2015-12-21 05:52:30 +08:00
|
|
|
libfuse
|
|
|
|
=======
|
|
|
|
|
|
|
|
About
|
|
|
|
-----
|
|
|
|
|
|
|
|
FUSE (Filesystem in Userspace) is an interface for userspace programs
|
|
|
|
to export a filesystem to the Linux kernel. The FUSE project consists
|
|
|
|
of two components: the *fuse* kernel module (maintained in the regular
|
|
|
|
kernel repositories) and the *libfuse* userspace library (maintained
|
|
|
|
in this repository). libfuse provides the reference implementation
|
|
|
|
for communicating with the FUSE kernel module.
|
|
|
|
|
|
|
|
A FUSE file system is typically implemented as a standalone
|
|
|
|
application that links with libfuse. libfuse provides functions to
|
|
|
|
mount the file system, unmount it, read requests from the kernel, and
|
|
|
|
send responses back. libfuse offers two APIs: a "high-level",
|
|
|
|
synchronous API, and a "low-level" asynchronous API. In both cases,
|
|
|
|
incoming requests from the kernel are passed to the main program using
|
|
|
|
callbacks. When using the high-level API, the callbacks may work with
|
|
|
|
file names and paths instead of inodes, and processing of a request
|
|
|
|
finishes when the callback function returns. When using the low-level
|
|
|
|
API, the callbacks must work with inodes and responses must be sent
|
|
|
|
explicitly using a separate set of API functions.
|
|
|
|
|
|
|
|
|
2017-06-06 21:31:50 +08:00
|
|
|
Supported Platforms
|
|
|
|
-------------------
|
|
|
|
|
|
|
|
* Linux (fully)
|
|
|
|
* BSD (mostly/best-effort)
|
|
|
|
* For OS-X, please use [OSXFUSE](https://osxfuse.github.io/)
|
|
|
|
|
|
|
|
|
2015-12-21 05:52:30 +08:00
|
|
|
Installation
|
|
|
|
------------
|
|
|
|
|
2015-12-22 11:17:47 +08:00
|
|
|
You can download libfuse from
|
2017-01-06 01:37:00 +08:00
|
|
|
https://github.com/libfuse/libfuse/releases. To build and install, we
|
2018-10-16 21:06:19 +08:00
|
|
|
recommend to use [Meson](http://mesonbuild.com/) and
|
|
|
|
[Ninja](https://ninja-build.org). After extracting the libfuse
|
|
|
|
tarball, create a (temporary) build directory and run Meson:
|
2015-12-22 11:17:47 +08:00
|
|
|
|
2017-09-12 21:01:04 +08:00
|
|
|
$ mkdir build; cd build
|
2017-01-06 01:37:00 +08:00
|
|
|
$ meson ..
|
2015-12-21 05:52:30 +08:00
|
|
|
|
2017-01-06 01:37:00 +08:00
|
|
|
Normally, the default build options will work fine. If you
|
|
|
|
nevertheless want to adjust them, you can do so with the *mesonconf*
|
|
|
|
command:
|
2016-03-30 06:30:57 +08:00
|
|
|
|
2017-01-06 01:37:00 +08:00
|
|
|
$ mesonconf # list options
|
|
|
|
$ mesonconf -D disable-mtab=true # set an option
|
2016-03-30 06:30:57 +08:00
|
|
|
|
2017-01-06 01:37:00 +08:00
|
|
|
To build, test and install libfuse, you then use Ninja:
|
|
|
|
|
|
|
|
$ ninja
|
2017-04-11 08:08:58 +08:00
|
|
|
$ sudo python3 -m pytest test/
|
2017-01-06 01:37:00 +08:00
|
|
|
$ sudo ninja install
|
|
|
|
|
|
|
|
Running the tests requires the [py.test](http://www.pytest.org/)
|
|
|
|
Python module. Instead of running the tests as root, the majority of
|
2017-04-11 08:08:58 +08:00
|
|
|
tests can also be run as a regular user if *util/fusermount3* is made
|
|
|
|
setuid root first:
|
2017-01-06 01:37:00 +08:00
|
|
|
|
|
|
|
$ sudo chown root:root util/fusermount3
|
|
|
|
$ sudo chmod 4755 util/fusermount3
|
2017-04-11 08:08:58 +08:00
|
|
|
$ python3 -m pytest test/
|
2017-01-06 01:37:00 +08:00
|
|
|
|
2015-12-21 05:52:30 +08:00
|
|
|
Security implications
|
|
|
|
---------------------
|
|
|
|
|
2017-01-06 01:37:00 +08:00
|
|
|
The *fusermount3* program is installed setuid root. This is done to
|
|
|
|
allow normal users to mount their own filesystem implementations.
