1. 06 Jan, 2006 1 commit
  2. 07 Nov, 2005 2 commits
  3. 31 Oct, 2005 1 commit
  4. 09 Sep, 2005 14 commits
    • Miklos Szeredi's avatar
      [PATCH] FUSE: don't allow restarting of system calls · 7c352bdf
      Miklos Szeredi authored
      
      
      This patch removes ability to interrupt and restart operations while there
      hasn't been any side-effect.
      
      The reason: applications.  There are some apps it seems that generate
      signals at a fast rate.  This means, that if the operation cannot make
      enough progress between two signals, it will be restarted for ever.  This
      bug actually manifested itself with 'krusader' trying to open a file for
      writing under sshfs.  Thanks to Eduard Czimbalmos for the report.
      
      The problem can be solved just by making open() uninterruptible, because in
      this case it was the truncate operation that slowed down the progress.  But
      it's better to solve this by simply not allowing interrupts at all (except
      SIGKILL), because applications don't expect file operations to be
      interruptible anyway.  As an added bonus the code is simplified somewhat.
      Signed-off-by: default avatarMiklos Szeredi <miklos@szeredi.hu>
      Signed-off-by: default avatarAndrew Morton <akpm@osdl.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@osdl.org>
      7c352bdf
    • Miklos Szeredi's avatar
      [PATCH] FUSE: add fsync operation for directories · 82547981
      Miklos Szeredi authored
      
      
      This patch adds a new FSYNCDIR request, which is sent when fsync is called
      on directories.  This operation is available in libfuse 2.3-pre1 or
      greater.
      Signed-off-by: default avatarMiklos Szeredi <miklos@szeredi.hu>
      Signed-off-by: default avatarAndrew Morton <akpm@osdl.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@osdl.org>
      82547981
    • Miklos Szeredi's avatar
      [PATCH] fuse: more flexible caching · 45323fb7
      Miklos Szeredi authored
      
      
      Make data caching behavior selectable on a per-open basis instead of
      per-mount.  Compatibility for the old mount options 'kernel_cache' and
      'direct_io' is retained in the userspace library (version 2.4.0-pre1 or
      later).
      Signed-off-by: default avatarMiklos Szeredi <miklos@szeredi.hu>
      Signed-off-by: default avatarAndrew Morton <akpm@osdl.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@osdl.org>
      45323fb7
    • Miklos Szeredi's avatar
      [PATCH] fuse: transfer readdir data through device · 04730fef
      Miklos Szeredi authored
      
      
      This patch removes a long lasting "hack" in FUSE, which used a separate
      channel (a file descriptor refering to a disk-file) to transfer directory
      contents from userspace to the kernel.
      
      The patch adds three new operations (OPENDIR, READDIR, RELEASEDIR), which
      have semantics and implementation exactly maching the respective file
      operations (OPEN, READ, RELEASE).
      
      This simplifies the directory reading code.  Also disk space is not
      necessary, which can be important in embedded systems.
      Signed-off-by: default avatarMiklos Szeredi <miklos@szeredi.hu>
      Signed-off-by: default avatarAndrew Morton <akpm@osdl.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@osdl.org>
      04730fef
    • Miklos Szeredi's avatar
      [PATCH] FUSE - direct I/O · 413ef8cb
      Miklos Szeredi authored
      
      
      This patch adds support for the "direct_io" mount option of FUSE.
      
      When this mount option is specified, the page cache is bypassed for
      read and write operations.  This is useful for example, if the
      filesystem doesn't know the size of files before reading them, or when
      any kind of caching is harmful.
      Signed-off-by: default avatarMiklos Szeredi <miklos@szeredi.hu>
      Signed-off-by: default avatarAndrew Morton <akpm@osdl.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@osdl.org>
      413ef8cb
    • Miklos Szeredi's avatar
      [PATCH] FUSE: tighten check for processes allowed access · 87729a55
      Miklos Szeredi authored
      
      
      This patch tightens the check for allowing processes to access non-privileged
      mounts.  The rational is that the filesystem implementation can control the
      behavior or get otherwise unavailable information of the filesystem user.  If
      the filesystem user process has the same uid, gid, and is not suid or sgid
      application, then access is safe.  Otherwise access is not allowed unless the
      "allow_other" mount option is given (for which policy is controlled by the
      userspace mount utility).
      
      Thanks to everyone linux-fsdevel, especially Martin Mares who helped uncover
      problems with the previous approach.
      Signed-off-by: default avatarMiklos Szeredi <miklos@szeredi.hu>
      Signed-off-by: default avatarAndrew Morton <akpm@osdl.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@osdl.org>
      87729a55
    • Miklos Szeredi's avatar
      [PATCH] FUSE - readpages operation · db50b96c
      Miklos Szeredi authored
      
      
      This patch adds readpages support to FUSE.
      
      With the help of the readpages() operation multiple reads are bundled
      together and sent as a single request to userspace.  This can improve
      reading performace.
      Signed-off-by: default avatarMiklos Szeredi <miklos@szeredi.hu>
      Signed-off-by: default avatarAndrew Morton <akpm@osdl.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@osdl.org>
      db50b96c
    • Miklos Szeredi's avatar
      [PATCH] FUSE - extended attribute operations · 92a8780e
      Miklos Szeredi authored
      
      
      This patch adds the extended attribute operations to FUSE.
      
      The following operations are added:
      
       o getxattr
       o setxattr
       o listxattr
       o removexattr
      Signed-off-by: default avatarMiklos Szeredi <miklos@szeredi.hu>
      Signed-off-by: default avatarAndrew Morton <akpm@osdl.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@osdl.org>
      92a8780e
    • Miklos Szeredi's avatar
      [PATCH] FUSE - mount options · 1e9a4ed9
      Miklos Szeredi authored
      
      
      This patch adds miscellaneous mount options to the FUSE filesystem.
      
