Patch Detail
get:
Show a patch.
patch:
Update a patch.
put:
Update a patch.
GET /api/patches/2226970/?format=api
{ "id": 2226970, "url": "http://patchwork.ozlabs.org/api/patches/2226970/?format=api", "web_url": "http://patchwork.ozlabs.org/project/linux-ext4/patch/20260422232950.GG7739@frogsfrogsfrogs/", "project": { "id": 8, "url": "http://patchwork.ozlabs.org/api/projects/8/?format=api", "name": "Linux ext4 filesystem development", "link_name": "linux-ext4", "list_id": "linux-ext4.vger.kernel.org", "list_email": "linux-ext4@vger.kernel.org", "web_url": null, "scm_url": null, "webscm_url": null, "list_archive_url": "", "list_archive_url_format": "", "commit_url_format": "" }, "msgid": "<20260422232950.GG7739@frogsfrogsfrogs>", "list_archive_url": null, "date": "2026-04-22T23:29:50", "name": "[RFC,1/4] fusefatfs: enable fuse systemd service mode", "commit_ref": null, "pull_url": null, "state": "not-applicable", "archived": false, "hash": "52637c94a0a0c87d8ee5354d2fa22013bf242e4d", "submitter": { "id": 77032, "url": "http://patchwork.ozlabs.org/api/people/77032/?format=api", "name": "Darrick J. Wong", "email": "djwong@kernel.org" }, "delegate": null, "mbox": "http://patchwork.ozlabs.org/project/linux-ext4/patch/20260422232950.GG7739@frogsfrogsfrogs/mbox/", "series": [ { "id": 501128, "url": "http://patchwork.ozlabs.org/api/series/501128/?format=api", "web_url": "http://patchwork.ozlabs.org/project/linux-ext4/list/?series=501128", "date": "2026-04-22T23:29:50", "name": "[RFC,1/4] fusefatfs: enable fuse systemd service mode", "version": 1, "mbox": "http://patchwork.ozlabs.org/series/501128/mbox/" } ], "comments": "http://patchwork.ozlabs.org/api/patches/2226970/comments/", "check": "pending", "checks": "http://patchwork.ozlabs.org/api/patches/2226970/checks/", "tags": {}, "related": [], "headers": { "Return-Path": "\n <SRS0=vXtx=CV=vger.kernel.org=linux-ext4+bounces-16016-patchwork-incoming=ozlabs.org@ozlabs.org>", "X-Original-To": [ "incoming@patchwork.ozlabs.org", "linux-ext4@vger.kernel.org" ], "Delivered-To": [ "patchwork-incoming@legolas.ozlabs.org", "patchwork-incoming@ozlabs.org" ], "Authentication-Results": [ "legolas.ozlabs.org;\n\tdkim=pass (2048-bit key;\n unprotected) header.d=kernel.org header.i=@kernel.org header.a=rsa-sha256\n header.s=k20201202 header.b=RrDBx5QZ;\n\tdkim-atps=neutral", "legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=ozlabs.org\n (client-ip=2404:9400:2221:ea00::3; helo=mail.ozlabs.org;\n envelope-from=srs0=vxtx=cv=vger.kernel.org=linux-ext4+bounces-16016-patchwork-incoming=ozlabs.org@ozlabs.org;\n receiver=patchwork.ozlabs.org)", "gandalf.ozlabs.org;\n arc=pass smtp.remote-ip=\"2600:3c0a:e001:db::12fc:5321\"\n arc.chain=subspace.kernel.org", "gandalf.ozlabs.org;\n dmarc=pass (p=quarantine dis=none) header.from=kernel.org", "gandalf.ozlabs.org;\n\tdkim=pass (2048-bit key;\n unprotected) header.d=kernel.org header.i=@kernel.org header.a=rsa-sha256\n header.s=k20201202 header.b=RrDBx5QZ;\n\tdkim-atps=neutral", "gandalf.