[Libguestfs] [PATCH] fuse: UID 0 should override all permissions checks (RHBZ#1106548).
Pino Toscano
ptoscano at redhat.com
Fri Jun 13 16:14:26 UTC 2014
On Thursday 12 June 2014 13:32:54 Richard W.M. Jones wrote:
> Previously if you were root, and you tried to change directory into a
> directory which was not owned by you and not readable (eg. 0700
> bin:bin), it would fail.
>
> This doesn't fail on regular directories because when you are root the
> kernel just ignores permissions.
>
> Although libguestfs in general tries not to duplicate kernel code, in
> the case where we emulate the FUSE access(2) system call,
> unfortunately we have to do it by stat-ing the object and performing
> some (half-arsed) heuristics.
>
> This commit modifies the FUSE access(2) system call, so root is now
> able to chdir to any directory.
I've taken a look at few non-trivial FUSE filesystems, and none of them
seems to implement the access operation. I guess this means the kernel
does all the job by itself based on the permissions.
On the other hand, removing the access operation makes test-fuse.sh fail
in the chmod part, at:
[ ! -x new ]
interestingly enough, the permissions of "new" at that point are fine
(no -x), and strace'ing that test command gives
access("new", X_OK) = 0
so I'm puzzled...
Interestingly enough, even trying the allow_root and allow_other FUSE
options makes no difference.
So I'd say to commit this for now; just one note below.
> It also adds some debugging so we can debug these complex permissions
> checks in the field if some other problem arises in future.
> [...]
> + debug (g, "%s: "
> + "testing access mask%s%s%s%s: "
> + "caller UID:GID = %d:%d, "
> + "file UID:GID = %d:%d, "
> + "file mode = %o, "
> + "result = %s",
> + path,
> + mask & R_OK ? " R_OK" : "",
> + mask & W_OK ? " W_OK" : "",
> + mask & X_OK ? " X_OK" : "",
> + mask == 0 ? " 0" : "",
> + fuse->uid, fuse->gid,
> + statbuf.st_uid, statbuf.st_gid,
> + statbuf.st_mode,
> + ok ? "OK" : "EACCESS");
Would it be possible to split most of this debug right after the
mount_local_getattr invocation, so early returns have this debug as
well?
Thanks,
--
Pino Toscano
More information about the Libguestfs
mailing list