      The following mount options are added:
      
       o default_permissions:  check permissions with generic_permission()
       o allow_other:          allow other users to access files
       o allow_root:           allow root to access files
       o kernel_cache:         don't invalidate page cache on open
      Signed-off-by: default avatarMiklos Szeredi <miklos@szeredi.hu>
      Signed-off-by: default avatarAndrew Morton <akpm@osdl.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@osdl.org>
      1e9a4ed9
    • Miklos Szeredi's avatar
      [PATCH] FUSE - file operations · b6aeaded
      Miklos Szeredi authored
      
      
      This patch adds the file operations of FUSE.
      
      The following operations are added:
      
       o open
       o flush
       o release
       o fsync
       o readpage
       o commit_write
      Signed-off-by: default avatarMiklos Szeredi <miklos@szeredi.hu>
      Signed-off-by: default avatarAndrew Morton <akpm@osdl.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@osdl.org>
      b6aeaded
    • Miklos Szeredi's avatar
      [PATCH] FUSE - read-write operations · 9e6268db
      Miklos Szeredi authored
      
      
      This patch adds the write filesystem operations of FUSE.
      
      The following operations are added:
      
       o setattr
       o symlink
       o mknod
       o mkdir
       o create
       o unlink
       o rmdir
       o rename
       o link
      Signed-off-by: default avatarMiklos Szeredi <miklos@szeredi.hu>
      Signed-off-by: default avatarAndrew Morton <akpm@osdl.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@osdl.org>
      9e6268db
    • Miklos Szeredi's avatar
      [PATCH] FUSE - read-only operations · e5e5558e
      Miklos Szeredi authored
      
      
      This patch adds the read-only filesystem operations of FUSE.
      
      This contains the following files:
      
       o dir.c
          - directory, symlink and file-inode operations
      
      The following operations are added:
      
       o lookup
       o getattr
       o readlink
       o follow_link
       o directory open
       o readdir
       o directory release
       o permission
       o dentry revalidate
       o statfs
      Signed-off-by: default avatarMiklos Szeredi <miklos@szeredi.hu>
      Signed-off-by: default avatarAndrew Morton <akpm@osdl.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@osdl.org>
      e5e5558e
    • Miklos Szeredi's avatar
      [PATCH] FUSE - device functions · 334f485d
      Miklos Szeredi authored
      
      
      This adds the FUSE device handling functions.
      
      This contains the following files:
      
       o dev.c
          - fuse device operations (read, write, release, poll)
          - registers misc device
          - support for sending requests to userspace
      Signed-off-by: default avatarMiklos Szeredi <miklos@szeredi.hu>
      Signed-off-by: default avatarAdrian Bunk <bunk@stusta.de>
      Signed-off-by: default avatarAndrew Morton <akpm@osdl.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@osdl.org>
      334f485d
    • Miklos Szeredi's avatar
      [PATCH] FUSE - core · d8a5ba45
      Miklos Szeredi authored
      
      
      This patch adds FUSE core.
      
      This contains the following files:
      
       o inode.c
          - superblock operations (alloc_inode, destroy_inode, read_inode,
            clear_inode, put_super, show_options)
          - registers FUSE filesystem
      
       o fuse_i.h
          - private header file
      
      Requirements
      ============
      
       The most important difference between orinary filesystems and FUSE is
       the fact, that the filesystem data/metadata is provided by a userspace
       process run with the privileges of the mount "owner" instead of the
       kernel, or some remote entity usually running with elevated
       privileges.
      
       The security implication of this is that a non-privileged user must
       not be able to use this capability to compromise the system.  Obvious
       requirements arising from this are:
      
        - mount owner should not be able to get elevated privileges with the
          help of the mounted filesystem
      
        - mount owner should not be able to induce undesired behavior in
          other users' or the super user's processes
      
        - mount owner should not get illegitimate access to information from
          other users' and the super user's processes
      
       These are currently ensured with the following constraints:
      
        1) mount is only allowed to directory or file which the mount owner
          can modify without limitation (write access + no sticky bit for
          directories)
      
        2) nosuid,nodev mount options are forced
      
        3) any process running with fsuid different from the owner is denied
           all access to the filesystem
      
       1) and 2) are ensured by the "fusermount" mount utility which is a
          setuid root application doing the actual mount operation.
      
       3) is ensured by a check in the permission() method in kernel
      
       I started thinking about doing 3) in a different way because Christoph
       H. made a big deal out of it, saying that FUSE is unacceptable into
       mainline in this form.
      
       The suggested use of private namespaces would be OK, but in their
       current form have many limitations that make their use impractical (as
       discussed in this thread).
      
       Suggested improvements that would address these limitations:
      
         - implement shared subtrees
      
         - allow a process to join an existing namespace (make namespaces
           first-class objects)
      
         - implement the namespace creation/joining in a PAM module
      
       With all that in place the check of owner against current->fsuid may
       be removed from the FUSE kernel module, without compromising the
       security requirements.
      
       Suid programs still interesting questions, since they get access even
       to the private namespace causing some information leak (exact
       order/timing of filesystem operations performed), giving some
       ptrace-like capabilities to unprivileged users.  BTW this problem is
       not strictly limited to the namespace approach, since suid programs
       setting fsuid and accessing users' files will succeed with the current
       approach too.
      Signed-off-by: default avatarMiklos Szeredi <miklos@szeredi.hu>
      Signed-off-by: default avatarAndrew Morton <akpm@osdl.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@osdl.org>
      d8a5ba45