{"id":2231579,"url":"http://patchwork.ozlabs.org/api/1.1/patches/2231579/?format=json","web_url":"http://patchwork.ozlabs.org/project/linux-ext4/patch/177758363712.1314717.16316935834409248821.stgit@frogsfrogsfrogs/","project":{"id":8,"url":"http://patchwork.ozlabs.org/api/1.1/projects/8/?format=json","name":"Linux ext4 filesystem development","link_name":"linux-ext4","list_id":"linux-ext4.vger.kernel.org","list_email":"linux-ext4@vger.kernel.org","web_url":null,"scm_url":null,"webscm_url":null},"msgid":"<177758363712.1314717.16316935834409248821.stgit@frogsfrogsfrogs>","date":"2026-04-30T21:17:37","name":"[10/13] mount_service: allow installation as a setuid program","commit_ref":null,"pull_url":null,"state":"new","archived":false,"hash":"fc9b9e53eda75678a6057254b82dd7ff9874aee5","submitter":{"id":77032,"url":"http://patchwork.ozlabs.org/api/1.1/people/77032/?format=json","name":"Darrick J. Wong","email":"djwong@kernel.org"},"delegate":null,"mbox":"http://patchwork.ozlabs.org/project/linux-ext4/patch/177758363712.1314717.16316935834409248821.stgit@frogsfrogsfrogs/mbox/","series":[{"id":502386,"url":"http://patchwork.ozlabs.org/api/1.1/series/502386/?format=json","web_url":"http://patchwork.ozlabs.org/project/linux-ext4/list/?series=502386","date":"2026-04-30T21:15:17","name":"[01/13] Refactor mount code / move common functions to mount_util.c","version":1,"mbox":"http://patchwork.ozlabs.org/series/502386/mbox/"}],"comments":"http://patchwork.ozlabs.org/api/patches/2231579/comments/","check":"pending","checks":"http://patchwork.ozlabs.org/api/patches/2231579/checks/","tags":{},"headers":{"Return-Path":"\n <SRS0=BakC=C5=vger.kernel.org=linux-ext4+bounces-16262-patchwork-incoming=ozlabs.org@ozlabs.org>","X-Original-To":["incoming@patchwork.ozlabs.org","linux-ext4@vger.kernel.org"],"Delivered-To":["patchwork-incoming@legolas.ozlabs.org","patchwork-incoming@ozlabs.org"],"Authentication-Results":["legolas.ozlabs.org;\n\tdkim=pass (2048-bit key;\n unprotected) header.d=kernel.org header.i=@kernel.org header.a=rsa-sha256\n header.s=k20201202 header.b=LMXm0wUi;\n\tdkim-atps=neutral","legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=ozlabs.org\n (client-ip=2404:9400:2221:ea00::3; helo=mail.ozlabs.org;\n envelope-from=srs0=bakc=c5=vger.kernel.org=linux-ext4+bounces-16262-patchwork-incoming=ozlabs.org@ozlabs.org;\n receiver=patchwork.ozlabs.org)","gandalf.ozlabs.org;\n arc=pass smtp.remote-ip=\"2600:3c04:e001:36c::12fc:5321\"\n arc.chain=subspace.kernel.org","gandalf.ozlabs.org;\n dmarc=pass (p=quarantine dis=none) header.from=kernel.org","gandalf.ozlabs.org;\n\tdkim=pass (2048-bit key;\n unprotected) header.d=kernel.org header.i=@kernel.org header.a=rsa-sha256\n header.s=k20201202 header.b=LMXm0wUi;\n\tdkim-atps=neutral","gandalf.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=vger.kernel.org\n (client-ip=2600:3c04:e001:36c::12fc:5321; helo=tor.lore.kernel.org;\n envelope-from=linux-ext4+bounces-16262-patchwork-incoming=ozlabs.org@vger.kernel.org;\n receiver=ozlabs.org)","smtp.subspace.kernel.org;\n\tdkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org\n header.b=\"LMXm0wUi\"","smtp.subspace.kernel.org;\n arc=none smtp.client-ip=10.30.226.201"],"Received":["from mail.ozlabs.org (mail.ozlabs.org [IPv6:2404:9400:2221:ea00::3])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4g66X62J3Vz1yGq\n\tfor <incoming@patchwork.ozlabs.org>; Fri, 01 May 2026 07:20:22 +1000 (AEST)","from mail.ozlabs.org (mail.ozlabs.org [IPv6:2404:9400:2221:ea00::3])\n\tby gandalf.ozlabs.org (Postfix) with ESMTP id 4g66X61sXjz4wTZ\n\tfor <incoming@patchwork.ozlabs.org>; Fri, 01 May 2026 07:20:22 +1000 (AEST)","by gandalf.ozlabs.org (Postfix)\n\tid 4g66X61lZZz4wLX; Fri, 01 May 2026 07:20:22 +1000 (AEST)","from tor.lore.kernel.org (tor.lore.kernel.org\n [IPv6:2600:3c04:e001:36c::12fc:5321])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519)\n\t(No client certificate requested)\n\tby gandalf.ozlabs.org (Postfix) with ESMTPS id 4g66X13YNjz4wTZ\n\tfor <patchwork-incoming@ozlabs.org>; Fri, 01 May 2026 07:20:17 +1000 (AEST)","from smtp.subspace.kernel.org (conduit.subspace.kernel.org\n [100.90.174.1])\n\tby tor.lore.kernel.org (Postfix) with ESMTP id 0A16330438CB\n\tfor <patchwork-incoming@ozlabs.org>; Thu, 30 Apr 2026 21:17:40 +0000 (UTC)","from localhost.localdomain (localhost.localdomain [127.0.0.1])\n\tby smtp.subspace.kernel.org (Postfix) with ESMTP id 398473AB276;\n\tThu, 30 Apr 2026 21:17:39 +0000 (UTC)","from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org\n [10.30.226.201])\n\t(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))\n\t(No client certificate requested)\n\tby smtp.subspace.kernel.org (Postfix) with ESMTPS id F01A12FE066;\n\tThu, 30 Apr 2026 21:17:38 +0000 (UTC)","by smtp.kernel.org (Postfix) with ESMTPSA id 784F6C2BCB3;\n\tThu, 30 Apr 2026 21:17:38 +0000 (UTC)"],"ARC-Seal":["i=2; a=rsa-sha256; d=ozlabs.org; s=201707; t=1777584022; cv=pass;\n\tb=ygF85KIQs97O6FskVkcAlUS656rRstQf6WyXhXDUaYw45KEN+0XrKZn+T6pvnTkWMi4A2OVlWgZfKRQE9OqiRyO7MRwfC8g270kUykrf7dRLd5nfA1cqhAvOPwjoWgLJRKOPW2F8bgDSUNgFQeiuC82wFoE0mxDEpv9bfreMyRcx7phZgI1mQufbOB99/I4qaAU2GxTH39jSMLCgYcQ0gwVn7wMC8nId041ibnYZSiohlgvajK3s12mmFEV06PQ/m9LuKPG820tNUY2lPtjkSP8BrGsFCpJsZB+vQe8b5K3IkxMPTDLOe/hdrt8Fnk1ihA+6P5MCau9A9APfYQnUvw==","i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;\n\tt=1777583859; cv=none;\n b=gb+TyaAR13aLo6CsFCuyA6qvjJ4CIO+98SMKreqSpj8cotOVFAZp/V0K1/CsBQoandHRi47eBYF8ru7EJtrxd9sJo9BC1DSVnVPDhz/bCCh/rIY7xQnLXjpPn3VpLAMqhRBF5lZj3q9yQh5285I7pTlxNDz6uAJVySpbhhHRODA="],"ARC-Message-Signature":["i=2; a=rsa-sha256; d=ozlabs.org; s=201707;\n\tt=1777584022; c=relaxed/relaxed;\n\tbh=Hl3FgZQ2RTs3ZIM8sLsJU+vlFnaFNsc8m7ToKxV7tNg=;\n\th=Date:Subject:From:To:Cc:Message-ID:In-Reply-To:References:\n\t MIME-Version:Content-Type;\n b=RjVSBxPY9zM7Mo8jhBTlnOJrqyPsuQTjC3raiUTXjhT/MmnPmzlOLDkQxoycgm8KhbiSD8WwNZig5vrhHy0Qlwa4deUk3y3tM8or/64AlNS8CfTso/0w7EBR8rjIPOwro6vgWByyEyZ9cr6CejzoLIYQWKTIgOtFhPhbmDJasFClnJjaz85O/JYGkfst4/nC6VnJqv6t+9Vkcf2vlaEZKvoVCipyXAFJRSl0i5y/0ymN8d9Na0tnXDzTpm5Zev8zTdsisL64rRXGHYF5aChKahthyR5cu1zz8Z6QOci0axdL2RRFbKNu6sDuLoiA+shFqnGW+5Oiw5a66bf04172mw==","i=1; a=rsa-sha256; d=subspace.kernel.org;\n\ts=arc-20240116; t=1777583859; c=relaxed/simple;\n\tbh=UNCbDvUix/6fcD3ir7GQaG2O0AXlLax60sqntYviLZM=;\n\th=Date:Subject:From:To:Cc:Message-ID:In-Reply-To:References:\n\t MIME-Version:Content-Type;\n b=dNxelXFsNz5Vwe9nCKTa3LZG/7SkzfYD4ecE/XgFc1dW9YWIDP6rDaH2WuCJWGfWPvs2TkQpDx3SkrVo72nnTpiFK14n8c6Zo0WJFKlcZg1EvfCzmvMSfATuaEQQE0y1G1cs6nxazvd/yZQ2FgUTlQ+lpqzChHmkaaQs6wi6PJk="],"ARC-Authentication-Results":["i=2; gandalf.ozlabs.org;\n