fusefrontend: Don't chown gocryptfs.diriv files.
The current code has a risk of race-conditions, since we pass a path containing "/" to Fchownat. We could fix this by opening a file descriptor, however, this does not seem worth the effort. We also don't chown *.name files.
This commit is contained in:
parent
fcaca5fc94
commit
669322482a
|
@ -5,7 +5,6 @@ package fusefrontend
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"os"
|
"os"
|
||||||
"path/filepath"
|
|
||||||
"sync"
|
"sync"
|
||||||
"syscall"
|
"syscall"
|
||||||
"time"
|
"time"
|
||||||
|
@ -326,19 +325,8 @@ func (fs *FS) Chown(path string, uid uint32, gid uint32, context *fuse.Context)
|
||||||
return fuse.ToStatus(err)
|
return fuse.ToStatus(err)
|
||||||
}
|
}
|
||||||
defer syscall.Close(dirfd)
|
defer syscall.Close(dirfd)
|
||||||
code = fuse.ToStatus(syscallcompat.Fchownat(dirfd, cName, int(uid), int(gid), unix.AT_SYMLINK_NOFOLLOW))
|
err = syscallcompat.Fchownat(dirfd, cName, int(uid), int(gid), unix.AT_SYMLINK_NOFOLLOW)
|
||||||
if !code.Ok() {
|
return fuse.ToStatus(err)
|
||||||
return code
|
|
||||||
}
|
|
||||||
if !fs.args.PlaintextNames {
|
|
||||||
// When filename encryption is active, every directory contains
|
|
||||||
// a "gocryptfs.diriv" file. This file should also change the owner.
|
|
||||||
// Instead of checking if "cName" is a directory, we just blindly
|
|
||||||
// execute the chown on "cName/gocryptfs.diriv" and ignore errors.
|
|
||||||
dirIVPath := filepath.Join(cName, nametransform.DirIVFilename)
|
|
||||||
syscallcompat.Fchownat(dirfd, dirIVPath, int(uid), int(gid), unix.AT_SYMLINK_NOFOLLOW)
|
|
||||||
}
|
|
||||||
return fuse.OK
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// Mknod - FUSE call. Create a device file.
|
// Mknod - FUSE call. Create a device file.
|
||||||
|
|
|
@ -5,7 +5,6 @@ package fusefrontend
|
||||||
import (
|
import (
|
||||||
"fmt"
|
"fmt"
|
||||||
"io"
|
"io"
|
||||||
"path/filepath"
|
|
||||||
"runtime"
|
"runtime"
|
||||||
"syscall"
|
"syscall"
|
||||||
|
|
||||||
|
@ -124,16 +123,11 @@ func (fs *FS) Mkdir(newPath string, mode uint32, context *fuse.Context) (code fu
|
||||||
err = syscallcompat.Fchownat(dirfd, cName, int(context.Owner.Uid),
|
err = syscallcompat.Fchownat(dirfd, cName, int(context.Owner.Uid),
|
||||||
int(context.Owner.Gid), unix.AT_SYMLINK_NOFOLLOW)
|
int(context.Owner.Gid), unix.AT_SYMLINK_NOFOLLOW)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
tlog.Warn.Printf("Mkdir %q: Fchownat(1) %d:%d failed: %v", cName, context.Owner.Uid, context.Owner.Gid, err)
|
tlog.Warn.Printf("Mkdir %q: Fchownat %d:%d failed: %v", cName, context.Owner.Uid, context.Owner.Gid, err)
|
||||||
// In case of a failure, we don't want to proceed setting more
|
// In case of a failure, we don't want to proceed setting more
|
||||||
// permissive modes.
|
// permissive modes.
|
||||||
return fuse.ToStatus(err)
|
return fuse.ToStatus(err)
|
||||||
}
|
}
|
||||||
err = syscallcompat.Fchownat(dirfd, filepath.Join(cName, nametransform.DirIVFilename),
|
|
||||||
int(context.Owner.Uid), int(context.Owner.Gid), unix.AT_SYMLINK_NOFOLLOW)
|
|
||||||
if err != nil {
|
|
||||||
tlog.Warn.Printf("Mkdir %q: Fchownat(2) %d:%d failed: %v", cName, context.Owner.Uid, context.Owner.Gid, err)
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
// Set mode
|
// Set mode
|
||||||
if origMode != mode {
|
if origMode != mode {
|
||||||
|
|
Loading…
Reference in New Issue