Patch Detail
get:
Show a patch.
patch:
Update a patch.
put:
Update a patch.
GET /api/1.1/patches/2231575/?format=api
{ "id": 2231575, "url": "http://patchwork.ozlabs.org/api/1.1/patches/2231575/?format=api", "web_url": "http://patchwork.ozlabs.org/project/linux-ext4/patch/177758363640.1314717.8779015381265180859.stgit@frogsfrogsfrogs/", "project": { "id": 8, "url": "http://patchwork.ozlabs.org/api/1.1/projects/8/?format=api", "name": "Linux ext4 filesystem development", "link_name": "linux-ext4", "list_id": "linux-ext4.vger.kernel.org", "list_email": "linux-ext4@vger.kernel.org", "web_url": null, "scm_url": null, "webscm_url": null }, "msgid": "<177758363640.1314717.8779015381265180859.stgit@frogsfrogsfrogs>", "date": "2026-04-30T21:16:35", "name": "[06/13] util: hoist the fuse.conf parsing and setuid mode enforcement code", "commit_ref": null, "pull_url": null, "state": "new", "archived": false, "hash": "7c722acb1dd71e9e2f6943e17b60d3d04ca0772c", "submitter": { "id": 77032, "url": "http://patchwork.ozlabs.org/api/1.1/people/77032/?format=api", "name": "Darrick J. Wong", "email": "djwong@kernel.org" }, "delegate": null, "mbox": "http://patchwork.ozlabs.org/project/linux-ext4/patch/177758363640.1314717.8779015381265180859.stgit@frogsfrogsfrogs/mbox/", "series": [ { "id": 502386, "url": "http://patchwork.ozlabs.org/api/1.1/series/502386/?format=api", "web_url": "http://patchwork.ozlabs.org/project/linux-ext4/list/?series=502386", "date": "2026-04-30T21:15:17", "name": "[01/13] Refactor mount code / move common functions to mount_util.c", "version": 1, "mbox": "http://patchwork.ozlabs.org/series/502386/mbox/" } ], "comments": "http://patchwork.ozlabs.org/api/patches/2231575/comments/", "check": "pending", "checks": "http://patchwork.ozlabs.org/api/patches/2231575/checks/", "tags": {}, "headers": { "Return-Path": "\n <SRS0=Eoku=C5=vger.kernel.org=linux-ext4+bounces-16258-patchwork-incoming=ozlabs.org@ozlabs.org>", "X-Original-To": [ "incoming@patchwork.ozlabs.org", "linux-ext4@vger.kernel.org" ], "Delivered-To": [ "patchwork-incoming@legolas.ozlabs.org", "patchwork-incoming@ozlabs.org" ], "Authentication-Results": [ "legolas.ozlabs.org;\n\tdkim=pass (2048-bit key;\n unprotected) header.d=kernel.org header.i=@kernel.org header.a=rsa-sha256\n header.s=k20201202 header.b=ew1FIwGp;\n\tdkim-atps=neutral", "legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=ozlabs.org\n (client-ip=2404:9400:2221:ea00::3; helo=mail.ozlabs.org;\n envelope-from=srs0=eoku=c5=vger.kernel.org=linux-ext4+bounces-16258-patchwork-incoming=ozlabs.org@ozlabs.org;\n receiver=patchwork.ozlabs.org)", "gandalf.ozlabs.org;\n arc=pass smtp.remote-ip=\"2600:3c0a:e001:db::12fc:5321\"\n arc.chain=subspace.kernel.org", "gandalf.ozlabs.org;\n dmarc=pass (p=quarantine dis=none) header.from=kernel.org", "gandalf.ozlabs.org;\n\tdkim=pass (2048-bit key;\n unprotected) header.d=kernel.org header.i=@kernel.org header.a=rsa-sha256\n header.s=k20201202 header.b=ew1FIwGp;\n\tdkim-atps=neutral", "gandalf.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=vger.kernel.org\n (client-ip=2600:3c0a:e001:db::12fc:5321; helo=sea.lore.kernel.org;\n envelope-from=linux-ext4+bounces-16258-patchwork-incoming=ozlabs.org@vger.kernel.org;\n receiver=ozlabs.org)", "smtp.subspace.kernel.org;\n\tdkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org\n header.b=\"ew1FIwGp\"", "smtp.subspace.kernel.org;\n arc=none smtp.client-ip=10.30.226.201" ], "Received": [ "from mail.ozlabs.org (mail.ozlabs.org [IPv6:2404:9400:2221:ea00::3])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519 server-signature ECDSA (secp384r1 raw public key)\n server-digest SHA384)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4g66Vc263nz1yHZ\n\tfor <incoming@patchwork.ozlabs.org>; Fri, 01 May 2026 07:19:04 +1000 (AEST)", "from mail.ozlabs.org (mail.ozlabs.org [IPv6:2404:9400:2221:ea00::3])\n\tby gandalf.ozlabs.org (Postfix) with ESMTP id 4g66Vc1vbTz4wc4\n\tfor <incoming@patchwork.ozlabs.org>; Fri, 01 May 2026 07:19:04 +1000 (AEST)", "by gandalf.ozlabs.org (Postfix)\n\tid 4g66Vc1pspz4wck; Fri, 01 May 2026 07:19:04 +1000 (AEST)", "from sea.lore.kernel.org (sea.lore.kernel.org\n [IPv6:2600:3c0a:e001:db::12fc:5321])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519)\n\t(No client certificate requested)\n\tby gandalf.ozlabs.org (Postfix) with ESMTPS id 4g66VX36XQz4wc4\n\tfor <patchwork-incoming@ozlabs.org>; Fri, 01 May 2026 07:19:00 +1000 (AEST)", "from smtp.subspace.kernel.org (conduit.subspace.kernel.org\n [100.90.174.1])\n\tby sea.lore.kernel.org (Postfix) with ESMTP id 732A9304994F\n\tfor <patchwork-incoming@ozlabs.org>; Thu, 30 Apr 2026 21:16:37 +0000 (UTC)", "from localhost.localdomain (localhost.localdomain [127.0.0.1])\n\tby smtp.subspace.kernel.org (Postfix) with ESMTP id A3AA43B6C19;\n\tThu, 30 Apr 2026 21:16:36 +0000 (UTC)", "from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org\n [10.30.226.201])\n\t(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))\n\t(No client certificate requested)\n\tby smtp.subspace.kernel.org (Postfix) with ESMTPS id 629EA3A6B6B;\n\tThu, 30 Apr 2026 21:16:36 +0000 (UTC)", "by smtp.kernel.org (Postfix) with ESMTPSA id F1867C2BCB3;\n\tThu, 30 Apr 2026 21:16:35 +0000 (UTC)" ], "ARC-Seal": [ "i=2; a=rsa-sha256; d=ozlabs.org; s=201707; t=1777583944; cv=pass;\n\tb=pB74IiEDst4fFBeahWNwKtxgE+4tHfAF8PvisdmyadDlmDND8XKrR4XfSXZ1Eug+E7VgbXu2rkdWoRW5bpBdfHasJtOwQ7+jo3leDwxi3Yr1u2fshgWkaMOwTquAXv64YqbTYEfJmhHvNMZHBe+4ATH5MczYmDVnNodcWif9PwQJr4HEHugVTC4xnXSPRR6NYZVtPPE0lNSBOxF9wtu6V0n++b5tUaB3RqMm2Yez7vm8YQy7vewmyxQSyyg+2cfJkzYH02hQenrQnaEVUofs/EK6XXUkrl0c7FN9KfRpxrU4XFOw5KV2urOVANc+5eU/u5sue/eS1vwWCUreaOpvaQ==", "i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;\n\tt=1777583796; cv=none;\n b=sCZ91NJ6mhQJsPYHmRaXgSbNrb+zS76nu/dHrzm0oEY3uwHc1VXOHQHG1r9Zr4MnW96y0wB69YDkzfKlRCe/Xo4qCMV45UUIdwLjYllmLsWGQ6f+mGZiEbG7rwG8i1ywL92Q+sjFbJhovz+4n/KAd/LkrIYiFYrx8VcoPgcHCsw=" ], "ARC-Message-Signature": [ "i=2; a=rsa-sha256; d=ozlabs.org; s=201707;\n\tt=1777583944; c=relaxed/relaxed;\n\tbh=Hyu9AbDW9H8GKqHTk9wUC/y36rBzEBBAacPNnwvFXwk=;\n\th=Date:Subject:From:To:Cc:Message-ID:In-Reply-To:References:\n\t MIME-Version:Content-Type;\n b=lsx9wFG4cYTNrEyBTF74/oSHhwbm0nTqdQBM8VDzS0F9OIPfcHrGC4Pd5kJndCsEydGWe9eVV8tO0sUajBAh9zzp0ySby1AFd8dgDq0JD1X+qbh42X7X7UPPkWqATVf7G4qdG0iZsG555V4w/t92MCetePlSZkneMhGS/a/SZqQWsVR35FCdpLKB9WCiY+5FsHJbTmyGDyGTnIRyJWMEvdWwVbobpAiqefaZXM0Ly6Y5JizuCDqwW6gflE+pJDTu8eM59aHb0dWWaEvtCq4/YDru/sTdYiKoVI3zj288jcporcetXICZi6CzbncoC/4LUvtvLBCfa1PHBmZ0kiAU9Q==", "i=1; a=rsa-sha256; d=subspace.kernel.org;\n\ts=arc-20240116; t=1777583796; c=relaxed/simple;\n\tbh=I9nnyxXtk2XTOHWw/U6nGSkRiBf08FISZGp1i4eEf4o=;\n\th=Date:Subject:From:To:Cc:Message-ID:In-Reply-To:References:\n\t MIME-Version:Content-Type;\n b=q+HYDtmQBEIOXsM7JvwdI4GebTa1NEvaOUQ54MpEF0A9vmKXBA3rgkILP+F8UOVb4ysTZN6sTQH7cRTVagpeBBYqBhijwLo8FMZOny+l+FDeeU6GI78xqSNdO+Mdk+mGUMZdp6KdOfGa94+Om3xdmPmJJo9hgfxvOU6JNXYg1y0=" ], "ARC-Authentication-Results": [ "i=2; gandalf.ozlabs.org;\n dmarc=pass (p=quarantine dis=none) header.from=kernel.org;\n dkim=pass (2048-bit key;\n unprotected) header.d=kernel.org header.i=@kernel.org header.a=rsa-sha256\n header.s=k20201202 header.b=ew1FIwGp; dkim-atps=neutral;\n spf=pass (client-ip=2600:3c0a:e001:db::12fc:5321; helo=sea.lore.kernel.org;\n envelope-from=linux-ext4+bounces-16258-patchwork-incoming=ozlabs.org@vger.kernel.org;\n receiver=ozlabs.org) smtp.mailfrom=vger.kernel.org", "i=1; smtp.subspace.kernel.org;\n dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org\n header.b=ew1FIwGp; arc=none smtp.client-ip=10.30.226.201" ], "DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;\n\ts=k20201202; t=1777583796;\n\tbh=I9nnyxXtk2XTOHWw/U6nGSkRiBf08FISZGp1i4eEf4o=;\n\th=Date:Subject:From:To:Cc:In-Reply-To:References:From;\n\tb=ew1FIwGp0CZWZvEABlEyV+BNZb7l/tThZ8TdWZHvFHCYDWSWRNsZwcyv6T5KkCHKJ\n\t jnPqU6J51ZWUK7tdDqpqziKYJCDxf6wLfE5iYcSosROSEgwyZrBojz/O37ApOh5SNN\n\t fmKfwsCfnMThFGj7G4cXNNoUIIpe7cqwQKLMRPU3avsfmJfTEkGjlVtmdi0n/6MyzJ\n\t 3xRpnCXawnbg4lIjPLud/4S/o1Bz5oQzmgc2c1QRXuzTK2I+DKjuikcSJlHV2vBjgN\n\t 4XetRS7uN39GVEEuFuiULaKmYuKtFUDR4pFvdysEYUXrtom7LB8BFnwh/mbpmazBb3\n\t HcNjcl2Oqya0w==", "Date": "Thu, 30 Apr 2026 14:16:35 -0700", "Subject": "[PATCH 06/13] util: hoist the fuse.conf parsing and setuid mode\n enforcement code", "From": "\"Darrick J. Wong\" <djwong@kernel.org>", "To": "bernd@bsbernd.com, djwong@kernel.org", "Cc": "linux-fsdevel@vger.kernel.org, fuse-devel@lists.linux.dev,\n linux-ext4@vger.kernel.org, miklos@szeredi.hu, neal@gompa.dev,\n joannelkoong@gmail.com", "Message-ID": "<177758363640.1314717.8779015381265180859.stgit@frogsfrogsfrogs>", "In-Reply-To": "<177758363484.1314717.11777978893472254088.stgit@frogsfrogsfrogs>", "References": "<177758363484.1314717.11777978893472254088.stgit@frogsfrogsfrogs>", "Precedence": "bulk", "X-Mailing-List": "linux-ext4@vger.kernel.org", "List-Id": "<linux-ext4.vger.kernel.org>", "List-Subscribe": "<mailto:linux-ext4+subscribe@vger.kernel.org>", "List-Unsubscribe": "<mailto:linux-ext4+unsubscribe@vger.kernel.org>", "MIME-Version": "1.0", "Content-Type": "text/plain; charset=\"utf-8\"", "Content-Transfer-Encoding": "7bit", "X-Spam-Status": "No, score=-1.2 required=5.0 tests=ARC_SIGNED,ARC_VALID,\n\tDKIMWL_WL_HIGH,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DMARC_PASS,\n\tMAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS autolearn=disabled\n\tversion=4.0.1", "X-Spam-Checker-Version": "SpamAssassin 4.0.1 (2024-03-25) on gandalf.ozlabs.org" }, "content": "From: Darrick J. Wong <djwong@kernel.org>\n\nMove all the code that parses fuse.conf into a separate file in util/ so\nthat fuservicemount can read the same file, then add the security checks\nthat occur when fusermount is trying to start up a filesystem but is not\nrunning as root. We'll want that for fusermount in a moment.