libgocryptfs/daemonize.go
Jakob Unterwurzacher 53d6a9999d main: accept -dev, -nodev, -suid, -nosuid, -exec, -noexec
When mounted via /etc/fstab like this,

  /a /b fuse.gocryptfs default 0 0

we always get extra options passed. As reported by @mahkoh
at https://github.com/rfjakob/gocryptfs/pull/233 :

  mount passes `-o noexec` if `-o user` is set and `-o exec` is not set.
  If both `-o user` and `-o exec` are set, it passes `-o exec`.

Make these options work, and in addtion, also make -suid and -rw
work the same way.

Reported-by: @mahkoh
2018-06-07 22:50:30 +02:00

106 lines
2.9 KiB
Go

package main
import (
"fmt"
"os"
"os/exec"
"os/signal"
"syscall"
"github.com/rfjakob/gocryptfs/internal/exitcodes"
"github.com/rfjakob/gocryptfs/internal/syscallcompat"
"github.com/rfjakob/gocryptfs/internal/tlog"
)
// The child sends us USR1 if the mount was successful. Exit with error code
// 0 if we get it.
func exitOnUsr1() {
c := make(chan os.Signal, 1)
signal.Notify(c, syscall.SIGUSR1)
go func() {
<-c
os.Exit(0)
}()
}
// forkChild - execute ourselves once again, this time with the "-fg" flag, and
// wait for SIGUSR1 or child exit.
// This is a workaround for the missing true fork function in Go.
func forkChild() int {
name := os.Args[0]
newArgs := []string{"-fg", fmt.Sprintf("-notifypid=%d", os.Getpid())}
newArgs = append(newArgs, os.Args[1:]...)
c := exec.Command(name, newArgs...)
c.Stdout = os.Stdout
c.Stderr = os.Stderr
c.Stdin = os.Stdin
exitOnUsr1()
err := c.Start()
if err != nil {
tlog.Fatal.Printf("forkChild: starting %s failed: %v", name, err)
return exitcodes.ForkChild
}
err = c.Wait()
if err != nil {
if exiterr, ok := err.(*exec.ExitError); ok {
if waitstat, ok := exiterr.Sys().(syscall.WaitStatus); ok {
os.Exit(waitstat.ExitStatus())
}
}
tlog.Fatal.Printf("forkChild: wait returned an unknown error: %v", err)
return exitcodes.ForkChild
}
// The child exited with 0 - let's do the same.
return 0
}
// redirectStdFds redirects stderr and stdout to syslog; stdin to /dev/null
func redirectStdFds() {
// Create a pipe pair "pw" -> "pr" and start logger reading from "pr".
// We do it ourselves instead of using StdinPipe() because we need access
// to the fd numbers.
pr, pw, err := os.Pipe()
if err != nil {
tlog.Warn.Printf("redirectStdFds: could not create pipe: %v\n", err)
return
}
tag := fmt.Sprintf("gocryptfs-%d-logger", os.Getpid())
// SUSE has /bin/logger, everybody else has /usr/bin/logger.
for _, path := range []string{"/usr/bin/logger", "/bin/logger"} {
cmd := exec.Command(path, "-t", tag)
cmd.Stdin = pr
err = cmd.Start()
if err == nil {
break
}
}
if err != nil {
tlog.Warn.Printf("redirectStdFds: could not start logger: %v\n", err)
return
}
// The logger now reads on "pr". We can close it.
pr.Close()
// Redirect stout and stderr to "pw".
err = syscallcompat.Dup3(int(pw.Fd()), 1, 0)
if err != nil {
tlog.Warn.Printf("redirectStdFds: stdout dup error: %v\n", err)
}
syscallcompat.Dup3(int(pw.Fd()), 2, 0)
if err != nil {
tlog.Warn.Printf("redirectStdFds: stderr dup error: %v\n", err)
}
// Our stout and stderr point to "pw". We can close the extra copy.
pw.Close()
// Redirect stdin to /dev/null
nullFd, err := os.Open("/dev/null")
if err != nil {
tlog.Warn.Printf("redirectStdFds: could not open /dev/null: %v\n", err)
return
}
err = syscallcompat.Dup3(int(nullFd.Fd()), 0, 0)
if err != nil {
tlog.Warn.Printf("redirectStdFds: stdin dup error: %v\n", err)
}
nullFd.Close()
}