Patch Detail
get:
Show a patch.
patch:
Update a patch.
put:
Update a patch.
GET /api/1.1/patches/2231582/?format=api
{ "id": 2231582, "url": "http://patchwork.ozlabs.org/api/1.1/patches/2231582/?format=api", "web_url": "http://patchwork.ozlabs.org/project/linux-ext4/patch/177758364789.1315233.15610945404741826500.stg-ugh@frogsfrogsfrogs/", "project": { "id": 8, "url": "http://patchwork.ozlabs.org/api/1.1/projects/8/?format=api", "name": "Linux ext4 filesystem development", "link_name": "linux-ext4", "list_id": "linux-ext4.vger.kernel.org", "list_email": "linux-ext4@vger.kernel.org", "web_url": null, "scm_url": null, "webscm_url": null }, "msgid": "<177758364789.1315233.15610945404741826500.stg-ugh@frogsfrogsfrogs>", "date": "2026-04-30T21:18:40", "name": "[GIT,PULL,v5.1] libfuse: run fuse servers as a contained service", "commit_ref": null, "pull_url": "https://git.kernel.org/pub/scm/linux/kernel/git/djwong/libfuse.git tags/fuse-service-container_2026-04-30", "state": "new", "archived": false, "hash": null, "submitter": { "id": 77032, "url": "http://patchwork.ozlabs.org/api/1.1/people/77032/?format=api", "name": "Darrick J. Wong", "email": "djwong@kernel.org" }, "delegate": null, "mbox": "http://patchwork.ozlabs.org/project/linux-ext4/patch/177758364789.1315233.15610945404741826500.stg-ugh@frogsfrogsfrogs/mbox/", "series": [ { "id": 502387, "url": "http://patchwork.ozlabs.org/api/1.1/series/502387/?format=api", "web_url": "http://patchwork.ozlabs.org/project/linux-ext4/list/?series=502387", "date": "2026-04-30T21:18:40", "name": "[GIT,PULL,v5.1] libfuse: run fuse servers as a contained service", "version": 1, "mbox": "http://patchwork.ozlabs.org/series/502387/mbox/" } ], "comments": "http://patchwork.ozlabs.org/api/patches/2231582/comments/", "check": "pending", "checks": "http://patchwork.ozlabs.org/api/patches/2231582/checks/", "tags": {}, "headers": { "Return-Path": "\n <SRS0=T9c9=C5=vger.kernel.org=linux-ext4+bounces-16266-patchwork-incoming=ozlabs.org@ozlabs.org>", "X-Original-To": [ "incoming@patchwork.ozlabs.org", "linux-ext4@vger.kernel.org" ], "Delivered-To": [ "patchwork-incoming@legolas.ozlabs.org", "patchwork-incoming@ozlabs.org" ], "Authentication-Results": [ "legolas.ozlabs.org;\n\tdkim=pass (2048-bit key;\n unprotected) header.d=kernel.org header.i=@kernel.org header.a=rsa-sha256\n header.s=k20201202 header.b=TMpZl3ue;\n\tdkim-atps=neutral", "legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=ozlabs.org\n (client-ip=150.107.74.76; helo=mail.ozlabs.org;\n envelope-from=srs0=t9c9=c5=vger.kernel.org=linux-ext4+bounces-16266-patchwork-incoming=ozlabs.org@ozlabs.org;\n receiver=patchwork.ozlabs.org)", "gandalf.ozlabs.org;\n arc=pass smtp.remote-ip=172.105.105.114 arc.chain=subspace.kernel.org", "gandalf.ozlabs.org;\n dmarc=pass (p=quarantine dis=none) header.from=kernel.org", "gandalf.ozlabs.org;\n\tdkim=pass (2048-bit key;\n unprotected) header.d=kernel.org header.i=@kernel.org header.a=rsa-sha256\n header.s=k20201202 header.b=TMpZl3ue;\n\tdkim-atps=neutral", "gandalf.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=vger.kernel.org\n (client-ip=172.105.105.114; helo=tor.lore.kernel.org;\n envelope-from=linux-ext4+bounces-16266-patchwork-incoming=ozlabs.org@vger.kernel.org;\n receiver=ozlabs.org)", "smtp.subspace.kernel.org;\n\tdkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org\n header.b=\"TMpZl3ue\"", "smtp.subspace.kernel.org;\n arc=none smtp.client-ip=10.30.226.201" ], "Received": [ "from mail.ozlabs.org (gandalf.ozlabs.org [150.107.74.76])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4g66Xg6pzXz1yGq\n\tfor <incoming@patchwork.ozlabs.org>; Fri, 01 May 2026 07:20:51 +1000 (AEST)", "from mail.ozlabs.org (mail.ozlabs.org [IPv6:2404:9400:2221:ea00::3])\n\tby gandalf.ozlabs.org (Postfix) with ESMTP id 4g66Xg6K0kz4wLX\n\tfor <incoming@patchwork.ozlabs.org>; Fri, 01 May 2026 07:20:51 +1000 (AEST)", "by gandalf.ozlabs.org (Postfix)\n\tid 4g66Xg68p3z4wTZ; Fri, 01 May 2026 07:20:51 +1000 (AEST)", "from tor.lore.kernel.org (tor.lore.kernel.org [172.105.105.114])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519)\n\t(No client certificate requested)\n\tby gandalf.ozlabs.org (Postfix) with ESMTPS id 4g66Xb4QTQz4wLX\n\tfor <patchwork-incoming@ozlabs.org>; Fri, 01 May 2026 07:20:47 +1000 (AEST)", "from smtp.subspace.kernel.org (conduit.subspace.kernel.org\n [100.90.174.1])\n\tby tor.lore.kernel.org (Postfix) with ESMTP id 047D5305B75E\n\tfor <patchwork-incoming@ozlabs.org>; Thu, 30 Apr 2026 21:18:45 +0000 (UTC)", "from localhost.localdomain (localhost.localdomain [127.0.0.1])\n\tby smtp.subspace.kernel.org (Postfix) with ESMTP id 709F7376BD6;\n\tThu, 30 Apr 2026 21:18:41 +0000 (UTC)", "from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org\n [10.30.226.201])\n\t(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))\n\t(No client certificate requested)\n\tby smtp.subspace.kernel.org (Postfix) with ESMTPS id 3083B3B27CA;\n\tThu, 30 Apr 2026 21:18:41 +0000 (UTC)", "by smtp.kernel.org (Postfix) with ESMTPSA id 086EEC2BCB3;\n\tThu, 30 Apr 2026 21:18:41 +0000 (UTC)" ], "ARC-Seal": [ "i=2; a=rsa-sha256; d=ozlabs.org; s=201707; t=1777584051; cv=pass;\n\tb=dR15ECRpmQ8O5c/ONlY0+n5gz42TyMkmSfVlzZoatBo66S+e8rfZvEar4dWajSfL9aYFBBuM1LjG0CcFr4JfudzMBcE9N+1faR0cgo4mYTzMwBXc9+wqhrShGtLIoJICgfqMYh8Y1kEZwV2ZEwaOHT6untPElp6GaSk6XRDwXqjhFB0r+2VtA1a9W3iHAoM2pglv6yQGt7ckwa8WrEdvYJ1yEEEJNmw8AF0/kOvjQnMBMprw1Jd9Ybo/KkGtI3/Ddea+EDZGp8JwfW5xJP+I5lV4uIa3ZGE5vcZxTACxNR++jYhjSbVgBHd3RqbPoVjFFJILNmWEIBAv9vMvjt1oIQ==", "i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;\n\tt=1777583921; cv=none;\n b=qtcjmmTi2usCJCt5+qukCriiBx32Eeyn5eQP5MZBbytD5dFRoqt16QoWubyGptR4attJHVvCAa5R4c0hspNNH3zPhGoKCLEdLqgo2LwbOM21YUBDb9YTPBB2pDXRb0D/qW2x61zinmjo5JRTP2UKAIuftlx1zQIgKGnMLYkRjhc=" ], "ARC-Message-Signature": [ "i=2; a=rsa-sha256; d=ozlabs.org; s=201707;\n\tt=1777584051; c=relaxed/relaxed;\n\tbh=0wqIdiNvqNjvUBG8q+yhCH9BsPx9VNJQh+V7QV5h5Cc=;\n\th=Date:Subject:From:To:Cc:Message-ID:MIME-Version:Content-Type;\n b=ViJVVfOQOwDAOZ6nYNiWOQGK9CpvXXt0Q456Ttp7ULD+eXKJN21kaE1FiZk4kpOTsufqV2NIB8rfCbYKqBlduc7oWFQiPW8GUAr0gEqVDxYkHBAGItx9edKZyqfL1NI56XLY+DodwFpENkZVZQBhU2PdldpFjRFRAjkNlID0IJWkLlrCVek8h/SYVRSvIp79O5sMva0MuFYIB8BfpNeOvXMxPLLRifJGyvJQJ5wltRL+UBVG5c3flkANsn+TQGhhqUcTQd/O1rMV6IrXp+Nq596CWs9GHvFSImA3H4401wsWRtl1+OfF/G6M9Hm13ztgwu2K4KgHFC8neLwP4djNpw==", "i=1; a=rsa-sha256; d=subspace.kernel.org;\n\ts=arc-20240116; t=1777583921; c=relaxed/simple;\n\tbh=9x0PmfHpM25qfPfBWDhcq29v0C9cAAtaU+0HmpSl7Mo=;\n\th=Date:Subject:From:To:Cc:Message-ID:MIME-Version:Content-Type;\n b=irJOlBDJMDi6B4zxXE2cYnFAdhznArzDZ0E8Tdlf8AlyFkXWLyegYtGtcDwXtqiqdt7IrJIYYYftH5JQxfTn6KKziev0qRP2G2Z/psKwm9GwojaTjvLYUAnWsOMCLyA86TVQGQf0CsUaLo4x+HmaheMXhdxz6kQty1K7eHiDAew=" ], "ARC-Authentication-Results": [ "i=2; gandalf.ozlabs.org;\n dmarc=pass (p=quarantine dis=none) header.from=kernel.org;\n dkim=pass (2048-bit key;\n unprotected) header.d=kernel.org header.i=@kernel.org header.a=rsa-sha256\n header.s=k20201202 header.b=TMpZl3ue; dkim-atps=neutral;\n spf=pass (client-ip=172.105.105.114; helo=tor.lore.kernel.org;\n envelope-from=linux-ext4+bounces-16266-patchwork-incoming=ozlabs.org@vger.kernel.org;\n receiver=ozlabs.org) smtp.mailfrom=vger.kernel.org", "i=1; smtp.subspace.kernel.org;\n dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org\n header.b=TMpZl3ue; arc=none