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=vger.kernel.org\n (client-ip=2600:3c0a:e001:db::12fc:5321; helo=sea.lore.kernel.org;\n envelope-from=linux-ext4+bounces-16016-patchwork-incoming=ozlabs.org@vger.kernel.org;\n receiver=ozlabs.org)", "smtp.subspace.kernel.org;\n\tdkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org\n header.b=\"RrDBx5QZ\"", "smtp.subspace.kernel.org;\n arc=none smtp.client-ip=10.30.226.201" ], "Received": [ "from mail.ozlabs.org (mail.ozlabs.org [IPv6:2404:9400:2221:ea00::3])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4g1Fnd4XJ8z1yD5\n\tfor <incoming@patchwork.ozlabs.org>; Thu, 23 Apr 2026 09:30:13 +1000 (AEST)", "from mail.ozlabs.org (mail.ozlabs.org [IPv6:2404:9400:2221:ea00::3])\n\tby gandalf.ozlabs.org (Postfix) with ESMTP id 4g1Fnd42Bqz4wKW\n\tfor <incoming@patchwork.ozlabs.org>; Thu, 23 Apr 2026 09:30:13 +1000 (AEST)", "by gandalf.ozlabs.org (Postfix)\n\tid 4g1Fnd3wzSz4wKP; Thu, 23 Apr 2026 09:30:13 +1000 (AEST)", "from sea.lore.kernel.org (sea.lore.kernel.org\n [IPv6:2600:3c0a:e001:db::12fc:5321])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519)\n\t(No client certificate requested)\n\tby gandalf.ozlabs.org (Postfix) with ESMTPS id 4g1FnY6mzFz4wCM\n\tfor <patchwork-incoming@ozlabs.org>; Thu, 23 Apr 2026 09:30:09 +1000 (AEST)", "from smtp.subspace.kernel.org (conduit.subspace.kernel.org\n [100.90.174.1])\n\tby sea.lore.kernel.org (Postfix) with ESMTP id C2D99302EEFB\n\tfor <patchwork-incoming@ozlabs.org>; Wed, 22 Apr 2026 23:29:52 +0000 (UTC)", "from localhost.localdomain (localhost.localdomain [127.0.0.1])\n\tby smtp.subspace.kernel.org (Postfix) with ESMTP id 5CD483A3E8F;\n\tWed, 22 Apr 2026 23:29:51 +0000 (UTC)", "from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org\n [10.30.226.201])\n\t(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))\n\t(No client certificate requested)\n\tby smtp.subspace.kernel.org (Postfix) with ESMTPS id 1E8123A3E69;\n\tWed, 22 Apr 2026 23:29:50 +0000 (UTC)", "by smtp.kernel.org (Postfix) with ESMTPSA id AACD5C19425;\n\tWed, 22 Apr 2026 23:29:50 +0000 (UTC)" ], "ARC-Seal": [ "i=2; a=rsa-sha256; d=ozlabs.org; s=201707; t=1776900613; cv=pass;\n\tb=BdrYxRnZ78jrljVochqB5zjQbq5uwRJ8HBZjDgK6K5rnExOu5iWhGAAh+9QDH55Y1KM9c4PxZaMElbzD6fwT+MPt/hmjhqe6VYt4pAB4AYT3JomFzl7YSrIjDC/eXVUysVTXzl6JcgN54Id1+33l2RLEFONNLPMTi4BOnBBdgXXl39XDhMLTp9MTPPxFh+KL2qswcn2pX63AlXZzBQFZOgs90oOTkYu/MYCZgBgz4F/AqI6P2r7rzbVUz1XuzKBiEa6fL5zr0C33EoA8+rL9spJq+LoRQDXrnfc2Sx12pPu4oVgN0m2IlhmVHCartInwmGSk6gwF1A/K4Is4FhI8HA==", "i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;\n\tt=1776900591; cv=none;\n b=QMPjTqsbXWlHfq5SRrcTjtx6jF7UCh3hcFPXk7oULMEiNcwcaow0h6S8xXtVtm/AS9EHp5V02Wg7odXq48rQom4rbVzJyD/hmGmkrXre0szRDtYl/SPDjNa82vLVDv5ypjmvxwZZQwJS+1u05gE9KAF1e82aKLczaz7Y7qD68kE=" ], "ARC-Message-Signature": [ "i=2; a=rsa-sha256; d=ozlabs.org; s=201707;\n\tt=1776900613; c=relaxed/relaxed;\n\tbh=6R7Ed/b9kBw5pp3IqTsgLYcnjEnW2xDdhM2yFQQkuTM=;\n\th=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version:\n\t Content-Type:Content-Disposition:In-Reply-To;\n b=SONLqcf/Zj0oEOwxyQv2AQjFuvIol8bP3KOIHA8PJ/zfpIYly6MAl1t1oorlsjAxrYjtTOKinYRyUQ1VW/xBiX1A8Qqh3akM+AYD/ZfZmsMqT4IgWD7btK7fV3utKbC7ovCLOcAFgjnRc/ec+CvyvKumYPbbKq2jHMedQ5+DEJlChLZ45cxwt+kg+lJrNiK01cNMgzwV9j4VP8LMPsfNupybcV2pUtURYNdDolPd0NhEkBo6dC0JOEPhBsuMrFXQJcwYSx6Deu+T53Oo52mLz68F9ohFByI/RCzdg6mw6Lq5hFya4cJjsPDsoV5J6PhdTv3Wf9JeTXeDjag+XC3UHQ==", "i=1; a=rsa-sha256; d=subspace.kernel.org;\n\ts=arc-20240116; t=1776900591; c=relaxed/simple;\n\tbh=NCztthpEtAsgBxxVb7EYoaSvE1eJCRW1L2HMmyijlc0=;\n\th=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version:\n\t Content-Type:Content-Disposition:In-Reply-To;\n b=GBoU+xybXjSJsxMg2Kb+QodvwfqZeAc4I0Op+a60Nb8IJDKQb90ttLoUoWn4IAG310s+BVTTASutuEKNw6wRU0WsPR7v373gtgWKoM1+eyb16WiKqLzHrwQpGCoLAAY4UHz7F7sVgMj3pdmH6SLYJkpURjD65DVFk8+rC+gUJv4=" ], "ARC-Authentication-Results": [ "i=2; gandalf.ozlabs.org;\n dmarc=pass (p=quarantine dis=none) header.from=kernel.org;\n dkim=pass (2048-bit key;\n unprotected) header.d=kernel.org header.i=@kernel.org header.a=rsa-sha256\n header.s=k20201202 header.b=RrDBx5QZ; dkim-atps=neutral;\n spf=pass (client-ip=2600:3c0a:e001:db::12fc:5321; helo=sea.lore.kernel.org;\n envelope-from=linux-ext4+bounces-16016-patchwork-incoming=ozlabs.org@vger.kernel.org;\n receiver=ozlabs.org) smtp.mailfrom=vger.kernel.org", "i=1; smtp.subspace.kernel.org;\n dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org\n header.b=RrDBx5QZ; arc=none smtp.client-ip=10.30.226.201" ], "DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;\n\ts=k20201202; t=1776900590;\n\tbh=NCztthpEtAsgBxxVb7EYoaSvE1eJCRW1L2HMmyijlc0=;\n\th=Date:From:To:Cc:Subject:References:In-Reply-To:From;\n\tb=RrDBx5QZHRo1xqE30jeGuto2AoKyZZy2k9bFbn/oE8ZLHQ52mCMo/i3XctUb9T+lz\n\t f9XyLrhGxF6B7bkmcIWIqa5Alx8jEZ+hyJNCaa+8+qZ8PDYO/KVoXiVXqSO38MG8mZ\n\t