dmarc=pass (p=quarantine dis=none) header.from=kernel.org;\n dkim=pass (2048-bit key;\n unprotected) header.d=kernel.org header.i=@kernel.org header.a=rsa-sha256\n header.s=k20201202 header.b=LMXm0wUi; dkim-atps=neutral;\n spf=pass (client-ip=2600:3c04:e001:36c::12fc:5321; helo=tor.lore.kernel.org;\n envelope-from=linux-ext4+bounces-16262-patchwork-incoming=ozlabs.org@vger.kernel.org;\n receiver=ozlabs.org) smtp.mailfrom=vger.kernel.org","i=1; smtp.subspace.kernel.org;\n dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org\n header.b=LMXm0wUi; arc=none smtp.client-ip=10.30.226.201"],"DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;\n\ts=k20201202; t=1777583858;\n\tbh=UNCbDvUix/6fcD3ir7GQaG2O0AXlLax60sqntYviLZM=;\n\th=Date:Subject:From:To:Cc:In-Reply-To:References:From;\n\tb=LMXm0wUiMfMZNpeVuWyeT139GgaLa+Y9MDxCr0aLohFqdUFGIQkwikXMYk/qK4nGK\n\t jjNrMFGpOncNWJchh3wiObTATYYcNF+lPZGsm5lIthXF5WMhDsN1UBZNXOMoDWgs8A\n\t EAqFQUr13RgD5LC8Cjkvimy4J6Q6qLi/pG+shptnNYmrct2dZqa1xfaTWjtzhMt/xl\n\t LS+I1wFqf7vQtKwFFgiILy4tZHzGB5H/+nmLcw+aNJZ4KoKLNuhAI35WZQWGeWcS92\n\t RMMAbT1zccRhwowPhfBm8VacXoe6xmGy4tsOoT9KVTnQ4crZ3U9Ql8RdakRlgz5ngR\n\t cNlVXAQp4KAkg==","Date":"Thu, 30 Apr 2026 14:17:37 -0700","Subject":"[PATCH 10/13] mount_service: allow installation as a setuid program","From":"\"Darrick J. Wong\" <djwong@kernel.org>","To":"bernd@bsbernd.com, djwong@kernel.org","Cc":"linux-fsdevel@vger.kernel.org, fuse-devel@lists.linux.dev,\n linux-ext4@vger.kernel.org, miklos@szeredi.hu, neal@gompa.dev,\n joannelkoong@gmail.com","Message-ID":"<177758363712.1314717.16316935834409248821.stgit@frogsfrogsfrogs>","In-Reply-To":"<177758363484.1314717.11777978893472254088.stgit@frogsfrogsfrogs>","References":"<177758363484.1314717.11777978893472254088.stgit@frogsfrogsfrogs>","Precedence":"bulk","X-Mailing-List":"linux-ext4@vger.kernel.org","List-Id":"<linux-ext4.vger.kernel.org>","List-Subscribe":"<mailto:linux-ext4+subscribe@vger.kernel.org>","List-Unsubscribe":"<mailto:linux-ext4+unsubscribe@vger.kernel.org>","MIME-Version":"1.0","Content-Type":"text/plain; charset=\"utf-8\"","Content-Transfer-Encoding":"7bit","X-Spam-Status":"No, score=-1.2 required=5.0 tests=ARC_SIGNED,ARC_VALID,\n\tDKIMWL_WL_HIGH,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DMARC_PASS,\n\tMAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS autolearn=disabled\n\tversion=4.0.1","X-Spam-Checker-Version":"SpamAssassin 4.0.1 (2024-03-25) on gandalf.ozlabs.org"},"content":"From: Darrick J. Wong <djwong@kernel.org>\n\nAllow installation of the mount service helper as a setuid program so\nthat regular users can access containerized filesystem drivers.\n\nSigned-off-by: \"Darrick J. Wong\" <djwong@kernel.org>\n---\n README.md              |    3 +++\n test/ci-build.sh       |   14 ++++++++++++++\n util/install_helper.sh |    6 ++++++\n util/meson.build       |    3 ++-\n 4 files changed, 25 insertions(+), 1 deletion(-)","diff":"diff --git a/README.md b/README.md\nindex 6cf23cd870109a..92b85522e7890a 100644\n--- a/README.md\n+++ b/README.md\n@@ -98,6 +98,9 @@ Security implications\n \n The *fusermount3* program is installed setuid root. This is done to\n allow normal users to mount their own filesystem implementations.