\n\nSigned-off-by: \"Darrick J. Wong\" <djwong@kernel.org>\n---\n util/fuser_conf.h | 61 ++++++++\n util/fuser_conf.c | 383 +++++++++++++++++++++++++++++++++++++++++++++++++++++\n util/fusermount.c | 358 +-------------------------------------------------\n util/meson.build | 6 -\n 4 files changed, 455 insertions(+), 353 deletions(-)\n create mode 100644 util/fuser_conf.h\n create mode 100644 util/fuser_conf.c", "diff": "diff --git a/util/fuser_conf.h b/util/fuser_conf.h\nnew file mode 100644\nindex 00000000000000..5afe70709c5152\n--- /dev/null\n+++ b/util/fuser_conf.h\n@@ -0,0 +1,61 @@\n+/*\n+ * FUSE: Filesystem in Userspace\n+ * Copyright (C) 2001-2007 Miklos Szeredi <miklos@szeredi.hu>\n+ *\n+ * This program can be distributed under the terms of the GNU LGPLv2.\n+ * See the file LGPL2.txt.\n+ */\n+#ifndef FUSER_CONF_H_\n+#define FUSER_CONF_H_\n+\n+#include <sys/vfs.h>\n+#include <sys/stat.h>\n+\n+extern int user_allow_other;\n+extern int mount_max;\n+\n+void unescape(char *buf);\n+\n+#ifdef GETMNTENT_NEEDS_UNESCAPING\n+#include <stdio.h>\n+#include <mntent.h>\n+\n+static inline struct mntent *GETMNTENT(FILE *stream)\n+{\n+\tstruct mntent *entp = getmntent(stream);\n+\tif(entp != NULL) {\n+\t\tunescape(entp->mnt_fsname);\n+\t\tunescape(entp->mnt_dir);\n+\t\tunescape(entp->mnt_type);\n+\t\tunescape(entp->mnt_opts);\n+\t}\n+\treturn entp;\n+}\n+#else\n+#define GETMNTENT getmntent\n+#endif // GETMNTENT_NEEDS_UNESCAPING\n+\n+int count_fuse_fs(const char *progname);\n+\n+void read_conf(const char *progname);\n+\n+void drop_privs(void);\n+void restore_privs(void);\n+\n+int check_nonroot_mount_count(const char *progname);\n+\n+int check_nonroot_dir_access(const char *progname, const char *origmnt,\n+\t\t\t const char *mnt, const struct stat *stbuf);\n+\n+int check_nonroot_fstype(const char *progname, const struct statfs *fs_buf);\n+\n+struct mount_flags {\n+\tconst char *opt;\n+\tunsigned long flag;\n+\tint on;\n+\tint safe;\n+};\n+\n+extern const struct mount_flags mount_flags[];\n+\n+#endif /* FUSER_CONF_H_ */\ndiff --git a/util/fuser_conf.c b/util/fuser_conf.c\nnew file mode 100644\nindex 00000000000000..ad933de9cf7cbf\n--- /dev/null\n+++ b/util/fuser_conf.c\n@@ -0,0 +1,383 @@\n+/*\n+ * FUSE: Filesystem in Userspace\n+ * Copyright (C) 2001-2007 Miklos Szeredi <miklos@szeredi.hu>\n+ *\n+ * This program can be distributed under the terms of the GNU GPLv2.\n+ * See the file GPL2.txt.\n+ */\n+/* This program parses fuse.conf */\n+#define _GNU_SOURCE\n+#include \"fuse_config.h\"\n+#include \"mount_util.h\"\n+#include \"util.h\"\n+#include \"fuser_conf.h\"\n+\n+#include <string.h>\n+#include <stddef.h>\n+#include <ctype.h>\n+#include <stdio.h>\n+#include <stdlib.h>\n+#include <errno.h>\n+#include <mntent.h>\n+#include <unistd.h>\n+#include <sys/fsuid.h>\n+\n+#include \"fuse_mount_compat.h\"\n+\n+#if defined HAVE_LISTMOUNT\n+#include <linux/mount.h>\n+#include <syscall.h>\n+#include <stdint.h>\n+#endif\n+\n+int user_allow_other = 0;\n+int mount_max = 1000;\n+static uid_t oldfsuid;\n+static gid_t oldfsgid;\n+\n+// Older versions of musl libc don't unescape entries in /etc/mtab\n+\n+// unescapes octal sequences like \\040 in-place\n+// That's ok, because unescaping can not extend the length of the string.\n+void unescape(char *buf)\n+{\n+\tchar *src = buf;\n+\tchar *dest = buf;\n+\twhile (1) {\n+\t\tchar *next_src = strchrnul(src, '\\\\');\n+\t\tint offset = next_src - src;\n+\t\tmemmove(dest, src, offset);\n+\t\tsrc = next_src;\n+\t\tdest += offset;\n+\n+\t\tif(*src == '\\0') {\n+\t\t\t*dest = *src;\n+\t\t\treturn;\n+\t\t}\n+\t\tsrc++;\n+\n+\t\tif('0' <= src[0] && src[0] < '2' &&\n+\t\t '0' <= src[1] && src[1] < '8' &&\n+\t\t '0' <= src[2] && src[2] < '8') {\n+\t\t\t*dest++ = (src[0] - '0') << 6\n+\t\t\t | (src[1] - '0') << 3\n+\t\t\t | (src[2] - '0') << 0;\n+\t\t\tsrc += 3;\n+\t\t} else if (src[0] == '\\\\') {\n+\t\t\t*dest++ = '\\\\';\n+\t\t\tsrc += 1;\n+\t\t} else {\n+\t\t\t*dest++ = '\\\\';\n+\t\t}\n+\t}\n+}\n+\n+#ifndef IGNORE_MTAB\n+static int count_fuse_fs_mtab(const char *progname)\n+{\n+\tconst struct mntent *entp;\n+\tint count = 0;\n+\tconst char *mtab = _PATH_MOUNTED;\n+\tFILE *fp = setmntent(mtab, \"r\");\n+\tif (fp == NULL) {\n+\t\tfprintf(stderr, \"%s: failed to open %s: %s\\n\", progname, mtab,\n+\t\t\tstrerror(errno));\n+\t\treturn -1;\n+\t}\n+\twhile ((entp = GETMNTENT(fp)) != NULL) {\n+\t\tif (strcmp(entp->mnt_type, \"fuse\") == 0 ||\n+\t\t strncmp(entp->mnt_type, \"fuse.