WTaQm723JdFCINOgsBte9Fqrh91GeMYOoGKedI7KcT4MLBP7N8uULeemzcAknoTKQc\n\t J6Wqcv6qTdLcOrkB8h0N34tIWmoOWcGTHt2SK9WO6wp2LytYT9rO0aKwz51bNJR8/l\n\t UcAYcKKdt5v0mXLzgK4Pa3iC6AknNK+m4usxeSwylHTah93wgt+4kEdqBn2/nSZyD+\n\t P2+T6gi8jyHwg==", "Date": "Wed, 22 Apr 2026 16:29:50 -0700", "From": "\"Darrick J. Wong\" <djwong@kernel.org>", "To": "linux-fsdevel <linux-fsdevel@vger.kernel.org>,\n\tlinux-ext4 <linux-ext4@vger.kernel.org>,\n\tfuse-devel <fuse-devel@lists.linux.dev>", "Cc": "Miklos Szeredi <miklos@szeredi.hu>, Bernd Schubert <bernd@bsbernd.com>,\n\tJoanne Koong <joannelkoong@gmail.com>,\n\tTheodore Ts'o <tytso@mit.edu>, Neal Gompa <neal@gompa.dev>,\n\tAmir Goldstein <amir73il@gmail.com>,\n\tChristian Brauner <brauner@kernel.org>, demiobenour@gmail.com", "Subject": "[RFC PATCH 1/4] fusefatfs: enable fuse systemd service mode", "Message-ID": "<20260422232950.GG7739@frogsfrogsfrogs>", "References": "<20260422231518.GA7717@frogsfrogsfrogs>", "Precedence": "bulk", "X-Mailing-List": "linux-ext4@vger.kernel.org", "List-Id": "<linux-ext4.vger.kernel.org>", "List-Subscribe": "<mailto:linux-ext4+subscribe@vger.kernel.org>", "List-Unsubscribe": "<mailto:linux-ext4+unsubscribe@vger.kernel.org>", "MIME-Version": "1.0", "Content-Type": "text/plain; charset=us-ascii", "Content-Disposition": "inline", "In-Reply-To": "<20260422231518.GA7717@frogsfrogsfrogs>", "X-Spam-Status": "No, score=-1.2 required=5.0 tests=ARC_SIGNED,ARC_VALID,\n\tDKIMWL_WL_HIGH,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DMARC_PASS,\n\tMAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS autolearn=disabled\n\tversion=4.0.1", "X-Spam-Checker-Version": "SpamAssassin 4.0.1 (2024-03-25) on gandalf.ozlabs.org" }, "content": "From: Darrick J. Wong <djwong@kernel.org>\n\nEnable use of fusefatfs as a contained systemd service.\n\nSigned-off-by: Darrick J. Wong <djwong@kernel.org>\n---\n CMakeLists.txt | 18 +++++++\n config.h.in | 2 +\n diskio.c | 3 +\n fusefatfs.c | 124 ++++++++++++++++++++++++++++++++++++++++++++++---\n fusefatfs.socket.in | 17 +++++++\n fusefatfs@.service.in | 102 ++++++++++++++++++++++++++++++++++++++++\n 6 files changed, 259 insertions(+), 7 deletions(-)\n create mode 100644 fusefatfs.socket.in\n create mode 100644 fusefatfs@.service.in", "diff": "diff --git a/CMakeLists.txt b/CMakeLists.txt\nindex 5e7d70ec85b748..473d1c451d0810 100644\n--- a/CMakeLists.txt\n+++ b/CMakeLists.txt\n@@ -14,6 +14,24 @@ pkg_check_modules(FUSE fuse3)\n if(NOT FUSE_FOUND)\n \tpkg_check_modules(FUSE REQUIRED fuse)\n endif()\n+pkg_get_variable(FUSE3_SERVICE_SOCKET_DIR fuse3 service_socket_dir)\n+pkg_get_variable(FUSE3_SERVICE_SOCKET_PERMS fuse3 