1. 10 9月, 2005 4 次提交
    • M
      [PATCH] FUSE - file operations · b6aeaded
      Miklos Szeredi 提交于
      This patch adds the file operations of FUSE.
      
      The following operations are added:
      
       o open
       o flush
       o release
       o fsync
       o readpage
       o commit_write
      Signed-off-by: NMiklos Szeredi <miklos@szeredi.hu>
      Signed-off-by: NAndrew Morton <akpm@osdl.org>
      Signed-off-by: NLinus Torvalds <torvalds@osdl.org>
      b6aeaded
    • M
      [PATCH] FUSE - read-only operations · e5e5558e
      Miklos Szeredi 提交于
      This patch adds the read-only filesystem operations of FUSE.
      
      This contains the following files:
      
       o dir.c
          - directory, symlink and file-inode operations
      
      The following operations are added:
      
       o lookup
       o getattr
       o readlink
       o follow_link
       o directory open
       o readdir
       o directory release
       o permission
       o dentry revalidate
       o statfs
      Signed-off-by: NMiklos Szeredi <miklos@szeredi.hu>
      Signed-off-by: NAndrew Morton <akpm@osdl.org>
      Signed-off-by: NLinus Torvalds <torvalds@osdl.org>
      e5e5558e
    • M
      [PATCH] FUSE - device functions · 334f485d
      Miklos Szeredi 提交于
      This adds the FUSE device handling functions.
      
      This contains the following files:
      
       o dev.c
          - fuse device operations (read, write, release, poll)
          - registers misc device
          - support for sending requests to userspace
      Signed-off-by: NMiklos Szeredi <miklos@szeredi.hu>
      Signed-off-by: NAdrian Bunk <bunk@stusta.de>
      Signed-off-by: NAndrew Morton <akpm@osdl.org>
      Signed-off-by: NLinus Torvalds <torvalds@osdl.org>
      334f485d
    • M
      [PATCH] FUSE - core · d8a5ba45
      Miklos Szeredi 提交于
      This patch adds FUSE core.
      
      This contains the following files:
      
       o inode.c
          - superblock operations (alloc_inode, destroy_inode, read_inode,
            clear_inode, put_super, show_options)
          - registers FUSE filesystem
      
       o fuse_i.h
          - private header file
      
      Requirements
      ============
      
       The most important difference between orinary filesystems and FUSE is
       the fact, that the filesystem data/metadata is provided by a userspace
       process run with the privileges of the mount "owner" instead of the
       kernel, or some remote entity usually running with elevated
       privileges.
      
       The security implication of this is that a non-privileged user must
       not be able to use this capability to compromise the system.  Obvious
       requirements arising from this are:
      
        - mount owner should not be able to get elevated privileges with the
          help of the mounted filesystem
      
        - mount owner should not be able to induce undesired behavior in
          other users' or the super user's processes
      
        - mount owner should not get illegitimate access to information from
          other users' and the super user's processes
      
       These are currently ensured with the following constraints:
      
        1) mount is only allowed to directory or file which the mount owner
          can modify without limitation (write access + no sticky bit for
          directories)
      
        2) nosuid,nodev mount options are forced
      
        3) any process running with fsuid different from the owner is denied
           all access to the filesystem
      
       1) and 2) are ensured by the "fusermount" mount utility which is a
          setuid root application doing the actual mount operation.
      
       3) is ensured by a check in the permission() method in kernel
      
       I started thinking about doing 3) in a different way because Christoph
       H. made a big deal out of it, saying that FUSE is unacceptable into
       mainline in this form.
      
       The suggested use of private namespaces would be OK, but in their
       current form have many limitations that make their use impractical (as
       discussed in this thread).
      
       Suggested improvements that would address these limitations:
      
         - implement shared subtrees
      
         - allow a process to join an existing namespace (make namespaces
           first-class objects)
      
         - implement the namespace creation/joining in a PAM module
      
       With all that in place the check of owner against current->fsuid may
       be removed from the FUSE kernel module, without compromising the
       security requirements.
      
       Suid programs still interesting questions, since they get access even
       to the private namespace causing some information leak (exact
       order/timing of filesystem operations performed), giving some
       ptrace-like capabilities to unprivileged users.  BTW this problem is
       not strictly limited to the namespace approach, since suid programs
       setting fsuid and accessing users' files will succeed with the current
       approach too.
      Signed-off-by: NMiklos Szeredi <miklos@szeredi.hu>
      Signed-off-by: NAndrew Morton <akpm@osdl.org>
      Signed-off-by: NLinus Torvalds <torvalds@osdl.org>
      d8a5ba45