\", 5) == 0)\n+\t\t\tcount ++;\n+\t}\n+\tendmntent(fp);\n+\treturn count;\n+}\n+\n+#ifdef HAVE_LISTMOUNT\n+static int count_fuse_fs_ls_mnt(const char *progname)\n+{\n+\t#define SMBUF_SIZE 1024\n+\t#define MNT_ID_LEN 128\n+\n+\tint fuse_count = 0;\n+\tint n_mounts = 0;\n+\tint ret = 0;\n+\tuint64_t mnt_ids[MNT_ID_LEN];\n+\tunsigned char smbuf[SMBUF_SIZE];\n+\tstruct mnt_id_req req = {\n+\t\t.size = sizeof(struct mnt_id_req),\n+\t};\n+\tstruct statmount *sm;\n+\n+\tfor (;;) {\n+\t\treq.mnt_id = LSMT_ROOT;\n+\n+\t\tn_mounts = syscall(SYS_listmount, &req, &mnt_ids, MNT_ID_LEN, 0);\n+\t\tif (n_mounts == -1) {\n+\t\t\tif (errno != ENOSYS) {\n+\t\t\t\tfprintf(stderr, \"%s: failed to list mounts: %s\\n\", progname,\n+\t\t\t\t\tstrerror(errno));\n+\t\t\t}\n+\t\t\treturn -1;\n+\t\t}\n+\n+\t\tfor (int i = 0; i < n_mounts; i++) {\n+\t\t\treq.mnt_id = mnt_ids[i];\n+\t\t\treq.param = STATMOUNT_FS_TYPE;\n+\t\t\tret = syscall(SYS_statmount, &req, &smbuf, SMBUF_SIZE, 0);\n+\t\t\tif (ret) {\n+\t\t\t\tif (errno == ENOENT)\n+\t\t\t\t\tcontinue;\n+\n+\t\t\t\tfprintf(stderr, \"%s: failed to stat mount %lld: %s\\n\", progname,\n+\t\t\t\t\treq.mnt_id, strerror(errno));\n+\t\t\t\treturn -1;\n+\t\t\t}\n+\n+\t\t\tsm = (struct statmount *)smbuf;\n+\t\t\tif (sm->mask & STATMOUNT_FS_TYPE &&\n+\t\t\t strcmp(&sm->str[sm->fs_type], \"fuse\") == 0)\n+\t\t\t\tfuse_count++;\n+\t\t}\n+\n+\t\tif (n_mounts < MNT_ID_LEN)\n+\t\t\tbreak;\n+\t\treq.param = mnt_ids[MNT_ID_LEN - 1];\n+\t}\n+\treturn fuse_count;\n+}\n+\n+int count_fuse_fs(const char *progname)\n+{\n+\tint count = count_fuse_fs_ls_mnt(progname);\n+\n+\treturn count >= 0 ? count : count_fuse_fs_mtab(progname);\n+}\n+#else\n+int count_fuse_fs(const char *progname)\n+{\n+\treturn count_fuse_fs_mtab(progname);\n+}\n+#endif /* HAVE_LISTMOUNT */\n+#else\n+int count_fuse_fs(const char *progname)\n+{\n+\treturn 0;\n+}\n+#endif /* !IGNORE_MTAB */\n+\n+static void strip_line(char *line)\n+{\n+\tchar *s = strchr(line, '#');\n+\tif (s != NULL)\n+\t\ts[0] = '\\0';\n+\tfor (s = line + strlen(line) - 1;\n+\t s >= line && isspace((unsigned char) *s); s--);\n+\ts[1] = '\\0';\n+\tfor (s = line; isspace((unsigned char) *s); s++);\n+\tif (s != line)\n+\t\tmemmove(line, s, strlen(s)+1);\n+}\n+\n+static void parse_line(const char *line, int linenum, const char *progname)\n+{\n+\tint tmp;\n+\tif (strcmp(line, \"user_allow_other\") == 0)\n+\t\tuser_allow_other = 1;\n+\telse if (sscanf(line, \"mount_max = %i\", &tmp) == 1)\n+\t\tmount_max = tmp;\n+\telse if(line[0])\n+\t\tfprintf(stderr,\n+\t\t\t\"%s: unknown parameter in %s at line %i: '%s'\\n\",\n+\t\t\tprogname, FUSE_CONF, linenum, line);\n+}\n+\n+void read_conf(const char *progname)\n+{\n+\tFILE *fp = fopen(FUSE_CONF, \"r\");\n+\tif (fp != NULL) {\n+\t\tint linenum = 1;\n+\t\tchar line[256];\n+\t\tint isnewline = 1;\n+\t\twhile (fgets(line, sizeof(line), fp) != NULL) {\n+\t\t\tif (isnewline) {\n+\t\t\t\tif (line[strlen(line)-1] == '\\n') {\n+\t\t\t\t\tstrip_line(line);\n+\t\t\t\t\tparse_line(line, linenum, progname);\n+\t\t\t\t} else {\n+\t\t\t\t\tisnewline = 0;\n+\t\t\t\t}\n+\t\t\t} else if(line[strlen(line)-1] == '\\n') {\n+\t\t\t\tfprintf(stderr, \"%s: reading %s: line %i too long\\n\", progname, FUSE_CONF, linenum);\n+\n+\t\t\t\tisnewline = 1;\n+\t\t\t}\n+\t\t\tif (isnewline)\n+\t\t\t\tlinenum ++;\n+\t\t}\n+\t\tif (!isnewline) {\n+\t\t\tfprintf(stderr, \"%s: reading %s: missing newline at end of file\\n\", progname, FUSE_CONF);\n+\n+\t\t}\n+\t\tif (ferror(fp)) {\n+\t\t\tfprintf(stderr, \"%s: reading %s: read failed\\n\", progname, FUSE_CONF);\n+\t\t\texit(1);\n+\t\t}\n+\t\tfclose(fp);\n+\t} else if (errno != ENOENT) {\n+\t\tbool fatal = (errno != EACCES && errno != ELOOP &&\n+\t\t\t errno != ENAMETOOLONG && errno != ENOTDIR &&\n+\t\t\t errno != EOVERFLOW);\n+\t\tfprintf(stderr, \"%s: failed to open %s: %s\\n\",\n+\t\t\tprogname, FUSE_CONF, strerror(errno));\n+\t\tif (fatal)\n+\t\t\texit(1);\n+\t}\n+}\n+\n+void drop_privs(void)\n+{\n+\tif (getuid() != 0) {\n+\t\toldfsuid = setfsuid(getuid());\n+\t\toldfsgid = setfsgid(getgid());\n+\t}\n+}\n+\n+void restore_privs(void)\n+{\n+\tif (getuid() != 0) {\n+\t\tsetfsuid(oldfsuid);\n+\t\tsetfsgid(oldfsgid);\n+\t}\n+}\n+\n+int check_nonroot_mount_count(const char *progname)\n+{\n+\tif (mount_max == -1)\n+\t\treturn 