From nobody Fri Dec 19 15:55:33 2025 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id DAD3CC4332F for ; Sun, 16 Oct 2022 17:17:22 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229726AbiJPRRU (ORCPT ); Sun, 16 Oct 2022 13:17:20 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40062 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229694AbiJPRRR (ORCPT ); Sun, 16 Oct 2022 13:17:17 -0400 X-Greylist: delayed 977 seconds by postgrey-1.37 at lindbergh.monkeyblade.net; Sun, 16 Oct 2022 10:17:13 PDT Received: from mail.nightmared.fr (mail.nightmared.fr [51.158.148.24]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 0630B2EF04 for ; Sun, 16 Oct 2022 10:17:12 -0700 (PDT) Received: from localhost.localdomain (lfbn-tou-1-1359-241.w90-89.abo.wanadoo.fr [90.89.169.241]) by mail.nightmared.fr (Postfix) with ESMTPSA id 67B2D10809AB; Sun, 16 Oct 2022 17:00:54 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=nightmared.fr; s=docker; t=1665939654; bh=rFuWgWDJKl7wKLx6gi6Yjs/HLUNqC+F5W1fg2LDaI08=; h=From:To:Cc:Subject:Date; b=OQlTis/MwJ5XHf3DzPZYpj9JSjk/V+Q/+6TnDUBgBqB1VvpMyovQgj5XQOooKSWej UBpRbDmfAZJEqv+rRXoD8vXp0eBXuJehpaDUk1YwsXh2gIEnilQIwj5HWB++oLnm5L Wr/0u9hzDEMjTXiFpH+Pk+wGFWiz1HqShf58/OptpM8oWSbhc8OwTAs2AWiU8WiEh9 6epFgHGatpv43TdIAJjk0ztONN8UFBZdT4RQW6FWajl+HhUSQz8AkcAw21cq1YbGfW H1p6u5N34QSn8jFDdViLP4JsKb8JOHYldrkZ4/df1rQ+IRKAXSmRIle+UNawCTDG8u dW7KNVbDRgZ3g== From: Simon Thoby To: Miklos Szeredi Cc: Simon Thoby , CONZELMANN Francois , "Eric W . Biederman" , linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH] fuse: enable unprivileged mounts for fuseblk Date: Sun, 16 Oct 2022 19:00:46 +0200 Message-Id: <20221016170046.171936-1-work.viveris@nightmared.fr> X-Mailer: git-send-email 2.38.0 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" Commit 4ad769f3c346ec3d458e255548dec26ca5284cf6 ("fuse: Allow fully unprivileged mounts") enabled mounting filesystems with the 'fuse' type for any user with CAP_SYS_ADMIN inside their respective user namespace, but did not do so for the 'fuseblk' filesystem type. Some FUSE filesystems implementations - like ntfs-3g - prefer using 'fuseblk' over 'fuse', which imply unprivileged users could not use these tools - in their "out-of-the-box" configuration, as these tools can always be patched to use the 'fuse' filesystem type to circumvent the problem. Enable unprivileged mounts for the 'fuseblk' type, thus uniformizing the behavior of the two FUSE filesystem types. Signed-off-by: Simon Thoby --- fs/fuse/inode.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fs/fuse/inode.c b/fs/fuse/inode.c index 6b3beda16c1b..d17f87531dc8 100644 --- a/fs/fuse/inode.c +++ b/fs/fuse/inode.c @@ -1839,7 +1839,7 @@ static struct file_system_type fuseblk_fs_type =3D { .init_fs_context =3D fuse_init_fs_context, .parameters =3D fuse_fs_parameters, .kill_sb =3D fuse_kill_sb_blk, - .fs_flags =3D FS_REQUIRES_DEV | FS_HAS_SUBTYPE, + .fs_flags =3D FS_REQUIRES_DEV | FS_HAS_SUBTYPE | FS_USERNS_MOUNT, }; MODULE_ALIAS_FS("fuseblk"); =20 base-commit: 472c7791cc2b48010af3ce61ce76edbaa26500d2 --=20 2.38.0