service_socket_perms)\n+pkg_check_modules(SYSTEMD systemd)\n+if (SYSTEMD_FOUND)\n+\tpkg_get_variable(SYSTEMD_SYSTEM_UNIT_DIR systemd systemd_system_unit_dir)\n+endif()\n+IF ( (NOT \"${FUSE3_SERVICE_SOCKET_DIR}\" STREQUAL \"\") AND (NOT \"${SYSTEMD_SYSTEM_UNIT_DIR}\" STREQUAL \"\") )\n+\tmessage(STATUS \"Found libfuse3 service socket dir: ${FUSE3_SERVICE_SOCKET_DIR}\")\n+\tmessage(STATUS \"Found libfuse3 service socket perms: ${FUSE3_SERVICE_SOCKET_PERMS}\")\n+\tset(DEFINE_HAVE_FUSE_SERVICE \"#define HAVE_FUSE_SERVICE\")\n+\tconfigure_file(fusefatfs.socket.in ${CMAKE_BINARY_DIR}/fusefatfs.socket @ONLY)\n+\tconfigure_file(fusefatfs@.service.in ${CMAKE_BINARY_DIR}/fusefatfs@.service @ONLY)\n+\tmessage(STATUS \"Found systemd system unit dir: ${SYSTEMD_SYSTEM_UNIT_DIR}\")\n+\tinstall(FILES ${CMAKE_BINARY_DIR}/fusefatfs.socket\n+\t\tDESTINATION ${CMAKE_INSTALL_PREFIX}${SYSTEMD_SYSTEM_UNIT_DIR})\n+\tinstall(FILES ${CMAKE_BINARY_DIR}/fusefatfs@.service\n+\t\tDESTINATION ${CMAKE_INSTALL_PREFIX}${SYSTEMD_SYSTEM_UNIT_DIR})\n+endif()\n string(REGEX REPLACE \"\\\\..*\" \"\" FUSE_VERSION ${FUSE_VERSION})\n \n set(CMAKE_REQUIRED_DEFINITIONS -D_FILE_OFFSET_BITS=64)\ndiff --git a/config.h.in b/config.h.in\nindex 7f916d685c1e42..e6d2e8c82b7d0c 100644\n--- a/config.h.in\n+++ b/config.h.in\n@@ -4,5 +4,7 @@\n #define PROGNAME \"@CMAKE_PROJECT_NAME@\"\n #define VERSION \"@CMAKE_PROJECT_VERSION@\"\n \n+@DEFINE_HAVE_FUSE_SERVICE@\n+\n #endif\n \ndiff --git a/diskio.c b/diskio.c\nindex 122f93f3316e66..ca83a102e49b78 100644\n--- a/diskio.c\n+++ b/diskio.c\n@@ -41,6 +41,9 @@ DSTATUS disk_initialize (\n \tstruct fftab *drv = fftab_get(pdrv);\n \tif (!drv) return STA_NOINIT;\n \n+\tif (drv->fd >= 0)\n+\t\treturn RES_OK;\n+\n \tif (drv->flags & FFFF_RDONLY)\n \t\tdrv->fd = open(drv->path, O_RDONLY);\n \telse\ndiff --git a/fusefatfs.c b/fusefatfs.c\nindex 248f5c3a8a37c8..376f6cd1c338dd 100644\n--- a/fusefatfs.c\n+++ b/fusefatfs.c\n@@ -20,7 +20,7 @@\n #define FUSE_USE_VERSION 29\n #define FUSE3_ONLY(...)\n #else\n-#define FUSE_USE_VERSION FUSE_MAKE_VERSION(3, 14)\n+#define FUSE_USE_VERSION FUSE_MAKE_VERSION(3, 19)\n #define FUSE3_ONLY(...) __VA_ARGS__\n #endif\n \n@@ -37,6 +37,11 @@\n #include <fftable.h>\n #include <config.h>\n \n+#ifdef HAVE_FUSE_SERVICE\n+# include <sys/mount.h>\n+# include <fuse_service.h>\n+#endif\n+\n int fuse_reentrant_tag = 0;\n \n #if FF_DEFINED == 80286\n@@ -52,6 +57,96 @@ static pthread_mutex_t fff_mutex = PTHREAD_MUTEX_INITIALIZER;\n #define mutex_out() pthread_mutex_unlock(&fff_mutex)\n #define mutex_out_return(RETVAL) do {mutex_out(); return(RETVAL); } while (0)\n \n+#ifdef HAVE_FUSE_SERVICE\n+static