smtp.client-ip=10.30.226.201" ], "DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;\n\ts=k20201202; t=1777583921;\n\tbh=9x0PmfHpM25qfPfBWDhcq29v0C9cAAtaU+0HmpSl7Mo=;\n\th=Date:Subject:From:To:Cc:From;\n\tb=TMpZl3ueJ7F2+/cw5dKEKeCVEeqMUOuWcs68zcS8OKMAkkT/eNmdFDklr6bLX8beO\n\t Fu6UTBSrFEMWTBmmr8HyuVJfr9zMQoyjVqPfXd8XiviHIa8IMLJnUDKf4hkA12RScH\n\t QaJ9hGKi/s0b3l35njAo7b1AWcyQH7nkiY90vd+gR6KCtjIDsjEbNExCSxGK3mlyD8\n\t 3CpnkNplQac6aBl7sXf4ZKZtFXVBo19k7Nnprf5fQh8KVpWzcf2boxIQZ8Uuo+QSNX\n\t rEbxNRVaBX1bk+zaiPsFPkBvptaa3O8TJvERO9hCD8HpUKglFZK3R/Mf+i7meKFWXb\n\t 19roo8FwsM4YA==", "Date": "Thu, 30 Apr 2026 14:18:40 -0700", "Subject": "[GIT PULL v5.1] libfuse: run fuse servers as a contained service", "From": "\"Darrick J. Wong\" <djwong@kernel.org>", "To": "bernd@bsbernd.com, djwong@kernel.org", "Cc": "fuse-devel@lists.linux.dev, joannelkoong@gmail.com,\n linux-ext4@vger.kernel.org, linux-fsdevel@vger.kernel.org, miklos@szeredi.hu,\n neal@gompa.dev", "Message-ID": "\n <177758364789.1315233.15610945404741826500.stg-ugh@frogsfrogsfrogs>", "Precedence": "bulk", "X-Mailing-List": "linux-ext4@vger.kernel.org", "List-Id": "<linux-ext4.vger.kernel.org>", "List-Subscribe": "<mailto:linux-ext4+subscribe@vger.kernel.org>", "List-Unsubscribe": "<mailto:linux-ext4+unsubscribe@vger.kernel.org>", "MIME-Version": "1.0", "Content-Type": "text/plain; charset=\"utf-8\"", "Content-Transfer-Encoding": "7bit", "X-Spam-Status": "No, score=1.3 required=5.0 tests=ARC_SIGNED,ARC_VALID,\n\tDKIMWL_WL_HIGH,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DMARC_PASS,\n\tMAILING_LIST_MULTI,SORTED_RECIPS,SPF_HELO_NONE,SPF_PASS\n\tautolearn=disabled version=4.0.1", "X-Spam-Level": "*", "X-Spam-Checker-Version": "SpamAssassin 4.0.1 (2024-03-25) on gandalf.ozlabs.org" }, "content": "Hi Bernd,\n\nPlease pull this branch with changes for libfuse.\n\nAs usual, I did a test-merge with the main upstream branch as of a few\nminutes ago, and didn't see any conflicts. Please let me know if you\nencounter any problems.\n\n--D\n\nThe following changes since commit f8abf5d1baa9fb689255f7091937081025749158:\n\nFix a sign bug in prepare_fuse_fd() (2026-04-29 17:50:45 +0200)\n\nare available in the Git repository at:\n\nhttps://git.kernel.org/pub/scm/linux/kernel/git/djwong/libfuse.git tags/fuse-service-container_2026-04-30\n\nfor you to fetch changes up to 055d94404c8aedf3cb434503f4efa7686c35545b:\n\nnullfs: support fuse systemd service mode (2026-04-30 14:13:32 -0700)\n\n----------------------------------------------------------------\nlibfuse: run fuse servers as a contained service [v5.1 1/9]\n\nThis patchset defines the necessary communication protocols and library\ncode so that users can mount fuse servers that run in unprivileged\nsystemd service containers. That in turn allows unprivileged untrusted\nmounts, because the worst that can happen is that a malicious image\ncrashes the fuse server and the mount dies, instead of corrupting the\nkernel's memory.\n\nv5.1: fix some of the SCM_RIGHTS handling code, fix header inclusion\nerrors, improve documentation of example code, improve statx\nflags handling, improve phony timestamp handling\nv5: Refactor socket IO into helpers, tighten the security checks in\nmount_service.c, always set nosuid/nodev for unprivileged mounts,\nuse posix_spawnp in mount.fuse, restructure sample programs and hl\nlibrary code to avoid the need for unmounting during startup\nv4.1: fix various cppcheck/codecheck complaints\nv4: fix a large number of security problems that only matter when the\nmount helper is being run as a setuid program; fix protocol\nbyteswapping problems; add CLOEXEC to all files being traded\nback and forth; add an umount command; and strengthen mount socket\nprotocol checks.