | FUSE_BUF_FD_SEEK;
1669 out_buf.buf[0].fd = lo_fi_fd(req, fi);
1670 out_buf.buf[0].pos = off;
1672 if (lo_debug(req)) {
1673 fuse_log(FUSE_LOG_DEBUG,
1674 "lo_write(ino=%" PRIu64 ", size=%zd, off=%lu)\n", ino,
1675 out_buf.buf[0].size, (unsigned long)off);
1679 * If kill_priv is set, drop CAP_FSETID which should lead to kernel
1680 * clearing setuid/setgid on file.
1682 if (fi->kill_priv) {
1683 res = drop_effective_cap("FSETID", &cap_fsetid_dropped);
1685 fuse_reply_err(req, res);
1690 res = fuse_buf_copy(&out_buf, in_buf);
1692 fuse_reply_err(req, -res);
1694 fuse_reply_write(req, (size_t)res);
1697 if (cap_fsetid_dropped) {
1698 res = gain_effective_cap("FSETID");
1700 fuse_log(FUSE_LOG_ERR, "Failed to gain CAP_FSETID\n");
1705 static void lo_statfs(fuse_req_t req, fuse_ino_t ino)
1708 struct statvfs stbuf;
1710 res = fstatvfs(lo_fd(req, ino), &stbuf);
1712 fuse_reply_err(req, errno);
1714 fuse_reply_statfs(req, &stbuf);
1718 static void lo_fallocate(fuse_req_t req, fuse_ino_t ino, int mode, off_t offset,
1719 off_t length, struct fuse_file_info *fi)
1721 int err = EOPNOTSUPP;
1724 #ifdef CONFIG_FALLOCATE
1725 err = fallocate(lo_fi_fd(req, fi), mode, offset, length);
1730 #elif defined(CONFIG_POSIX_FALLOCATE)
1732 fuse_reply_err(req, EOPNOTSUPP);
1736 err = posix_fallocate(lo_fi_fd(req, fi), offset, length);
1739 fuse_reply_err(req, err);
1742 static void lo_flock(fuse_req_t req, fuse_ino_t ino, struct fuse_file_info *fi,
1748 res = flock(lo_fi_fd(req, fi), op);
1750 fuse_reply_err(req, res == -1 ? errno : 0);
1753 static void lo_getxattr(fuse_req_t req, fuse_ino_t ino, const char *name,
1756 struct lo_data *lo = lo_data(req);
1759 struct lo_inode *inode;
1764 inode = lo_inode(req, ino);
1766 fuse_reply_err(req, EBADF);
1771 if (!lo_data(req)->xattr) {
1775 if (lo_debug(req)) {
1776 fuse_log(FUSE_LOG_DEBUG,
1777 "lo_getxattr(ino=%" PRIu64 ", name=%s size=%zd)\n", ino, name,
1781 if (inode->is_symlink) {
1782 /* Sorry, no race free way to getxattr on symlink. */
1787 sprintf(procname, "%i", inode->fd);
1788 fd = openat(lo->proc_self_fd, procname, O_RDONLY);
1794 value = malloc(size);
1799 ret = fgetxattr(fd, name, value, size);
1808 fuse_reply_buf(req, value, ret);
1810 ret = fgetxattr(fd, name, NULL, 0);
1815 fuse_reply_xattr(req, ret);
1828 fuse_reply_err(req, saverr);
1832 static void lo_listxattr(fuse_req_t req, fuse_ino_t ino, size_t size)
1834 struct lo_data *lo = lo_data(req);
1837 struct lo_inode *inode;
1842 inode = lo_inode(req, ino);
1844 fuse_reply_err(req, EBADF);
1849 if (!lo_data(req)->xattr) {
1853 if (lo_debug(req)) {
1854 fuse_log(FUSE_LOG_DEBUG, "lo_listxattr(ino=%" PRIu64 ", size=%zd)\n",
1858 if (inode->is_symlink) {
1859 /* Sorry, no race free way to listxattr on symlink. */
1864 sprintf(procname, "%i", inode->fd);
1865 fd = openat(lo->proc_self_fd, procname, O_RDONLY);
1871 value = malloc(size);
1876 ret = flistxattr(fd, value, size);
1885 fuse_reply_buf(req, value, ret);
1887 ret = flistxattr(fd, NULL, 0);
1892 fuse_reply_xattr(req, ret);
1905 fuse_reply_err(req, saverr);
1909 static void lo_setxattr(fuse_req_t req, fuse_ino_t ino, const char *name,
1910 const char *value, size_t size, int flags)
1913 struct lo_data *lo = lo_data(req);
1914 struct lo_inode *inode;
1919 inode = lo_inode(req, ino);
1921 fuse_reply_err(req, EBADF);
1926 if (!lo_data(req)->xattr) {
1930 if (lo_debug(req)) {
1931 fuse_log(FUSE_LOG_DEBUG,
1932 "lo_setxattr(ino=%" PRIu64 ", name=%s value=%s size=%zd)\n",
