Re: [Libguestfs] [PATCH] fuse: UID 0 should override all permissions checks (RHBZ#1106548).
On Thursday 12 June 2014 13:32:54 Richard W.M. Jones wrote:
Previously if you were root, and you tried to change directory into
a
directory which was not owned by you and not readable (eg. 0700
bin:bin), it would fail.
This doesn't fail on regular directories because when you are root the
kernel just ignores permissions.
Although libguestfs in general tries not to duplicate kernel code, in
the case where we emulate the FUSE access(2) system call,
unfortunately we have to do it by stat-ing the object and performing
some (half-arsed) heuristics.
This commit modifies the FUSE access(2) system call, so root is now
able to chdir to any directory.
I've taken a look at few non-trivial FUSE filesystems, and none of them
seems to implement the access operation. I guess this means the kernel
does all the job by itself based on the permissions.
On the other hand, removing the access operation makes test-fuse.sh fail
in the chmod part, at:
[ ! -x new ]
interestingly enough, the permissions of "new" at that point are fine
(no -x), and strace'ing that test command gives
access("new", X_OK) = 0
so I'm puzzled...
Interestingly enough, even trying the allow_root and allow_other FUSE
options makes no difference.
So I'd say to commit this for now; just one note below.
It also adds some debugging so we can debug these complex
permissions
checks in the field if some other problem arises in future.
[...]
+ debug (g, "%s: "
+ "testing access mask%s%s%s%s: "
+ "caller UID:GID = %d:%d, "
+ "file UID:GID = %d:%d, "
+ "file mode = %o, "
+ "result = %s",
+ path,
+ mask & R_OK ? " R_OK" : "",
+ mask & W_OK ? " W_OK" : "",
+ mask & X_OK ? " X_OK" : "",
+ mask == 0 ? " 0" : "",
+ fuse->uid, fuse->gid,
+ statbuf.st_uid, statbuf.st_gid,
+ statbuf.st_mode,
+ ok ? "OK" : "EACCESS");
Would it be possible to split most of this debug right after the
mount_local_getattr invocation, so early returns have this debug as
well?
Thanks,
--
Pino Toscano