\nv3: refactor the sample code to reduce duplication; fix all the\ncheckpatch complaints; examples actually build standalone;\nfuservicemount handles utab now; cleaned up meson feature detection;\nhandle MS_ flags that don't translate to MOUNT_ATTR_*\nv2: cleaned up error code handling and logging; add some example fuse\nservice; fuservicemount3 can now be a setuid program to allow\nunprivileged userspace to fire up a contained filesystem driver.\nThis could be opening Pandora's box...\nv1: detach from fuse-iomap series\n\nWith a bit of luck, this should all go splendidly.\n\nSigned-off-by: \"Darrick J. Wong\" <djwong@kernel.org>\n\n----------------------------------------------------------------\nBernd Schubert (1):\nRefactor mount code / move common functions to mount_util.c\n\nDarrick J. Wong (12):\nmount_service: add systemd socket service mounting helper\nmount_service: create high level fuse helpers\nmount_service: use the new mount api for the mount service\nmount_service: update mtab after a successful mount\nutil: hoist the fuse.conf parsing and setuid mode enforcement code\nutil: fix checkpatch complaints in fuser_conf.[ch]\nmount_service: enable unprivileged users in a similar manner as fusermount\nmount.fuse3: integrate systemd service startup\nmount_service: allow installation as a setuid program\nexample/service_ll: create a sample systemd service fuse server\nexample/service: create a sample systemd service for a high-level fuse server\nnullfs: support fuse systemd service mode\n\nexample/single_file.h | 195 ++\ninclude/fuse.h | 34 +\ninclude/fuse_service.h | 243 +++\ninclude/fuse_service_priv.h | 161 ++\nlib/fuse_i.h | 3 +\nlib/mount_common_i.h | 22 +\nlib/mount_util.h | 8 +\nlib/util.h | 35 +\nutil/fuser_conf.h | 62 +\nutil/mount_service.h | 49 +\n.github/workflows/install-ubuntu-dependencies.sh | 4 +\nREADME.md | 3 +\ndoc/fuservicemount3.8 | 32 +\ndoc/meson.build | 3 +\nexample/meson.build | 26 +\nexample/null.c | 51 +-\nexample/null.socket.in | 15 +\nexample/null@.service | 102 ++\nexample/service_hl.c | 240 +++\nexample/service_hl.socket.in | 15 +\nexample/service_hl@.service | 102 ++\nexample/service_ll.c | 329 ++++\nexample/service_ll.socket.in | 15 +\nexample/service_ll@.service | 102 ++\nexample/single_file.c | 992 ++++++++++\ninclude/meson.build | 4 +\nlib/fuse_service.c | 1248 +++++++++++++\nlib/fuse_service_stub.c | 106 ++\nlib/fuse_versionscript | 18 +\nlib/helper.c | 160 +-\nlib/meson.build | 17 +-\nlib/mount.c | 72 +-\nlib/mount_util.c | 9 +\nmeson.build | 53 +-\nmeson_options.txt | 9 +\ntest/ci-build.sh | 14 +\nutil/fuser_conf.c | 398 ++++\nutil/fusermount.c | 363 +---\nutil/fuservicemount.c | 65 +\nutil/install_helper.sh | 6 +\nutil/meson.build | 24 +-\nutil/mount.fuse.c | 171 +-\nutil/mount_service.c | 2111 ++++++++++++++++++++++\n43 files changed, 7287 insertions(+), 404 deletions(-)\ncreate mode 100644 example/single_file.h\ncreate mode 100644 include/fuse_service.h\ncreate mode 100644 include/fuse_service_priv.h\ncreate mode 100644 lib/mount_common_i.h\ncreate mode 100644 util/fuser_conf.h\ncreate mode 100644 util/mount_service.h\ncreate mode 100644 doc/fuservicemount3.8\ncreate mode 100644 example/null.socket.in\ncreate mode 100644 example/null@.service\ncreate mode 100644 example/service_hl.c\ncreate mode 100644 example/service_hl.socket.in\ncreate mode 100644 example/service_hl@.service\ncreate mode 100644 example/service_ll.c\ncreate mode 100644 example/service_ll.socket.in\ncreate mode 100644 example/service_ll@.service\ncreate mode 100644 example/single_file.c\ncreate mode 100644 lib/fuse_service.c\ncreate mode 100644 lib/fuse_service_stub.c\ncreate mode 100644 util/fuser_conf.c\ncreate mode 100644 util/fuservicemount.c\ncreate mode 100644 util/mount_service.c\n\nHere's the range diff from v5 to v5.1.