\n+If built, the *fuservicemount3* program will also be installed setuid\n+root so that normal users can access containerized filesystem\n+implementations.\n \n To limit the harm that malicious users can do this way, *fusermount3*\n enforces the following limitations:\ndiff --git a/test/ci-build.sh b/test/ci-build.sh\nindex 8b019a0b5e52c1..f6e6c3d9de4e4e 100755\n--- a/test/ci-build.sh\n+++ b/test/ci-build.sh\n@@ -60,11 +60,18 @@ non_sanitized_build()\n \n         # libfuse will first try the install path and then system defaults\n         sudo chmod 4755 ${PREFIX_DIR}/bin/fusermount3\n+        test -x \"${PREFIX_DIR}/sbin/fuservicemount3\" && \\\n+                sudo chmod 4755 ${PREFIX_DIR}/sbin/fuservicemount3\n \n         # also needed for some of the tests\n         sudo chown root:root util/fusermount3\n         sudo chmod 4755 util/fusermount3\n \n+        if [ -x util/fuservicemount3 ]; then\n+                sudo chown root:root util/fuservicemount3\n+                sudo chmod 4755 util/fuservicemount3\n+        fi\n+\n         ${TEST_CMD}\n         popd\n         rm -fr build-${CC}\n@@ -101,11 +108,18 @@ sanitized_build()\n     ninja\n     sudo env PATH=$PATH ninja install\n     sudo chmod 4755 ${PREFIX_DIR}/bin/fusermount3\n+    test -x \"${PREFIX_DIR}/sbin/fuservicemount3\" && \\\n+        sudo chmod 4755 ${PREFIX_DIR}/sbin/fuservicemount3\n \n     # also needed for some of the tests\n     sudo chown root:root util/fusermount3\n     sudo chmod 4755 util/fusermount3\n \n+    if [ -x util/fuservicemount3 ]; then\n+        sudo chown root:root util/fuservicemount3\n+        sudo chmod 4755 util/fuservicemount3\n+    fi\n+\n     # Test as root and regular user\n     sudo env PATH=$PATH ${TEST_CMD}\n     # Cleanup temporary files (since they are now owned by root)\ndiff --git a/util/install_helper.sh b/util/install_helper.sh\nindex 76f2b47fe6c8f9..4c6f9dc3dc70aa 100755\n--- a/util/install_helper.sh\n+++ b/util/install_helper.sh\n@@ -11,6 +11,7 @@ bindir=\"$2\"\n udevrulesdir=\"$3\"\n useroot=\"$4\"\n initscriptdir=\"$5\"\n+sbindir=\"$6\"\n \n # Both sysconfdir and bindir are absolute paths (since they are joined\n # with --prefix in meson.build), but need to be interpreted relative\n@@ -31,6 +32,11 @@ if $useroot; then\n     chown root:root \"${DESTDIR}${bindir}/fusermount3\"\n     chmod u+s \"${DESTDIR}${bindir}/fusermount3\"\n \n+    if [ -e \"${DESTDIR}${sbindir}/fuservicemount3\" ]; then\n+        chown root:root \"${DESTDIR}${sbindir}/fuservicemount3\"\n+        chmod u+s \"${DESTDIR}${sbindir}/fuservicemount3\"\n+    fi\n+\n     if test ! -e \"${DESTDIR}/dev/fuse\"; then\n         mkdir -p \"${DESTDIR}/dev\"\n         mknod \"${DESTDIR}/dev/fuse\" -m 0666 c 10 229\ndiff --git a/util/meson.build b/util/meson.build\nindex 85b54d5d322dcb..e15dd9bbb0c486 100644\n--- a/util/meson.build\n+++ b/util/meson.build\n@@ -46,4 +46,5 @@ meson.add_install_script('install_helper.sh',\n                          join_paths(get_option('prefix'), get_option('bindir')),\n                          udevrulesdir,\n                          '@0@'.format(get_option('useroot')),\n-                         get_option('initscriptdir'))\n+                         get_option('initscriptdir'),\n+                         join_paths(get_option('prefix'), get_option('sbindir')))\n","prefixes":["10/13"]}