1933 ino, name, value, size);
1936 if (inode->is_symlink) {
1937 /* Sorry, no race free way to setxattr on symlink. */
1942 sprintf(procname, "%i", inode->fd);
1943 fd = openat(lo->proc_self_fd, procname, O_RDWR);
1949 ret = fsetxattr(fd, name, value, size, flags);
1950 saverr = ret == -1 ? errno : 0;
1956 fuse_reply_err(req, saverr);
1959 static void lo_removexattr(fuse_req_t req, fuse_ino_t ino, const char *name)
1962 struct lo_data *lo = lo_data(req);
1963 struct lo_inode *inode;
1968 inode = lo_inode(req, ino);
1970 fuse_reply_err(req, EBADF);
1975 if (!lo_data(req)->xattr) {
1979 if (lo_debug(req)) {
1980 fuse_log(FUSE_LOG_DEBUG, "lo_removexattr(ino=%" PRIu64 ", name=%s)\n",
1984 if (inode->is_symlink) {
1985 /* Sorry, no race free way to setxattr on symlink. */
1990 sprintf(procname, "%i", inode->fd);
1991 fd = openat(lo->proc_self_fd, procname, O_RDWR);
1997 ret = fremovexattr(fd, name);
1998 saverr = ret == -1 ? errno : 0;
2004 fuse_reply_err(req, saverr);
2007 #ifdef HAVE_COPY_FILE_RANGE
2008 static void lo_copy_file_range(fuse_req_t req, fuse_ino_t ino_in, off_t off_in,
2009 struct fuse_file_info *fi_in, fuse_ino_t ino_out,
2010 off_t off_out, struct fuse_file_info *fi_out,
2011 size_t len, int flags)
2016 in_fd = lo_fi_fd(req, fi_in);
2017 out_fd = lo_fi_fd(req, fi_out);
2019 fuse_log(FUSE_LOG_DEBUG,
2020 "lo_copy_file_range(ino=%" PRIu64 "/fd=%d, "
2021 "off=%lu, ino=%" PRIu64 "/fd=%d, "
2022 "off=%lu, size=%zd, flags=0x%x)\n",
2023 ino_in, in_fd, off_in, ino_out, out_fd, off_out, len, flags);
2025 res = copy_file_range(in_fd, &off_in, out_fd, &off_out, len, flags);
2027 fuse_reply_err(req, -errno);
2029 fuse_reply_write(req, res);
2034 static void lo_lseek(fuse_req_t req, fuse_ino_t ino, off_t off, int whence,
2035 struct fuse_file_info *fi)
2040 res = lseek(lo_fi_fd(req, fi), off, whence);
2042 fuse_reply_lseek(req, res);
2044 fuse_reply_err(req, errno);
2048 static struct fuse_lowlevel_ops lo_oper = {
2050 .lookup = lo_lookup,
2053 .symlink = lo_symlink,
2055 .unlink = lo_unlink,
2057 .rename = lo_rename,
2058 .forget = lo_forget,
2059 .forget_multi = lo_forget_multi,
2060 .getattr = lo_getattr,
2061 .setattr = lo_setattr,
2062 .readlink = lo_readlink,
2063 .opendir = lo_opendir,
2064 .readdir = lo_readdir,
2065 .readdirplus = lo_readdirplus,
2066 .releasedir = lo_releasedir,
2067 .fsyncdir = lo_fsyncdir,
2068 .create = lo_create,
2070 .release = lo_release,
2074 .write_buf = lo_write_buf,
2075 .statfs = lo_statfs,
2076 .fallocate = lo_fallocate,
2078 .getxattr = lo_getxattr,
2079 .listxattr = lo_listxattr,
2080 .setxattr = lo_setxattr,
2081 .removexattr = lo_removexattr,
2082 #ifdef HAVE_COPY_FILE_RANGE
2083 .copy_file_range = lo_copy_file_range,
2088 /* Print vhost-user.json backend program capabilities */
2089 static void print_capabilities(void)
2092 printf(" \"type\": \"fs\"\n");
2097 * Move to a new mount, net, and pid namespaces to isolate this process.
2099 static void setup_namespaces(struct lo_data *lo, struct fuse_session *se)
2104 * Create a new pid namespace for *child* processes. We'll have to
2105 * fork in order to enter the new pid namespace. A new mount namespace
2106 * is also needed so that we can remount /proc for the new pid
2109 * Our UNIX domain sockets have been created. Now we can move to
2110 * an empty network namespace to prevent TCP/IP and other network
2111 * activity in case this process is compromised.