\n\n 1: 5a6a95b117389d ! 1: af50a468568e3d fs: turn on more warnings for the filesystem code we modify most\n @@ meson.build: base_version = version_parts[0]\n +# W=e\n +if host_machine.cpu_family() == 'x86_64'\n + WARNINGS += [ '-Werror' ]\n +endif\n +\n +# W=1\n -+WARNINGS += [ '-Wextra', '-Wunused', '-Wno-unused-parameter' ]\n ++WARNINGS += [ '-Wextra', '-Wunused', '-Wunused-parameter' ]\n +WARNINGS += [ '-Wmissing-declarations' ]\n +WARNINGS += [ '-Wrestrict' ]\n +WARNINGS += [ '-Wmissing-format-attribute' ]\n +WARNINGS += [ '-Wmissing-prototypes' ]\n +WARNINGS += [ '-Wold-style-definition' ]\n +WARNINGS += [ '-Wmissing-include-dirs' ]\n @@ meson.build: base_version = version_parts[0]\n +#WARNINGS += [ '-Wsign-compare' ]\t# percpu\n +#WARNINGS += [ '-Wswitch-default' ]\t# everywhere\n +#WARNINGS += $(call cc-option, -Wpacked-bitfield-compat) # not a gcc thing\n +\n +# Stuff we need to fix in xfsprogs\n +WARNINGS += [ '-Wno-suggest-attribute=format' ]\t# dont care about printf crap\n -+WARNINGS += [ '-Wno-shadow' ]\t# many programs have global variables\n -+WARNINGS += [ '-Wno-missing-field-initializers' ]\t# why is this even a problem?\n ++WARNINGS += [ '-Wshadow' ]\t# many programs have global variables\n ++WARNINGS += [ '-Wmissing-field-initializers' ]\t# why is this even a problem?\n +WARNINGS += [ '-Wno-sign-compare' ]\t# zomg so much macro\n -+WARNINGS += [ '-Wno-dangling-pointer' ]\t# gcc 12.2 bug\n ++WARNINGS += [ '-Wdangling-pointer' ]\t# gcc 12.2 bug\n +\n +WARNINGS += [ '-Wno-error=type-limits' ]\t# rtgroups patchset\n +WARNINGS += [ '-Wno-error=array-bounds' ]\t# rtgroups patchset\n +\n +# OpenSSF recommendations March 2025\n +# https://best.openssf.org/Compiler-Hardening-Guides/Compiler-Options-Hardening-Guide-for-C-and-C++.html\n +#WARNINGS += [ '-O2' ]\t# already set elsewhere\n +#WARNINGS += [ '-Wall' ]\n +WARNINGS += [ '-Wformat' ]\n +WARNINGS += [ '-Wformat=2' ]\n -+WARNINGS += [ '-Wno-format-nonliteral' ]\t# xfs_db and friends fail this everywhere\n ++WARNINGS += [ '-Wno-error=format-nonliteral' ]\t# xfs_db and friends fail this everywhere\n +#WARNINGS += [ '-Wconversion' ]\n +WARNINGS += [ '-Wimplicit-fallthrough' ]\n +WARNINGS += [ '-Werror=format-security' ]\n +WARNINGS += [ '-U_FORTIFY_SOURCE' ]\n +WARNINGS += [ '-D_FORTIFY_SOURCE=2' ]\t# debian defaults to 2\n +WARNINGS += [ '-D_GLIBCXX_ASSERTIONS' ]\n 2: eda4cf0a9c9400 = 2: 4871909466456d Refactor mount code / move common functions to mount_util.c\n 3: 6f098240905230 ! 3: ff81706aa6d6fd mount_service: add systemd socket service mounting helper\n @@ lib/fuse_service.c (new)\n +\t\t.iov_base = buf,\n +\t\t.iov_len = bufsize,\n +\t};\n +\tunion {\n +\t\tstruct cmsghdr cmsghdr;\n +\t\tchar control[CMSG_SPACE(sizeof(int))];\n -+\t} cmsgu;\n ++\t} cmsgu = { };\n +\tstruct msghdr msg = {\n +\t\t.msg_iov = &iov,\n +\t\t.msg_iovlen = 1,\n +\t\t.msg_control = cmsgu.control,\n -+\t\t.msg_controllen = sizeof(cmsgu.control),\n ++\n ++\t\t/*\n ++\t\t * Do not include padding at the end of the control buffer,\n ++\t\t * because we don't want to receive fds that we weren't\n ++\t\t * expecting.\n ++\t\t */\n ++\t\t.msg_controllen = CMSG_LEN(sizeof(int)),\n +\t};\n +\tstruct cmsghdr *cmsg;\n +\tssize_t size;\n +\n -+\tmemset(&cmsgu, 0, sizeof(cmsgu));\n ++\t/*\n ++\t * A kernel LSM could decide to deny the fd transfer by writing a\n ++\t * negative number (== invalid fd) into the cmsg buffer instead of\n ++\t * installing the fd. Set the initial fd value to -1 to signal an\n ++\t * invalid fd in case the kernel doesn't even set the cmsg buffer.