0;\n+\n+\tint mount_count = count_fuse_fs(progname);\n+\n+\tif (mount_count >= mount_max) {\n+\t\tfprintf(stderr,\n+\"%s: too many FUSE filesystems mounted; mount_max=N can be set in %s\\n\",\n+\t\t\tprogname, FUSE_CONF);\n+\t\treturn -1;\n+\t}\n+\n+\treturn 0;\n+}\n+\n+int check_nonroot_dir_access(const char *progname, const char *origmnt,\n+\t\t\t const char *mnt, const struct stat *stbuf)\n+{\n+\tint res;\n+\n+\tif ((stbuf->st_mode & S_ISVTX) && stbuf->st_uid != getuid()) {\n+\t\tfprintf(stderr, \"%s: mountpoint %s not owned by user\\n\",\n+\t\t\tprogname, origmnt);\n+\t\treturn -1;\n+\t}\n+\n+\tres = access(mnt, W_OK);\n+\tif (res == -1) {\n+\t\tfprintf(stderr, \"%s: user has no write access to mountpoint %s\\n\",\n+\t\t\tprogname, origmnt);\n+\t\treturn -1;\n+\t}\n+\n+\treturn 0;\n+}\n+\n+int check_nonroot_fstype(const char *progname, const struct statfs *fs_buf)\n+{\n+\tsize_t i;\n+\n+\t/* Do not permit mounting over anything in procfs - it has a couple\n+\t * places to which we have \"write access\" without being supposed to be\n+\t * able to just put anything we want there.\n+\t * Luckily, without allow_other, we can't get other users to actually\n+\t * use any fake information we try to put there anyway.\n+\t * Use a whitelist to be safe. */\n+\n+\t/* Define permitted filesystems for the mount target. This was\n+\t * originally the same list as used by the ecryptfs mount helper\n+\t * (https://bazaar.launchpad.net/~ecryptfs/ecryptfs/trunk/view/head:/src/utils/mount.ecryptfs_private.c#L225)\n+\t * but got expanded as we found more filesystems that needed to be\n+\t * overlaid. */\n+\ttypeof(fs_buf->f_type) f_type_whitelist[] = {\n+\t\t0x61756673 /* AUFS_SUPER_MAGIC */,\n+\t\t0x00000187 /* AUTOFS_SUPER_MAGIC */,\n+\t\t0xCA451A4E /* BCACHEFS_STATFS_MAGIC */,\n+\t\t0x9123683E /* BTRFS_SUPER_MAGIC */,\n+\t\t0x00C36400 /* CEPH_SUPER_MAGIC */,\n+\t\t0xFF534D42 /* CIFS_MAGIC_NUMBER */,\n+\t\t0x0000F15F /* ECRYPTFS_SUPER_MAGIC */,\n+\t\t0X2011BAB0 /* EXFAT_SUPER_MAGIC */,\n+\t\t0x0000EF53 /* EXT[234]_SUPER_MAGIC */,\n+\t\t0xF2F52010 /* F2FS_SUPER_MAGIC */,\n+\t\t0x65735546 /* FUSE_SUPER_MAGIC */,\n+\t\t0x01161970 /* GFS2_MAGIC */,\n+\t\t0x47504653 /* GPFS_SUPER_MAGIC */,\n+\t\t0x0000482b /* HFSPLUS_SUPER_MAGIC */,\n+\t\t0x000072B6 /* JFFS2_SUPER_MAGIC */,\n+\t\t0x3153464A /* JFS_SUPER_MAGIC */,\n+\t\t0x0BD00BD0 /* LL_SUPER_MAGIC */,\n+\t\t0X00004D44 /* MSDOS_SUPER_MAGIC */,\n+\t\t0x0000564C /* NCP_SUPER_MAGIC */,\n+\t\t0x00006969 /* NFS_SUPER_MAGIC */,\n+\t\t0x00003434 /* NILFS_SUPER_MAGIC */,\n+\t\t0x5346544E /* NTFS_SB_MAGIC */,\n+\t\t0x7366746E /* NTFS3_SUPER_MAGIC */,\n+\t\t0x5346414f /* OPENAFS_SUPER_MAGIC */,\n+\t\t0x794C7630 /* OVERLAYFS_SUPER_MAGIC */,\n+\t\t0xAAD7AAEA /* PANFS_SUPER_MAGIC */,\n+\t\t0x52654973 /* REISERFS_SUPER_MAGIC */,\n+\t\t0xFE534D42 /* SMB2_SUPER_MAGIC */,\n+\t\t0x73717368 /* SQUASHFS_MAGIC */,\n+\t\t0x01021994 /* TMPFS_MAGIC */,\n+\t\t0x24051905 /* UBIFS_SUPER_MAGIC */,\n+\t\t0x18031977 /* WEKAFS_SUPER_MAGIC */,\n+#if __SIZEOF_LONG__ > 4\n+\t\t0x736675005346544e /* UFSD */,\n+#endif\n+\t\t0x58465342 /* XFS_SB_MAGIC */,\n+\t\t0x2FC12FC1 /* ZFS_SUPER_MAGIC */,\n+\t\t0x858458f6 /* RAMFS_MAGIC */,\n+\t};\n+\tfor (i = 0; i < sizeof(f_type_whitelist)/sizeof(f_type_whitelist[0]); i++) {\n+\t\tif (f_type_whitelist[i] == fs_buf->f_type)\n+\t\t\treturn 0;\n+\t}\n+\n+\tfprintf(stderr, \"%s: mounting over filesystem type %#010lx is forbidden\\n\",\n+\t\tprogname, (unsigned long)fs_buf->f_type);\n+\treturn -1;\n+}\n+\n+const struct mount_flags mount_flags[] = {\n+\t{\"rw\",\t MS_RDONLY,\t 0, 1},\n+\t{\"ro\",\t MS_RDONLY,\t 1, 1},\n+\t{\"suid\", MS_NOSUID,\t 0, 0},\n+\t{\"nosuid\", MS_NOSUID,\t 1, 1},\n+\t{\"dev\",\t MS_NODEV,\t 0, 0},\n+\t{\"nodev\", MS_NODEV,\t 1, 1},\n+\t{\"exec\", MS_NOEXEC,\t 0, 1},\n+\t{\"noexec\", MS_NOEXEC,\t 1, 1},\n+\t{\"async\", MS_SYNCHRONOUS, 0, 1},\n+\t{\"sync\", MS_SYNCHRONOUS, 1, 1},\n+\t{\"atime\", MS_NOATIME,\t 0, 1},\n+\t{\"noatime\", MS_NOATIME,\t 1, 1},\n+\t{\"diratime\", MS_NODIRATIME, 0, 1},\n+\t{\"nodiratime\", MS_NODIRATIME, 1, 1},\n+\t{\"lazytime\", MS_LAZYTIME, 1, 1},\n+\t{\"nolazytime\", MS_LAZYTIME, 0, 1},\n+\t{\"relatime\", MS_RELATIME, 1, 1},\n+\t{\"norelatime\", MS_RELATIME, 0, 1},\n+\t{\"strictatime\", MS_STRICTATIME, 1, 1},\n+\t{\"nostrictatime\", MS_STRICTATIME, 0, 1},\n+\t{\"dirsync\", MS_DIRSYNC,\t 1, 1},\n+\t{\"symfollow\", MS_NOSYMFOLLOW, 0, 1},\n+\t{\"nosymfollow\", MS_NOSYMFOLLOW, 1, 1},\n+\t{NULL,\t 0,\t\t 0, 0}\n+};\ndiff --git a/util/fusermount.c b/util/fusermount.c\nindex 68370468140a59..c7905d58a85e32 100644\n--- a/util/fusermount.c\n+++ b/util/fusermount.c\n@@ -11,6 +11,7 @@\n #include \"fuse_config.h\"\n #include \"mount_util.h\"\n #include \"util.h\"\n+#include \"fuser_conf.h\"\n \n #include <stdio.h>\n #include <stdlib.h>\n@@ -50,63 +51,8 @@\n \n static const char *progname;\n \n-static int user_allow_other = 0;\n-static int mount_max = 1000;\n-\n static int auto_unmount = 0;\n \n-#ifdef GETMNTENT_NEEDS_UNESCAPING\n-// Older versions of musl libc don't unescape entries in /etc/mtab\n-\n-// unescapes octal sequences like \\040 in-place\n-// That's ok, because unescaping can not extend the length of the string.