2015-12-21 05:52:30 +08:00
|
|
|
libfuse
|
|
|
|
=======
|
|
|
|
|
|
|
|
About
|
|
|
|
-----
|
|
|
|
|
|
|
|
FUSE (Filesystem in Userspace) is an interface for userspace programs
|
|
|
|
to export a filesystem to the Linux kernel. The FUSE project consists
|
|
|
|
of two components: the *fuse* kernel module (maintained in the regular
|
|
|
|
kernel repositories) and the *libfuse* userspace library (maintained
|
|
|
|
in this repository). libfuse provides the reference implementation
|
|
|
|
for communicating with the FUSE kernel module.
|
|
|
|
|
|
|
|
A FUSE file system is typically implemented as a standalone
|
|
|
|
application that links with libfuse. libfuse provides functions to
|
|
|
|
mount the file system, unmount it, read requests from the kernel, and
|
|
|
|
send responses back. libfuse offers two APIs: a "high-level",
|
|
|
|
synchronous API, and a "low-level" asynchronous API. In both cases,
|
|
|
|
incoming requests from the kernel are passed to the main program using
|
|
|
|
callbacks. When using the high-level API, the callbacks may work with
|
|
|
|
file names and paths instead of inodes, and processing of a request
|
|
|
|
finishes when the callback function returns. When using the low-level
|
|
|
|
API, the callbacks must work with inodes and responses must be sent
|
|
|
|
explicitly using a separate set of API functions.
|
|
|
|
|
|
|
|
|
2019-04-30 02:55:56 +08:00
|
|
|
Development Status
|
|
|
|
------------------
|
|
|
|
|
|
|
|
libfuse is shipped by all major Linux distributions and has been in
|
|
|
|
production use across a wide range of systems for many years. However,
|
|
|
|
at present libfuse does not have any active, regular contributors. The
|
|
|
|
current maintainer continues to apply pull requests and makes regular
|
|
|
|
releases, but unfortunately has no capacity to do any development
|
|
|
|
beyond addressing high-impact issues. When reporting bugs, please
|
|
|
|
understand that unless you are including a pull request or are
|
|
|
|
reporting a critical issue, you will probably not get a response. If
|
2021-01-12 18:41:35 +08:00
|
|
|
you are using libfuse, please consider contributing to the project.
|
2019-04-30 02:55:56 +08:00
|
|
|
|
|
|
|
|
2017-06-06 21:31:50 +08:00
|
|
|
Supported Platforms
|
|
|
|
-------------------
|
|
|
|
|
|
|
|
* Linux (fully)
|
|
|
|
* BSD (mostly/best-effort)
|
|
|
|
* For OS-X, please use [OSXFUSE](https://osxfuse.github.io/)
|
|
|
|
|
|
|
|
|
2015-12-21 05:52:30 +08:00
|
|
|
Installation
|
|
|
|
------------
|
|
|
|
|
2015-12-22 11:17:47 +08:00
|
|
|
You can download libfuse from
|
2021-01-12 18:41:35 +08:00
|
|
|
https://github.com/libfuse/libfuse/releases. To build and install, you
|
|
|
|
must use [Meson](http://mesonbuild.com/) and
|
2023-07-05 18:03:07 +08:00
|
|
|
[Ninja](https://ninja-build.org). After downloading the tarball, verify
|
|
|
|
it using [signify])(https://www.openbsd.org/papers/bsdcan-signify.html):
|
2015-12-22 11:17:47 +08:00
|
|
|
|
2023-07-05 18:03:07 +08:00
|
|
|
signify -V -z -m fuse-X.Y.Z.tar.gz -p fuse-X.Y.pub
|
|
|
|
|
|
|
|
The `fuse-X.Y.pub` file contains the signing key and needs to be obtained from a
|
|
|
|
trustworthy source. Each libfuse release contains the signing key for the release after it
|
|
|
|
in the `signify` directory, so you only need to manually acquire this file once when you
|
|
|
|
install libfuse for the first time.
|
|
|
|
|
|
|
|
After you have validated the tarball, extract it, create a (temporary) build directory and
|
|
|
|
run Meson:
|
|
|
|
|
|
|
|
$ tar xzf fuse-X.Y.Z.tar.gz; cd fuse-X.Y.Z
|
2017-09-12 21:01:04 +08:00
|
|
|
$ mkdir build; cd build
|
2023-03-29 11:07:04 +08:00
|
|
|
$ meson setup ..