struct fuse_service *service;\n+static int bdev_fd = -1;\n+\n+static inline bool fff_is_service(void)\n+{\n+\treturn fuse_service_accepted(service);\n+}\n+\n+static int fff_service_connect(struct fuse_args *args)\n+{\n+\tint ret;\n+\n+\tret = fuse_service_accept(&service);\n+\tif (ret)\n+\t\treturn ret;\n+\n+\tif (fuse_service_accepted(service))\n+\t\treturn fuse_service_append_args(service, args);\n+\n+\treturn 0;\n+}\n+\n+static int fff_service_get_config(const char *device, bool ro,\n+\t\t\t\t struct stat *sbuf)\n+{\n+\tint open_flags = O_EXCL;\n+\tint fd;\n+\tint ret;\n+\n+\tif (ro)\n+\t\topen_flags |= O_RDONLY;\n+\telse\n+\t\topen_flags |= O_SYNC | O_RDWR;\n+\n+\tret = fuse_service_request_file(service, device, open_flags, 0, 0);\n+\tif (ret)\n+\t\treturn ret;\n+\n+\tret = fuse_service_receive_file(service, device, &fd);\n+\tif (ret)\n+\t\treturn ret;\n+\n+\tif (fd < 0) {\n+\t\tfprintf(stderr, \"%s opening device: %s.\\n\", device,\n+\t\t\t strerror(-fd));\n+\t\treturn -1;\n+\t}\n+\tbdev_fd = fd;\n+\n+\tret = fuse_service_finish_file_requests(service);\n+\tif (ret)\n+\t\treturn ret;\n+\n+\treturn fstat(bdev_fd, sbuf);\n+}\n+\n+static void fff_service_assign_bdev(struct fftab *ffentry)\n+{\n+\tif (fff_is_service())\n+\t\tffentry->fd = bdev_fd;\n+}\n+\n+static int fff_service_main(struct fuse_args *args,\n+\t\t\t const struct fuse_operations *ops,\n+\t\t\t struct fftab *data)\n+{\n+\tfuse_service_expect_mount_format(service, S_IFDIR);\n+\treturn fuse_service_main(service, args, ops, data);\n+}\n+\n+static int fff_service_finish(int exitcode)\n+{\n+\tif (!fff_is_service())\n+\t\treturn exitcode;\n+\n+\tfuse_service_send_goodbye(service, exitcode);\n+\tfuse_service_destroy(&service);\n+\n+\treturn fuse_service_exit(exitcode);\n+}\n+#else\n+# define fff_is_service(...)\t\t\t(false)\n+# define fff_service_connect(...)\t\t(0)\n+# define fff_service_get_config(...)\t\t(EOPNOTSUPP)\n+# define fff_service_assign_bdev(...)\t\t((void)0)\n+# define fff_service_main(...)\t\t\t(1)\n+# define fff_service_finish(ret)\t\t(ret)\n+#endif /* HAVE_FUSE_SERVICE */\n+\n #define fffpath(index, path) \\\n *fffpath; \\\n ssize_t __fffpathlen = (index == 0) ? 0 : strlen(path) + 3; \\\n@@ -423,6 +518,9 @@ static struct fftab *fff_init(const char *source, int codepage, int flags) {\n \tif (index >= 0) {\n \t\tstruct fftab *ffentry = fftab_get(index);\n \t\tchar sdrv[12];\n+\n+\t\tfff_service_assign_bdev(ffentry);\n+\n \t\tsnprintf(sdrv, 12, \"%d:\", index);\n \t\tFRESULT fres = f_mount(&ffentry->fs, sdrv, 1);\n \t\tif (fres != FR_OK) {\n@@ -531,10 +629,10 @@ fff_opt_proc(void *data, const char *arg, int key, struct fuse_args *outargs)\n \t\t\treturn 1;\n \t\tcase FUSE_OPT_KEY_NONOPT:\n \t\t\tif (!options->source) {\n-\t\t\t\toptions->source = arg;\n+\t\t\t\toptions->source = strdup(arg);\n \t\t\t\treturn 0;\n \t\t\t} else if(!options->mountpoint) {\n-\t\t\t\toptions->mountpoint = arg;\n+\t\t\t\toptions->mountpoint = strdup(arg);\n \t\t\t\treturn 1;\n \t\t\t} else\n \t\t\t\treturn -1;\n@@ -565,6 +663,11 @@ int main(int argc, char *argv[])\n \tint flags = 0;\n \tstruct stat sbuf;\n \tputenv(\"TZ=UTC0\");\n+\n+\terr = fff_service_connect(&args);\n+\tif (err)\n+\t\texit(1);\n+\n \tif (fuse_opt_parse(&args, &options, fff_opts, fff_opt_proc) == -1) {\n \t\tfuse_opt_free_args(&args);\n \t\treturn -1;\n@@ -585,7 +688,11 @@ int main(int argc, char *argv[])\n \t\tgoto returnerr;\n \t}\n \n-\tif (stat(options.source, &sbuf) < 0) {\n+\tif (fff_is_service())\n+\t\terr = fff_service_get_config(options.source, options.ro, &sbuf);\n+\telse\n+\t\terr = stat(options.source, &sbuf);\n+\tif (err < 0) {\n \t\tfprintf(stderr, \"%s: %s\\n\", options.source, strerror(errno));\n \t\tgoto returnerr;\n \t}\n@@ -600,12 +707,15 @@ int main(int argc, char *argv[])\n \t\tfprintf(stderr, \"Fuse init error\\n\");\n \t\tgoto returnerr;\n \t}\n-\terr = fuse_main(args.argc, args.argv, &fusefat_ops, ffentry);\n+\tif (fff_is_service())\n+\t\terr = fff_service_main(&args, &fusefat_ops, ffentry);\n+\telse\n+\t\terr = fuse_main(args.argc, args.argv, &fusefat_ops, ffentry);\n \tfff_destroy(ffentry);\n \tfuse_opt_free_args(&args);\n \tif (err) fprintf(stderr, \"Fuse error %d\\n\", err);\n-\treturn err;\n+\treturn fff_service_finish(err);\n returnerr:\n \tfuse_opt_free_args(&args);\n-\treturn -1;\n+\treturn fff_service_finish(-1);\n }\ndiff --git a/fusefatfs.socket.in b/fusefatfs.socket.in\nnew file mode 100644\nindex 00000000000000..3512b3570d6178\n--- /dev/null\n+++ b/fusefatfs.socket.in\n@@ -0,0 +1,17 @@\n+# SPDX-License-Identifier: GPL-2.0-or-later\n+#\n+# Copyright (C) 2026 Oracle. All Rights Reserved.\n+# Author: Darrick J. Wong <djwong@kernel.org>\n+[Unit]\n+Description=Socket for fusefatfs Service\n+\n+[Socket]\n+ListenSequentialPacket=@FUSE3_SERVICE_SOCKET_DIR@/vfat\n+ListenSequentialPacket=@FUSE3_SERVICE_SOCKET_DIR@/msdos\n+ListenSequentialPacket=@FUSE3_SERVICE_SOCKET_DIR@/fat\n+Accept=yes\n+SocketMode=@FUSE3_SERVICE_SOCKET_PERMS@\n+RemoveOnStop=yes\n+\n+[Install]\n+WantedBy=sockets.target\ndiff --git a/fusefatfs@.service.in b/fusefatfs@.service.in\nnew file mode 100644\nindex 00000000000000..ac7c4d6cdad93a\n--- /dev/null\n+++ b/fusefatfs@.service.in\n@@ -0,0 +1,102 @@\n+# SPDX-License-Identifier: GPL-2.0-or-later\n+#\n+# Copyright (C) 2026 Oracle. All Rights Reserved.