\n ++\t * It shouldn't do that, but we absolutely don't want a zero here.\n ++\t */\n ++\tmemset(cmsgu.control, -1, sizeof(cmsgu.control));\n +\n +\tsize = recvmsg(sf->sockfd, &msg, MSG_TRUNC | MSG_CMSG_CLOEXEC);\n +\tif (size < 0) {\n +\t\tint error = errno;\n +\n +\t\tfuse_log(FUSE_LOG_ERR, \"fuse: service file reply: %s\\n\",\n @@ lib/fuse_service.c (new)\n +\t size < offsetof(struct fuse_service_requested_file, path)) {\n +\t\tfuse_log(FUSE_LOG_ERR, \"fuse: wrong service file reply size %zd, expected %zd\\n\",\n +\t\t\t size, bufsize);\n +\t\treturn -EBADMSG;\n +\t}\n +\n ++\tif (msg.msg_flags & MSG_CTRUNC) {\n ++\t\t/* SMACK does this */\n ++\t\tfuse_log(FUSE_LOG_ERR,\n ++\"fuse: service file reply control data truncated; did an LSM deny SCM_RIGHTS?\\n\");\n ++\t\treturn -EBADMSG;\n ++\t}\n ++\n +\tcmsg = CMSG_FIRSTHDR(&msg);\n +\tif (!cmsg) {\n +\t\t/* no control message means mount.service sent us an error */\n +\t\treturn 0;\n +\t}\n +\tif (cmsg->cmsg_len != CMSG_LEN(sizeof(int))) {\n @@ lib/fuse_service.c (new)\n +\t}\n +\n +\tret = __recv_fd(sf, req, req_sz, &fd);\n +\tif (ret)\n +\t\tgoto out_req;\n +\n ++\tif (fd < 0) {\n ++\t\t/* The kernel might have given us an errno instead of an fd */\n ++\t\tfuse_log(FUSE_LOG_ERR, \"fuse: service fd transfer failed: %s\\n\",\n ++\t\t\t strerror(-fd));\n ++\t\tret = fd;\n ++\t\tgoto out_req;\n ++\t}\n ++\n +\tif (ntohl(req->p.magic) != FUSE_SERVICE_OPEN_REPLY) {\n +\t\tfuse_log(FUSE_LOG_ERR, \"fuse: service file reply contains wrong magic!\\n\");\n +\t\tret = -EBADMSG;\n +\t\tgoto out_close;\n +\t}\n +\tif (strcmp(req->path, path)) {\n 4: 82f5466695848e = 4: 2c4995923f9ae2 mount_service: create high level fuse helpers\n 5: e684fb005a841e = 5: e53ee192306670 mount_service: use the new mount api for the mount service\n 6: 13152dd09d7bb0 = 6: 3c58b3ca279cb6 mount_service: update mtab after a successful mount\n 7: ed78d2368a3c15 ! 7: 4fa9d76f54011e util: hoist the fuse.conf parsing and setuid mode enforcement code\n @@ util/fuser_conf.c (new)\n +#include <stdlib.h>\n +#include <errno.h>\n +#include <mntent.h>\n +#include <unistd.h>\n +#include <sys/fsuid.h>\n +\n ++#include \"fuse_mount_compat.h\"\n ++\n +#if defined HAVE_LISTMOUNT\n +#include <linux/mount.h>\n +#include <syscall.h>\n +#include <stdint.h>\n +#endif\n +\n 8: e2f84fca73efb3 = 8: 75ea3fbf340c75 util: fix checkpatch complaints in fuser_conf.[ch]\n 9: ee31248f7b7e31 = 9: 068b0b4b775fc6 mount_service: enable unprivileged users in a similar manner as fusermount\n10: 125e8990ce56db ! 10: 4b455b65ca7756 mount.fuse3: integrate systemd service startup\n @@ util/mount.fuse.c: static void drop_and_lock_capabilities(void)\n +\tif (ret) {\n +\t\tfprintf(stderr, \"%s: could not start %s helper: %s\\n\",\n +\t\t\targv[0], FUSERVICEMOUNT_PROG, strerror(ret));\n +\t\treturn MOUNT_SERVICE_FALLBACK_NEEDED;\n +\t}\n +\n -+\tret = waitpid(child_pid, &child_status, 0);\n ++\tdo {\n ++\t\tret = waitpid(child_pid, &child_status, 0);\n ++\t} while (ret < 0 && errno == EINTR);\n +\tif (ret < 0) {\n +\t\tfprintf(stderr, \"%s: could not wait for %s helper: %s\\n\",\n +\t\t\targv[0], FUSERVICEMOUNT_PROG, strerror(errno));\n +\t\treturn MOUNT_SERVICE_FALLBACK_NEEDED;\n +\t}\n +\n11: bbc7cbd7a3d185 = 11: 5b8ce2254d15e1 mount_service: allow installation as a setuid program\n12: 85aac9e1d35d23 ! 12: d095eda280909d example/service_ll: create a sample systemd service fuse server\n @@ example/single_file.h (new)\n +/*\n + * FUSE: Filesystem in Userspace\n + * Copyright (C) 2026 Oracle.\n + *\n + * This program can be distributed under the terms of the GNU GPLv2.\n + * See the file GPL2.txt.