\n-static void unescape(char *buf) {\n-\tchar *src = buf;\n-\tchar *dest = buf;\n-\twhile (1) {\n-\t\tchar *next_src = strchrnul(src, '\\\\');\n-\t\tint offset = next_src - src;\n-\t\tmemmove(dest, src, offset);\n-\t\tsrc = next_src;\n-\t\tdest += offset;\n-\n-\t\tif(*src == '\\0') {\n-\t\t\t*dest = *src;\n-\t\t\treturn;\n-\t\t}\n-\t\tsrc++;\n-\n-\t\tif('0' <= src[0] && src[0] < '2' &&\n-\t\t '0' <= src[1] && src[1] < '8' &&\n-\t\t '0' <= src[2] && src[2] < '8') {\n-\t\t\t*dest++ = (src[0] - '0') << 6\n-\t\t\t | (src[1] - '0') << 3\n-\t\t\t | (src[2] - '0') << 0;\n-\t\t\tsrc += 3;\n-\t\t} else if (src[0] == '\\\\') {\n-\t\t\t*dest++ = '\\\\';\n-\t\t\tsrc += 1;\n-\t\t} else {\n-\t\t\t*dest++ = '\\\\';\n-\t\t}\n-\t}\n-}\n-\n-static struct mntent *GETMNTENT(FILE *stream)\n-{\n-\tstruct mntent *entp = getmntent(stream);\n-\tif(entp != NULL) {\n-\t\tunescape(entp->mnt_fsname);\n-\t\tunescape(entp->mnt_dir);\n-\t\tunescape(entp->mnt_type);\n-\t\tunescape(entp->mnt_opts);\n-\t}\n-\treturn entp;\n-}\n-#else\n-#define GETMNTENT getmntent\n-#endif // GETMNTENT_NEEDS_UNESCAPING\n-\n /*\n * Take a ',' separated option string and extract \"x-\" options\n */\n@@ -188,25 +134,6 @@ static const char *get_user_name(void)\n \t}\n }\n \n-static uid_t oldfsuid;\n-static gid_t oldfsgid;\n-\n-static void drop_privs(void)\n-{\n-\tif (getuid() != 0) {\n-\t\toldfsuid = setfsuid(getuid());\n-\t\toldfsgid = setfsgid(getgid());\n-\t}\n-}\n-\n-static void restore_privs(void)\n-{\n-\tif (getuid() != 0) {\n-\t\tsetfsuid(oldfsuid);\n-\t\tsetfsgid(oldfsgid);\n-\t}\n-}\n-\n #ifndef IGNORE_MTAB\n /*\n * Make sure that /etc/mtab is checked and updated atomically\n@@ -568,100 +495,7 @@ static int unmount_fuse(const char *mnt, int quiet, int lazy)\n \n \treturn res;\n }\n-\n-static int count_fuse_fs_mtab(void)\n-{\n-\tconst struct mntent *entp;\n-\tint count = 0;\n-\tconst char *mtab = _PATH_MOUNTED;\n-\tFILE *fp = setmntent(mtab, \"r\");\n-\tif (fp == NULL) {\n-\t\tfprintf(stderr, \"%s: failed to open %s: %s\\n\", progname, mtab,\n-\t\t\tstrerror(errno));\n-\t\treturn -1;\n-\t}\n-\twhile ((entp = GETMNTENT(fp)) != NULL) {\n-\t\tif (strcmp(entp->mnt_type, \"fuse\") == 0 ||\n-\t\t strncmp(entp->mnt_type, \"fuse.\", 5) == 0)\n-\t\t\tcount ++;\n-\t}\n-\tendmntent(fp);\n-\treturn count;\n-}\n-\n-#ifdef HAVE_LISTMOUNT\n-static int count_fuse_fs_ls_mnt(void)\n-{\n-\t#define SMBUF_SIZE 1024\n-\t#define MNT_ID_LEN 128\n-\n-\tint fuse_count = 0;\n-\tint n_mounts = 0;\n-\tint ret = 0;\n-\tuint64_t mnt_ids[MNT_ID_LEN];\n-\tunsigned char smbuf[SMBUF_SIZE];\n-\tstruct mnt_id_req req = {\n-\t\t.size = sizeof(struct mnt_id_req),\n-\t};\n-\tstruct statmount *sm;\n-\n-\tfor (;;) {\n-\t\treq.mnt_id = LSMT_ROOT;\n-\n-\t\tn_mounts = syscall(SYS_listmount, &req, &mnt_ids, MNT_ID_LEN, 0);\n-\t\tif (n_mounts == -1) {\n-\t\t\tif (errno != ENOSYS) {\n-\t\t\t\tfprintf(stderr, \"%s: failed to list mounts: %s\\n\", progname,\n-\t\t\t\t\tstrerror(errno));\n-\t\t\t}\n-\t\t\treturn -1;\n-\t\t}\n-\n-\t\tfor (int i = 0; i < n_mounts; i++) {\n-\t\t\treq.mnt_id = mnt_ids[i];\n-\t\t\treq.param = STATMOUNT_FS_TYPE;\n-\t\t\tret = syscall(SYS_statmount, &req, &smbuf, SMBUF_SIZE, 0);\n-\t\t\tif (ret) {\n-\t\t\t\tif (errno == ENOENT)\n-\t\t\t\t\tcontinue;\n-\n-\t\t\t\tfprintf(stderr, \"%s: failed to stat mount %lld: %s\\n\", progname,\n-\t\t\t\t\treq.mnt_id, strerror(errno));\n-\t\t\t\treturn -1;\n-\t\t\t}\n-\n-\t\t\tsm = (struct statmount *)smbuf;\n-\t\t\tif (sm->mask & STATMOUNT_FS_TYPE &&\n-\t\t\t strcmp(&sm->str[sm->fs_type], \"fuse\") == 0)\n-\t\t\t\tfuse_count++;\n-\t\t}\n-\n-\t\tif (n_mounts < MNT_ID_LEN)\n-\t\t\tbreak;\n-\t\treq.param = mnt_ids[MNT_ID_LEN - 1];\n-\t}\n-\treturn fuse_count;\n-}\n-\n-static int count_fuse_fs(void)\n-{\n-\tint count = count_fuse_fs_ls_mnt();\n-\n-\treturn count >= 0 ? count : count_fuse_fs_mtab();\n-}\n-#else\n-static int count_fuse_fs(void)\n-{\n-\treturn count_fuse_fs_mtab();\n-}\n-#endif\n-\n #else /* IGNORE_MTAB */\n-static int count_fuse_fs(void)\n-{\n-\treturn 0;\n-}\n-\n static int add_mount(const char *source, const char *mnt, const char *type,\n \t\t const char *opts)\n {\n@@ -679,75 +513,6 @@ static int unmount_fuse(const char *mnt, int quiet, int lazy)\n }\n #endif /* IGNORE_MTAB */\n \n-static void strip_line(char *line)\n-{\n-\tchar *s = strchr(line, '#');\n-\tif (s != NULL)\n-\t\ts[0] = '\\0';\n-\tfor (s = line + strlen(line) - 1;\n-\t s >= line && isspace((unsigned char) *s); s--);\n-\ts[1] = '\\0';\n-\tfor (s = line; isspace((unsigned char) *s); s++);\n-\tif (s != line)\n-\t\tmemmove(line, s, strlen(s)+1);\n-}\n-\n-static void parse_line(const char *line, int linenum)\n-{\n-\tint tmp;\n-\tif (strcmp(line, \"user_allow_other\") == 0)\n-\t\tuser_allow_other = 1;\n-\telse if (sscanf(line, \"mount_max = %i\", &tmp) == 1)\n-\t\tmount_max = tmp;\n-\telse if(line[0])\n-\t\tfprintf(stderr,\n-\t\t\t\"%s: unknown parameter in %s at line %i: '%s'\\n\",\n-\t\t\tprogname, FUSE_CONF, linenum, line);\n-}\n-\n-static void read_conf(void)\n-{\n-\tFILE *fp = fopen(FUSE_CONF, \"r\");\n-\tif (fp != NULL) {\n-\t\tint linenum = 1;\n-\t\tchar line[256];\n-\t\tint isnewline = 1;\n-\t\twhile (fgets(line, sizeof(line), fp) != NULL) {\n-\t\t\tif (isnewline) {\n-\t\t\t\tif (line[strlen(line)-1] == '\\n') {\n-\t\t\t\t\tstrip_line(line);\n-\t\t\t\t\tparse_line(line, linenum);\n-\t\t\t\t} else {\n-\t\t\t\t\tisnewline = 0;\n-\t\t\t\t}\n-\t\t\t} else if(line[strlen(line)-1] == '\\n') {\n-\t\t\t\tfprintf(stderr, \"%s: reading %s: line %i too long\\n\", progname, FUSE_CONF, linenum);\n-\n-\t\t\t\tisnewline = 1;\n-\t\t\t}\n-\t\t\tif (isnewline)\n-\t\t\t\tlinenum ++;\n-\t\t}\n-\t\tif (!isnewline) {\n-\t\t\tfprintf(stderr, \"%s: reading %s: missing newline at end of file\\n\", progname, FUSE_CONF);\n-\n-\t\t}\n-\t\tif (ferror(fp)) {\n-\t\t\tfprintf(stderr, \"%s: reading %s: read failed\\n\", progname, FUSE_CONF);\n-\t\t\texit(1);\n-\t\t}\n-\t\tfclose(fp);\n-\t} else if (errno != ENOENT) {\n-\t\tbool fatal = (errno != EACCES && errno != ELOOP &&\n-\t\t\t errno != ENAMETOOLONG && errno != ENOTDIR &&\n-\t\t\t errno != EOVERFLOW);\n-\t\tfprintf(stderr, \"%s: failed to open %s: %s\\n\",\n-\t\t\tprogname, FUSE_CONF, strerror(errno));\n-\t\tif (fatal)\n-\t\t\texit(1);\n-\t}\n-}\n-\n static int begins_with(const char *s, const char *beg)\n {\n \tif (strncmp(s, beg, strlen(beg)) == 0)\n@@ -756,40 +521,6 @@ static int begins_with(const char *s, const char *beg)\n \t\treturn 0;\n }\n \n-struct mount_flags {\n-\tconst char *opt;\n-\tunsigned long flag;\n-\tint on;\n-\tint safe;\n-};\n-\n-static struct mount_flags mount_flags[] = {\n-\t{\"rw\",\t MS_RDONLY,\t 0, 1},\n-\t{\"ro\",\t MS_RDONLY,\t 1, 1},\n-\t{\"suid\", MS_NOSUID,\t 0, 0},\n-\t{\"nosuid\", MS_NOSUID,\t 1, 1},\n-\t{\"dev\",\t MS_NODEV,\t 0, 0},\n-\t{\"nodev\", MS_NODEV,\t 1, 1},\n-\t{\"exec\", MS_NOEXEC,\t 0, 1},\n-\t{\"noexec\", MS_NOEXEC,\t 1, 1},\n-\t{\"async\", MS_SYNCHRONOUS, 0, 1},\n-\t{\"sync\", MS_SYNCHRONOUS, 1, 1},\n-\t{\"atime\", MS_NOATIME,\t 0, 1},\n-\t{\"noatime\", MS_NOATIME,\t 1, 1},\n-\t{\"diratime\", MS_NODIRATIME, 0, 1},\n-\t{\"nodiratime\", MS_NODIRATIME, 1, 1},\n-\t{\"lazytime\", MS_LAZYTIME, 1, 1},\n-\t{\"nolazytime\", MS_LAZYTIME, 0, 1},\n-\t{\"relatime\", MS_RELATIME, 1, 1},\n-\t{\"norelatime\", MS_RELATIME, 0, 1},\n-\t{\"strictatime\", MS_STRICTATIME, 1, 1},\n-\t{\"nostrictatime\", MS_STRICTATIME, 0, 1},\n-\t{\"dirsync\", MS_DIRSYNC,\t 1, 1},\n-\t{\"symfollow\", MS_NOSYMFOLLOW, 0, 1},\n-\t{\"nosymfollow\", MS_NOSYMFOLLOW, 1, 1},\n-\t{NULL,\t 0,\t\t 0, 0}\n-};\n-\n static int find_mount_flag(const char *s, unsigned len, int *on, int *flag)\n {\n \tint i;\n@@ -1096,7 +827,6 @@ static int check_perm(const char **mntp, struct stat *stbuf, int *mountpoint_fd)\n \tconst char *mnt = *mntp;\n \tconst char *origmnt = mnt;\n \tstruct statfs fs_buf;\n-\tsize_t i;\n \n \tres = lstat(mnt, stbuf);\n \tif (res == -1) {\n@@ -1126,18 +856,9 @@ static int check_perm(const char **mntp, struct stat *stbuf, int *mountpoint_fd)\n \t\t\treturn -1;\n \t\t}\n \n-\t\tif ((stbuf->st_mode & S_ISVTX) && stbuf->st_uid != getuid()) {\n-\t\t\tfprintf(stderr, \"%s: mountpoint %s not owned by user\\n\",\n-\t\t\t\tprogname, origmnt);\n-\t\t\treturn -1;\n-\t\t}\n-\n-\t\tres = access(mnt, W_OK);\n-\t\tif (res == -1) {\n-\t\t\tfprintf(stderr, \"%s: user has no write access to mountpoint %s\\n\",\n-\t\t\t\tprogname, origmnt);\n-\t\t\treturn -1;\n-\t\t}\n+\t\tres = check_nonroot_dir_access(progname, origmnt, mnt, stbuf);\n+\t\tif (res)\n+\t\t\treturn res;\n \t} else if (S_ISREG(stbuf->st_mode)) {\n \t\tstatic char procfile[256];\n \t\t*mountpoint_fd = open(mnt, O_WRONLY);\n@@ -1169,71 +890,13 @@ static int check_perm(const char **mntp, struct stat *stbuf, int *mountpoint_fd)\n \t\treturn -1;\n \t}\n \n-\t/* Do not permit mounting over anything in procfs - it has a couple\n-\t * places to which we have \"write access\" without being supposed to be\n-\t * able to just put anything we want there.