\n+# Author: Darrick J. Wong <djwong@kernel.org>\n+[Unit]\n+Description=fusefatfs Service\n+\n+# Don't leave failed units behind, systemd does not clean them up!\n+CollectMode=inactive-or-failed\n+\n+[Service]\n+Type=exec\n+ExecStart=/@CMAKE_INSTALL_BINDIR@/fusefatfs\n+\n+# Try to capture core dumps\n+LimitCORE=infinity\n+\n+SyslogIdentifier=%N\n+\n+# No realtime CPU scheduling\n+RestrictRealtime=true\n+\n+# Don't let us see anything in the regular system, and don't run as root\n+DynamicUser=true\n+ProtectSystem=strict\n+ProtectHome=true\n+PrivateTmp=true\n+PrivateDevices=true\n+PrivateUsers=true\n+\n+# No network access\n+PrivateNetwork=true\n+ProtectHostname=true\n+RestrictAddressFamilies=none\n+IPAddressDeny=any\n+\n+# Don't let the program mess with the kernel configuration at all\n+ProtectKernelLogs=true\n+ProtectKernelModules=true\n+ProtectKernelTunables=true\n+ProtectControlGroups=true\n+ProtectProc=invisible\n+RestrictNamespaces=true\n+RestrictFileSystems=\n+\n+# Hide everything in /proc, even /proc/mounts\n+ProcSubset=pid\n+\n+# Only allow the default personality Linux\n+LockPersonality=true\n+\n+# No writable memory pages\n+MemoryDenyWriteExecute=true\n+\n+# Don't let our mounts leak out to the host\n+PrivateMounts=true\n+\n+# Restrict system calls to the native arch and only enough to get things going\n+SystemCallArchitectures=native\n+SystemCallFilter=@system-service\n+SystemCallFilter=~@privileged\n+SystemCallFilter=~@resources\n+\n+SystemCallFilter=~@clock\n+SystemCallFilter=~@cpu-emulation\n+SystemCallFilter=~@debug\n+SystemCallFilter=~@module\n+SystemCallFilter=~@reboot\n+SystemCallFilter=~@swap\n+\n+SystemCallFilter=~@mount\n+\n+# libfuse io_uring wants to pin cores and memory\n+SystemCallFilter=mbind\n+SystemCallFilter=sched_setaffinity\n+\n+# Leave a breadcrumb if we get whacked by the system call filter\n+SystemCallErrorNumber=EL3RST\n+\n+# Log to the kernel dmesg, just like an in-kernel ext4 driver\n+StandardOutput=append:/dev/ttyprintk\n+StandardError=append:/dev/ttyprintk\n+\n+# Run with no capabilities at all\n+CapabilityBoundingSet=\n+AmbientCapabilities=\n+NoNewPrivileges=true\n+\n+# fuse4fs doesn't create files\n+UMask=7777\n+\n+# No access to hardware /dev files at all\n+ProtectClock=true\n+DevicePolicy=closed\n+\n+# Don't mess with set[ug]id anything.\n+RestrictSUIDSGID=true\n+\n+# Don't let OOM kills of processes in this containment group kill the whole\n+# service, because we don't want filesystem drivers to go down.\n+OOMPolicy=continue\n+OOMScoreAdjust=-1000\n", "prefixes": [ "RFC", "1/4" ] }