2113 if (unshare(CLONE_NEWPID | CLONE_NEWNS | CLONE_NEWNET) != 0) {
2114 fuse_log(FUSE_LOG_ERR, "unshare(CLONE_NEWPID | CLONE_NEWNS): %m\n");
2120 fuse_log(FUSE_LOG_ERR, "fork() failed: %m\n");
2127 /* The parent waits for the child */
2129 waited = waitpid(child, &wstatus, 0);
2130 } while (waited < 0 && errno == EINTR && !se->exited);
2132 /* We were terminated by a signal, see fuse_signals.c */
2137 if (WIFEXITED(wstatus)) {
2138 exit(WEXITSTATUS(wstatus));
2144 /* Send us SIGTERM when the parent thread terminates, see prctl(2) */
2145 prctl(PR_SET_PDEATHSIG, SIGTERM);
2148 * If the mounts have shared propagation then we want to opt out so our
2149 * mount changes don't affect the parent mount namespace.
2151 if (mount(NULL, "/", NULL, MS_REC | MS_SLAVE, NULL) < 0) {
2152 fuse_log(FUSE_LOG_ERR, "mount(/, MS_REC|MS_SLAVE): %m\n");
2156 /* The child must remount /proc to use the new pid namespace */
2157 if (mount("proc", "/proc", "proc",
2158 MS_NODEV | MS_NOEXEC | MS_NOSUID | MS_RELATIME, NULL) < 0) {
2159 fuse_log(FUSE_LOG_ERR, "mount(/proc): %m\n");
2163 /* Now we can get our /proc/self/fd directory file descriptor */
2164 lo->proc_self_fd = open("/proc/self/fd", O_PATH);
2165 if (lo->proc_self_fd == -1) {
2166 fuse_log(FUSE_LOG_ERR, "open(/proc/self/fd, O_PATH): %m\n");
2172 * Capture the capability state, we'll need to restore this for individual
2173 * threads later; see load_capng.
2175 static void setup_capng(void)
2177 /* Note this accesses /proc so has to happen before the sandbox */
2178 if (capng_get_caps_process()) {
2179 fuse_log(FUSE_LOG_ERR, "capng_get_caps_process\n");
2182 pthread_mutex_init(&cap.mutex, NULL);
2183 pthread_mutex_lock(&cap.mutex);
2184 cap.saved = capng_save_state();
2186 fuse_log(FUSE_LOG_ERR, "capng_save_state\n");
2189 pthread_mutex_unlock(&cap.mutex);
2192 static void cleanup_capng(void)
2196 pthread_mutex_destroy(&cap.mutex);
2201 * Make the source directory our root so symlinks cannot escape and no other
2202 * files are accessible. Assumes unshare(CLONE_NEWNS) was already called.
2204 static void setup_mounts(const char *source)
2209 if (mount(source, source, NULL, MS_BIND, NULL) < 0) {
2210 fuse_log(FUSE_LOG_ERR, "mount(%s, %s, MS_BIND): %m\n", source, source);
2214 /* This magic is based on lxc's lxc_pivot_root() */
2215 oldroot = open("/", O_DIRECTORY | O_RDONLY | O_CLOEXEC);
2217 fuse_log(FUSE_LOG_ERR, "open(/): %m\n");
2221 newroot = open(source, O_DIRECTORY | O_RDONLY | O_CLOEXEC);
2223 fuse_log(FUSE_LOG_ERR, "open(%s): %m\n", source);
2227 if (fchdir(newroot) < 0) {
2228 fuse_log(FUSE_LOG_ERR, "fchdir(newroot): %m\n");
2232 if (syscall(__NR_pivot_root, ".", ".") < 0) {
2233 fuse_log(FUSE_LOG_ERR, "pivot_root(., .): %m\n");
2237 if (fchdir(oldroot) < 0) {
2238 fuse_log(FUSE_LOG_ERR, "fchdir(oldroot): %m\n");
2242 if (mount("", ".", "", MS_SLAVE | MS_REC, NULL) < 0) {
2243 fuse_log(FUSE_LOG_ERR, "mount(., MS_SLAVE | MS_REC): %m\n");
2247 if (umount2(".", MNT_DETACH) < 0) {
2248 fuse_log(FUSE_LOG_ERR, "umount2(., MNT_DETACH): %m\n");
2252 if (fchdir(newroot) < 0) {
2253 fuse_log(FUSE_LOG_ERR, "fchdir(newroot): %m\n");
2262 * Lock down this process to prevent access to other processes or files outside
2263 * source directory. This reduces the impact of arbitrary code execution bugs.