|
2015-12-21 05:52:30 +08:00
|
|
|
|
2017-01-06 01:37:00 +08:00
|
|
|
Normally, the default build options will work fine. If you
|
2020-07-03 19:28:05 +08:00
|
|
|
nevertheless want to adjust them, you can do so with the
|
|
|
|
*meson configure* command:
|
2016-03-30 06:30:57 +08:00
|
|
|
|
2020-07-03 19:28:05 +08:00
|
|
|
$ meson configure # list options
|
|
|
|
$ meson configure -D disable-mtab=true # set an option
|
2016-03-30 06:30:57 +08:00
|
|
|
|
2021-01-12 18:41:35 +08:00
|
|
|
To build, test, and install libfuse, you then use Ninja:
|
2017-01-06 01:37:00 +08:00
|
|
|
|
|
|
|
$ ninja
|
2017-04-11 08:08:58 +08:00
|
|
|
$ sudo python3 -m pytest test/
|
2017-01-06 01:37:00 +08:00
|
|
|
$ sudo ninja install
|
|
|
|
|
|
|
|
Running the tests requires the [py.test](http://www.pytest.org/)
|
|
|
|
Python module. Instead of running the tests as root, the majority of
|
2017-04-11 08:08:58 +08:00
|
|
|
tests can also be run as a regular user if *util/fusermount3* is made
|
|
|
|
setuid root first:
|
2017-01-06 01:37:00 +08:00
|
|
|
|
|
|
|
$ sudo chown root:root util/fusermount3
|
|
|
|
$ sudo chmod 4755 util/fusermount3
|
2017-04-11 08:08:58 +08:00
|
|
|
$ python3 -m pytest test/
|
2017-01-06 01:37:00 +08:00
|
|
|
|
2015-12-21 05:52:30 +08:00
|
|
|
Security implications
|
|
|
|
---------------------
|
|
|
|
|
2017-01-06 01:37:00 +08:00
|
|
|
The *fusermount3* program is installed setuid root. This is done to
|
|
|
|
allow normal users to mount their own filesystem implementations.
|
2015-12-21 05:52:30 +08:00
|
|
|
|
2017-01-13 02:10:34 +08:00
|
|
|
To limit the harm that malicious users can do this way, *fusermount3*
|
|
|
|
enforces the following limitations:
|
2015-12-21 05:52:30 +08:00
|
|
|
|
2019-10-25 05:46:19 +08:00
|
|
|
- The user can only mount on a mountpoint for which they have write
|
2015-12-21 05:52:30 +08:00
|
|
|
permission
|
|
|
|
|
2017-01-13 02:10:34 +08:00
|
|
|
- The mountpoint must not be a sticky directory which isn't owned by
|
|
|
|
the user (like /tmp usually is)
|
2015-12-21 05:52:30 +08:00
|
|
|
|
2016-02-02 01:08:26 +08:00
|
|
|
- No other user (including root) can access the contents of the
|
|
|
|
mounted filesystem (though this can be relaxed by allowing the use
|
2017-01-13 02:10:34 +08:00
|
|
|
of the *allow_other* and *allow_root* mount options in
|
|
|
|
*/etc/fuse.conf*)
|
|
|
|
|
|
|
|
|
|
|
|
If you intend to use the *allow_other* mount options, be aware that
|
|
|
|
FUSE has an unresolved [security
|
|
|
|
bug](https://github.com/libfuse/libfuse/issues/15): if the
|
|
|
|
*default_permissions* mount option is not used, the results of the
|
|
|
|
first permission check performed by the file system for a directory
|
|
|
|
entry will be re-used for subsequent accesses as long as the inode of
|
|
|
|
the accessed entry is present in the kernel cache - even if the
|
|
|
|
permissions have since changed, and even if the subsequent access is
|
|
|
|
made by a different user. This is of little concern if the filesystem
|
|
|
|
is accessible only to the mounting user (which has full access to the
|
|
|
|
filesystem anyway), but becomes a security issue when other users are
|
|
|
|
allowed to access the filesystem (since they can exploit this to
|
|
|
|
perform operations on the filesystem that they do not actually have
|
|
|
|
permissions for).
|
2016-02-02 01:08:26 +08:00
|
|
|
|
2017-01-13 02:10:34 +08:00
|
|
|
This bug needs to be fixed in the Linux kernel and has been known
|
|
|
|
since 2006 but unfortunately no fix has been applied yet. If you
|
|
|
|
depend on correct permission handling for FUSE file systems, the only
|
|
|
|
workaround is to use `default_permissions` (which does not currently
|
|
|
|
support ACLs), or to completely disable caching of directory entry
|
|
|
|
attributes.
|
2015-12-21 05:52:30 +08:00
|
|
|
|
|
|
|
Building your own filesystem
|
|
|
|
------------------------------
|
|
|
|
|
2020-07-03 19:29:48 +08:00
|
|
|
FUSE comes with several example file systems in the `example`
|
2016-10-17 06:05:57 +08:00
|
|
|
directory. For example, the *passthrough* examples mirror the contents
|
|
|
|
of the root directory under the mountpoint. Start from there and adapt
|
2015-12-21 05:52:30 +08:00
|
|
|
the code!
|
|
|
|
|
|
|
|
The documentation of the API functions and necessary callbacks is
|
|
|
|
mostly contained in the files `include/fuse.h` (for the high-level
|
2016-01-29 10:00:24 +08:00
|
|
|
API) and `include/fuse_lowlevel.h` (for the low-level API). An
|
|
|
|
autogenerated html version of the API is available in the `doc/html`
|
|
|
|
directory and at http://libfuse.github.io/doxygen.
|
2015-12-21 05:52:30 +08:00
|
|
|
|
|
|
|
|
|
|
|
Getting Help
|
|
|
|
------------
|
|
|
|
|
|
|
|
If you need help, please ask on the <fuse-devel@lists.sourceforge.net>
|
|
|
|
mailing list (subscribe at
|
|
|
|
https://lists.sourceforge.net/lists/listinfo/fuse-devel).
|
|
|
|
|
|
|
|
Please report any bugs on the GitHub issue tracker at
|
2015-12-22 11:17:47 +08:00
|
|
|
https://github.com/libfuse/libfuse/issues.
|