\n ++ *\n ++ * This file is shared library code for example fuse servers that want to\n ++ * expose a single regular file that wraps another file in a manner that goes\n ++ * beyond simple passthrough. It is not itself a fuse server.\n + */\n +#ifndef FUSE_SINGLE_FILE_H_\n +#define FUSE_SINGLE_FILE_H_\n +\n +static inline uint64_t round_up(uint64_t b, unsigned int align)\n +{\n @@ example/service_ll.c (new)\n + * This program can be distributed under the terms of the GNU GPLv2.\n + * See the file GPL2.txt.\n + */\n +\n +/** @file\n + *\n -+ * minimal example filesystem using low-level API and systemd service api\n ++ * Minimal example filesystem using low-level API and systemd service API.\n ++ *\n ++ * - Shows how to build a low level FUSE filesystem server that can be managed\n ++ * by systemd\n ++ * - Enables on-demand filesystem mounting via socket activation\n ++ * - Demonstrates requesting resources from the mount-caller's environment\n ++ * - Allows running FUSE servers with minimal privileges; isolated mount,\n ++ * network, and pid namespaces; and a separate uid/gid (unlike traditional\n ++ * FUSE which needs mount permissions and runs in the caller's environment)\n + *\n + * Compile with:\n + *\n + * gcc -Wall single_file.c service_ll.c `pkg-config fuse3 --cflags --libs` -o service_ll\n + *\n + * Note: If the pkg-config command fails due to the absence of the fuse3.pc\n @@ example/service_ll.c (new)\n + *\n + * ExecStart=/path/to/service_ll\n + *\n + * to point to the actual path of the service_ll binary.\n + *\n + * Finally, install the service_ll@.service and service_ll.socket files to the\n -+ * systemd service directory, usually /run/systemd/system.\n ++ * systemd service directory, usually /run/systemd/system. Run these commands\n ++ * to activate:\n ++ *\n ++ * systemctl daemon-reload\n ++ * systemctl start service_ll.socket\n ++ *\n ++ * Then mount with:\n ++ *\n ++ * mount -t fuse.service_ll /dev/sda /mnt\n + *\n + * ## Source code ##\n + * \\include service_ll.c\n + * \\include service_ll.socket\n + * \\include service_ll@.service\n + * \\include single_file.c\n @@ example/single_file.c (new)\n +/*\n + * FUSE: Filesystem in Userspace\n + * Copyright (C) 2026 Oracle.\n + *\n + * This program can be distributed under the terms of the GNU GPLv2.\n + * See the file GPL2.txt.\n ++ *\n ++ * This file is shared library code for example fuse servers that want to\n ++ * expose a single regular file that wraps another file in a manner that goes\n ++ * beyond simple passthrough. It is not itself a fuse server.\n + */\n +#define _GNU_SOURCE\n +#include <pthread.h>\n +#include <errno.h>\n +#include <stdlib.h>\n +#include <errno.h>\n @@ example/single_file.c (new)\n +void single_file_ll_statx(fuse_req_t req, fuse_ino_t ino, int flags, int mask,\n +\t\t\t struct fuse_file_info *fi)\n +{\n +\tstruct statx stx = { };\n +\tbool filled;\n +\n -+\t(void)flags;\n +\t(void)fi;\n +\n ++\tif ((flags & AT_STATX_FORCE_SYNC) && is_single_file_ino(ino) &&\n ++\t single_file.backing_fd >= 0) {\n ++\t\tint ret = fsync(single_file.backing_fd);\n ++\n ++\t\tif (ret) {\n ++\t\t\tfuse_reply_err(req, errno);\n ++\t\t\treturn;\n ++\t\t}\n ++\t}\n ++\n +\tpthread_mutex_lock(&single_file.lock);\n +\tfilled = sf_statx(ino, mask, &stx);\n +\tpthread_mutex_unlock(&single_file.lock);\n +\tif (!filled)\n +\t\tfuse_reply_err(req, ENOENT);\n +\telse\n @@ example/single_file.c (new)\n +\t\tif (to_set & FUSE_SET_ATTR_MTIME_NOW)\n +\t\t\tsingle_file.mtime = now;\n +\t\telse\n +\t\t\tsingle_file.mtime = attr->st_mtim;\n +\t}\n +\tif (to_set & FUSE_SET_ATTR_CTIME)\n -+\t\tsingle_file.ctime = attr->st_mtim;\n -+\telse\n +\t\tsingle_file.ctime = now;\n +\tpthread_mutex_unlock(&single_file.lock);\n +\n +\tsingle_file_ll_getattr(req, ino, fi);\n +\treturn;\n +deny:\n @@ example/single_file.c (new)\n +\t\t\t\treturn -errno;\n +\t\t}\n +\n +\t\tget_now(&now);\n +\n +\t\tpthread_mutex_lock(&single_file.lock);\n ++\t\tsingle_file.mtime = now;\n +\t\tsingle_file.ctime = now;\n +\t\tpthread_mutex_unlock(&single_file.lock);\n +\n +\t\treturn processed;\n +\t}\n +\n @@ example/single_file.c (new)\n +\t\tsingle_file_name_set = true;\n +\t}\n +\n +\tget_now(&startup_time);\n +\tsingle_file.atime = startup_time;\n +\tsingle_file.mtime = startup_time;\n ++\tsingle_file.ctime = startup_time;\n +\n +\tif (!single_file.ro)\n +\t\tsingle_file.mode |= 0220;\n +\n +\treturn 0;\n +}\n13: 9702e37fa0895f ! 13: 48f04af4d1cc37 example/service: create a sample systemd service for a high-level fuse server\n @@ example/service_hl.c (new)\n + * This program can be distributed under the terms of the GNU GPLv2.\n + * See the file GPL2.txt.\n + */\n +\n +/** @file\n + *\n -+ * minimal example filesystem using high-level API and systemd service api\n ++ * Minimal example filesystem using high-level API and systemd service API.\n ++ *\n ++ * - Shows how to build a high level FUSE filesystem server that can be managed\n ++ * by systemd\n ++ * - Enables on-demand filesystem mounting via socket activation\n ++ * - Demonstrates requesting resources from the mount-caller's environment\n ++ * - Allows running FUSE servers with minimal privileges; isolated mount,\n ++ * network, and pid namespaces; and a separate uid/gid (unlike traditional\n ++ * FUSE which needs mount permissions and runs in the caller's environment)\n + *\n + * Compile with:\n + *\n + * gcc -Wall single_file.c service_hl.c `pkg-config fuse3 --cflags --libs` -o service_hl\n + *\n + * Note: If the pkg-config command fails due to the absence of the fuse3.pc\n @@ example/service_hl.c (new)\n + *\n + * ExecStart=/path/to/service_hl\n + *\n + * to point to the actual path of the service_hl binary.\n + *\n + * Finally, install the service_hl@.service and service_hl.socket files to the\n -+ * systemd service directory, usually /run/systemd/system.\n ++ * systemd service directory, usually /run/systemd/system. Run these commands\n ++ * to activate:\n ++ *\n ++ * systemctl daemon-reload\n ++ * systemctl start service_hl.socket\n ++ *\n ++ * Then mount with:\n ++ *\n ++ * mount -t fuse.service_hl /dev/sda /mnt\n + *\n + * ## Source code ##\n + * \\include service_hl.c\n + * \\include service_hl.socket\n + * \\include service_hl@.service\n + * \\include single_file.c\n @@ example/single_file.c: void single_file_ll_statx(fuse_req_t req, fuse_ino_t ino,\n +\tfuse_ino_t ino = single_open_file_path_to_ino(fi, path);\n +\tbool filled;\n +\n +\tif (!ino)\n +\t\treturn -ENOENT;\n +\n ++\tif ((statx_flags & AT_STATX_FORCE_SYNC) && is_single_file_ino(ino) &&\n ++\t single_file.backing_fd >= 0) {\n ++\t\tint ret = fsync(single_file.backing_fd);\n ++\n ++\t\tif (ret)\n ++\t\t\treturn -errno;\n ++\t}\n ++\n +\tpthread_mutex_lock(&single_file.lock);\n +\tfilled = sf_statx(ino, statx_mask, stx);\n +\tpthread_mutex_unlock(&single_file.lock);\n +\n +\treturn filled ? 0 : -ENOENT;\n +}\n @@ example/single_file.c: void single_file_ll_setattr(fuse_req_t req, fuse_ino_t in\n +\t\treturn -EPERM;\n +\tif (single_file.ro)\n +\t\treturn -EPERM;\n +\n +\tpthread_mutex_lock(&single_file.lock);\n +\tsingle_file.mode = (single_file.mode & S_IFMT) | (mode & ~S_IFMT);\n ++\tget_now(&single_file.ctime);\n +\tpthread_mutex_unlock(&single_file.lock);\n +\n +\treturn 0;\n +}\n +\n +static void set_time(const struct timespec *ctv, struct timespec *tv)\n14: cd1acb1dc7d492 = 14: f5597fbd63f7a6 nullfs: support fuse systemd service mode", "diff": null, "prefixes": [ "GIT", "PULL", "v5.1" ] }