2265 static void setup_sandbox(struct lo_data *lo, struct fuse_session *se)
2267 setup_namespaces(lo, se);
2268 setup_mounts(lo->source);
2272 /* Raise the maximum number of open file descriptors */
2273 static void setup_nofile_rlimit(void)
2275 const rlim_t max_fds = 1000000;
2278 if (getrlimit(RLIMIT_NOFILE, &rlim) < 0) {
2279 fuse_log(FUSE_LOG_ERR, "getrlimit(RLIMIT_NOFILE): %m\n");
2283 if (rlim.rlim_cur >= max_fds) {
2284 return; /* nothing to do */
2287 rlim.rlim_cur = max_fds;
2288 rlim.rlim_max = max_fds;
2290 if (setrlimit(RLIMIT_NOFILE, &rlim) < 0) {
2291 /* Ignore SELinux denials */
2292 if (errno == EPERM) {
2296 fuse_log(FUSE_LOG_ERR, "setrlimit(RLIMIT_NOFILE): %m\n");
2301 int main(int argc, char *argv[])
2303 struct fuse_args args = FUSE_ARGS_INIT(argc, argv);
2304 struct fuse_session *se;
2305 struct fuse_cmdline_opts opts;
2306 struct lo_data lo = {
2311 struct lo_map_elem *root_elem;
2314 /* Don't mask creation mode, kernel already did that */
2317 pthread_mutex_init(&lo.mutex, NULL);
2318 lo.root.next = lo.root.prev = &lo.root;
2320 lo.root.fuse_ino = FUSE_ROOT_ID;
2321 lo.cache = CACHE_NORMAL;
2324 * Set up the ino map like this:
2325 * [0] Reserved (will not be used)
2328 lo_map_init(&lo.ino_map);
2329 lo_map_reserve(&lo.ino_map, 0)->in_use = false;
2330 root_elem = lo_map_reserve(&lo.ino_map, lo.root.fuse_ino);
2331 root_elem->inode = &lo.root;
2333 lo_map_init(&lo.dirp_map);
2334 lo_map_init(&lo.fd_map);
2336 if (fuse_parse_cmdline(&args, &opts) != 0) {
2339 if (opts.show_help) {
2340 printf("usage: %s [options]\n\n", argv[0]);
2341 fuse_cmdline_help();
2342 printf(" -o source=PATH shared directory tree\n");
2343 fuse_lowlevel_help();
2346 } else if (opts.show_version) {
2347 fuse_lowlevel_version();
2350 } else if (opts.print_capabilities) {
2351 print_capabilities();
2356 if (fuse_opt_parse(&args, &lo, lo_opts, NULL) == -1) {
2360 lo.debug = opts.debug;
2361 lo.root.refcount = 2;
2366 res = lstat(lo.source, &stat);
2368 fuse_log(FUSE_LOG_ERR, "failed to stat source (\"%s\"): %m\n",
2372 if (!S_ISDIR(stat.st_mode)) {
2373 fuse_log(FUSE_LOG_ERR, "source is not a directory\n");
2380 lo.root.is_symlink = false;
2381 if (!lo.timeout_set) {
2392 lo.timeout = 86400.0;
2395 } else if (lo.timeout < 0) {
2396 fuse_log(FUSE_LOG_ERR, "timeout is negative (%lf)\n", lo.timeout);
2400 lo.root.fd = open(lo.source, O_PATH);
2402 if (lo.root.fd == -1) {
2403 fuse_log(FUSE_LOG_ERR, "open(\"%s\", O_PATH): %m\n", lo.source);
2407 se = fuse_session_new(&args, &lo_oper, sizeof(lo_oper), &lo);
2412 if (fuse_set_signal_handlers(se) != 0) {
2416 if (fuse_session_mount(se) != 0) {
2420 fuse_daemonize(opts.foreground);
2422 setup_nofile_rlimit();
2424 /* Must be before sandbox since it wants /proc */
2427 setup_sandbox(&lo, se);
2429 /* Block until ctrl+c or fusermount -u */
2430 ret = virtio_loop(se);
2432 fuse_session_unmount(se);
2435 fuse_remove_signal_handlers(se);
2437 fuse_session_destroy(se);
2439 fuse_opt_free_args(&args);
2441 lo_map_destroy(&lo.fd_map);
2442 lo_map_destroy(&lo.dirp_map);
2443 lo_map_destroy(&lo.ino_map);
2445 if (lo.proc_self_fd >= 0) {
2446 close(lo.proc_self_fd);
2449 if (lo.root.fd >= 0) {
projects / qemu.git / blob