|
2015-12-21 05:52:30 +08:00
|
|
|
|
2017-01-13 02:10:34 +08:00
|
|
|
To limit the harm that malicious users can do this way, *fusermount3*
|
|
|
|
enforces the following limitations:
|
2015-12-21 05:52:30 +08:00
|
|
|
|
2017-01-13 02:10:34 +08:00
|
|
|
- The user can only mount on a mountpoint for which he has write
|
2015-12-21 05:52:30 +08:00
|
|
|
permission
|
|
|
|
|
2017-01-13 02:10:34 +08:00
|
|
|
- The mountpoint must not be a sticky directory which isn't owned by
|
|
|
|
the user (like /tmp usually is)
|
2015-12-21 05:52:30 +08:00
|
|
|
|
2016-02-02 01:08:26 +08:00
|
|
|
- No other user (including root) can access the contents of the
|
|
|
|
mounted filesystem (though this can be relaxed by allowing the use
|
2017-01-13 02:10:34 +08:00
|
|
|
of the *allow_other* and *allow_root* mount options in
|
|
|
|
*/etc/fuse.conf*)
|
|
|
|
|
|
|
|
|
|
|
|
If you intend to use the *allow_other* mount options, be aware that
|
|
|
|
FUSE has an unresolved [security
|
|
|
|
bug](https://github.com/libfuse/libfuse/issues/15): if the
|
|
|
|
*default_permissions* mount option is not used, the results of the
|
|
|
|
first permission check performed by the file system for a directory
|
|
|
|
entry will be re-used for subsequent accesses as long as the inode of
|
|
|
|
the accessed entry is present in the kernel cache - even if the
|
|
|
|
permissions have since changed, and even if the subsequent access is
|
|
|
|
made by a different user. This is of little concern if the filesystem
|
|
|
|
is accessible only to the mounting user (which has full access to the
|
|
|
|
filesystem anyway), but becomes a security issue when other users are
|
|
|
|
allowed to access the filesystem (since they can exploit this to
|
|
|
|
perform operations on the filesystem that they do not actually have
|
|
|
|
permissions for).
|
2016-02-02 01:08:26 +08:00
|
|
|
|
2017-01-13 02:10:34 +08:00
|
|
|
This bug needs to be fixed in the Linux kernel and has been known
|
|
|
|
since 2006 but unfortunately no fix has been applied yet. If you
|
|
|
|
depend on correct permission handling for FUSE file systems, the only
|
|
|
|
workaround is to use `default_permissions` (which does not currently
|
|
|
|
support ACLs), or to completely disable caching of directory entry
|
|
|
|
attributes.
|
2015-12-21 05:52:30 +08:00
|
|
|
|
|
|
|
Building your own filesystem
|
|
|
|
------------------------------
|
|
|
|
|
|
|
|
FUSE comes with several example file systems in the `examples`
|
2016-10-17 06:05:57 +08:00
|
|
|
directory. For example, the *passthrough* examples mirror the contents
|
|
|
|
of the root directory under the mountpoint. Start from there and adapt
|
2015-12-21 05:52:30 +08:00
|
|
|
the code!
|
|
|
|
|
|
|
|
The documentation of the API functions and necessary callbacks is
|
|
|
|
mostly contained in the files `include/fuse.h` (for the high-level
|
2016-01-29 10:00:24 +08:00
|
|
|
API) and `include/fuse_lowlevel.h` (for the low-level API). An
|
|
|
|
autogenerated html version of the API is available in the `doc/html`
|
|
|
|
directory and at http://libfuse.github.io/doxygen.
|
2015-12-21 05:52:30 +08:00
|
|
|
|
|
|
|
|
|
|
|
Getting Help
|
|
|
|
------------
|
|
|
|
|
|
|
|
If you need help, please ask on the <fuse-devel@lists.sourceforge.net>
|
|
|
|
mailing list (subscribe at
|
|
|
|
https://lists.sourceforge.net/lists/listinfo/fuse-devel).
|
|
|
|
|
|
|
|
Please report any bugs on the GitHub issue tracker at
|
2015-12-22 11:17:47 +08:00
|
|
|
https://github.com/libfuse/libfuse/issues.
|
2017-07-06 18:40:31 +08:00
|
|
|
|
|
|
|
|
|
|
|
Professional Support
|
|
|
|
--------------------
|
|
|
|
|
2017-11-28 03:53:09 +08:00
|
|
|
Professional support is offered via [Rath
|
|
|
|
Consulting](http://www.rath-consulting.biz).
|