\n-\t * Luckily, without allow_other, we can't get other users to actually\n-\t * use any fake information we try to put there anyway.\n-\t * Use a whitelist to be safe. */\n \tif (statfs(*mntp, &fs_buf)) {\n \t\tfprintf(stderr, \"%s: failed to access mountpoint %s: %s\\n\",\n \t\t\tprogname, mnt, strerror(errno));\n \t\treturn -1;\n \t}\n \n-\t/* Define permitted filesystems for the mount target. This was\n-\t * originally the same list as used by the ecryptfs mount helper\n-\t * (https://bazaar.launchpad.net/~ecryptfs/ecryptfs/trunk/view/head:/src/utils/mount.ecryptfs_private.c#L225)\n-\t * but got expanded as we found more filesystems that needed to be\n-\t * overlaid. */\n-\ttypeof(fs_buf.f_type) f_type_whitelist[] = {\n-\t\t0x61756673 /* AUFS_SUPER_MAGIC */,\n-\t\t0x00000187 /* AUTOFS_SUPER_MAGIC */,\n-\t\t0xCA451A4E /* BCACHEFS_STATFS_MAGIC */,\n-\t\t0x9123683E /* BTRFS_SUPER_MAGIC */,\n-\t\t0x00C36400 /* CEPH_SUPER_MAGIC */,\n-\t\t0xFF534D42 /* CIFS_MAGIC_NUMBER */,\n-\t\t0x0000F15F /* ECRYPTFS_SUPER_MAGIC */,\n-\t\t0X2011BAB0 /* EXFAT_SUPER_MAGIC */,\n-\t\t0x0000EF53 /* EXT[234]_SUPER_MAGIC */,\n-\t\t0xF2F52010 /* F2FS_SUPER_MAGIC */,\n-\t\t0x65735546 /* FUSE_SUPER_MAGIC */,\n-\t\t0x01161970 /* GFS2_MAGIC */,\n-\t\t0x47504653 /* GPFS_SUPER_MAGIC */,\n-\t\t0x0000482b /* HFSPLUS_SUPER_MAGIC */,\n-\t\t0x000072B6 /* JFFS2_SUPER_MAGIC */,\n-\t\t0x3153464A /* JFS_SUPER_MAGIC */,\n-\t\t0x0BD00BD0 /* LL_SUPER_MAGIC */,\n-\t\t0X00004D44 /* MSDOS_SUPER_MAGIC */,\n-\t\t0x0000564C /* NCP_SUPER_MAGIC */,\n-\t\t0x00006969 /* NFS_SUPER_MAGIC */,\n-\t\t0x00003434 /* NILFS_SUPER_MAGIC */,\n-\t\t0x5346544E /* NTFS_SB_MAGIC */,\n-\t\t0x7366746E /* NTFS3_SUPER_MAGIC */,\n-\t\t0x5346414f /* OPENAFS_SUPER_MAGIC */,\n-\t\t0x794C7630 /* OVERLAYFS_SUPER_MAGIC */,\n-\t\t0xAAD7AAEA /* PANFS_SUPER_MAGIC */,\n-\t\t0x52654973 /* REISERFS_SUPER_MAGIC */,\n-\t\t0xFE534D42 /* SMB2_SUPER_MAGIC */,\n-\t\t0x73717368 /* SQUASHFS_MAGIC */,\n-\t\t0x01021994 /* TMPFS_MAGIC */,\n-\t\t0x24051905 /* UBIFS_SUPER_MAGIC */,\n-\t\t0x18031977 /* WEKAFS_SUPER_MAGIC */,\n-#if __SIZEOF_LONG__ > 4\n-\t\t0x736675005346544e /* UFSD */,\n-#endif\n-\t\t0x58465342 /* XFS_SB_MAGIC */,\n-\t\t0x2FC12FC1 /* ZFS_SUPER_MAGIC */,\n-\t\t0x858458f6 /* RAMFS_MAGIC */,\n-\t};\n-\tfor (i = 0; i < sizeof(f_type_whitelist)/sizeof(f_type_whitelist[0]); i++) {\n-\t\tif (f_type_whitelist[i] == fs_buf.f_type)\n-\t\t\treturn 0;\n-\t}\n-\n-\tfprintf(stderr, \"%s: mounting over filesystem type %#010lx is forbidden\\n\",\n-\t\tprogname, (unsigned long)fs_buf.f_type);\n-\treturn -1;\n+\treturn check_nonroot_fstype(progname, &fs_buf);\n }\n \n static int open_fuse_device(const char *dev)\n@@ -1273,15 +936,10 @@ static int mount_fuse(const char *mnt, const char *opts, const char **type)\n \t\treturn -1;\n \n \tdrop_privs();\n-\tread_conf();\n+\tread_conf(progname);\n \n-\tif (getuid() != 0 && mount_max != -1) {\n-\t\tint mount_count = count_fuse_fs();\n-\t\tif (mount_count >= mount_max) {\n-\t\t\tfprintf(stderr, \"%s: too many FUSE filesystems mounted; mount_max=N can be set in %s\\n\", progname, FUSE_CONF);\n-\t\t\tgoto fail_close_fd;\n-\t\t}\n-\t}\n+\tif (getuid() != 0 && check_nonroot_mount_count(progname) != 0)\n+\t\tgoto fail_close_fd;\n \n \t// Extract any options starting with \"x-\"\n \tres= extract_x_options(opts, &do_mount_opts, &x_opts);\ndiff --git a/util/meson.build b/util/meson.build\nindex 04ea5ac201340d..aa646ef3c77d16 100644\n--- a/util/meson.build\n+++ b/util/meson.build\n@@ -1,18 +1,18 @@\n fuseconf_path = join_paths(get_option('prefix'), get_option('sysconfdir'), 'fuse.conf')\n \n-executable('fusermount3', ['fusermount.c', '../lib/mount_util.c', '../lib/util.c'],\n+executable('fusermount3', ['fusermount.c', '../lib/mount_util.c', '../lib/util.c', 'fuser_conf.c'],\n include_directories: include_dirs,\n install: true,\n install_dir: get_option('bindir'),\n c_args: '-DFUSE_CONF=\"@0@\"'.format(fuseconf_path))\n \n if private_cfg.get('HAVE_SERVICEMOUNT', false)\n- executable('fuservicemount3', ['mount_service.c', 'fuservicemount.c', '../lib/mount_util.c'],\n+ executable('fuservicemount3', ['mount_service.c', 'fuservicemount.c', '../lib/mount_util.c', 'fuser_conf.c'],\n include_directories: include_dirs,\n link_with: [ libfuse ],\n install: true,\n install_dir: get_option('sbindir'),\n- c_args: '-DFUSE_USE_VERSION=319')\n+ c_args: ['-DFUSE_USE_VERSION=319', '-DFUSE_CONF=\"@0@\"'.format(fuseconf_path)])\n endif\n \n executable('mount.fuse3', ['mount.fuse.c'],\n", "prefixes": [ "06/13" ] }