Hi,
I have a build tool that utilizes macfuse to create a virtual
filesystem. Because the tool records file access for each user process
we have access constrains and let only *our* processes access the
filesystem. Something like this:
static int fs_getaddr(path, stat) {
if (!allowed_process(fuse_get_context()->pid)) {
return -ENOENT;
}
... blah ...
}
The exact code of the fuse fs implementation you can find here
https://github.com/anatol/tup/blob/fuse/src/tup/server/fuse_fs.c
That code works fine on Linux. I enabled fuse debug logging and see
something like this:
FUSE library version: 2.8.1
nullpath_ok: 0
unique: 1, opcode: INIT (26), nodeid: 0, insize: 56
INIT: 7.13
flags=0x0000007b
max_readahead=0x00020000
INIT: 7.12
flags=0x00000011
max_readahead=0x00020000
max_write=0x00020000
unique: 1, success, outsize: 40
unique: 2, opcode: GETXATTR (22), nodeid: 1, insize: 68
unique: 2, error: -38 (Function not implemented), outsize: 16
unique: 3, opcode: ACCESS (34), nodeid: 1, insize: 48
access / 01
unique: 3, success, outsize: 16
unique: 4, opcode: LOOKUP (1), nodeid: 1, insize: 44
LOOKUP /usr
getattr /usr
NODEID: 2
unique: 4, success, outsize: 144
unique: 5, opcode: LOOKUP (1), nodeid: 2, insize: 46
LOOKUP works fine as it is initiated by user process.
But the same code fails on MacOSX 10.6.7 (macfuse from macports). Here
is the fuse log + process_id that gets access to the filesystem:
unique: 0, opcode: INIT (26), nodeid: 0, insize: 56
INIT: 7.8
flags=0x00000000
max_readahead=0x00100000
INIT: 7.8
flags=0x00000000
max_readahead=0x00100000
max_write=0x00400000
unique: 0, error: 0 (Unknown error: 0), outsize: 40
unique: 0, opcode: STATFS (17), nodeid: 1, insize: 40
statfs path=/, pid=90025
unique: 0, error: 0 (Unknown error: 0), outsize: 96
unique: 0, opcode: STATFS (17), nodeid: 1, insize: 40
statfs path=/, pid=90025
unique: 0, error: 0 (Unknown error: 0), outsize: 96
unique: 0, opcode: STATFS (17), nodeid: 1, insize: 40
statfs path=/, pid=26
unique: 0, error: 0 (Unknown error: 0), outsize: 96
unique: 0, opcode: STATFS (17), nodeid: 1, insize: 40
statfs path=/, pid=26
unique: 0, error: 0 (Unknown error: 0), outsize: 96
unique: 0, opcode: STATFS (17), nodeid: 1, insize: 40
statfs path=/, pid=26
unique: 0, error: 0 (Unknown error: 0), outsize: 96
unique: 0, opcode: STATFS (17), nodeid: 1, insize: 40
statfs path=/, pid=26
unique: 0, error: 0 (Unknown error: 0), outsize: 96
unique: 1, opcode: STATFS (17), nodeid: 1, insize: 40
statfs path=/, pid=2044
unique: 1, error: 0 (Unknown error: 0), outsize: 96
unique: 2, opcode: STATFS (17), nodeid: 1, insize: 40
statfs path=/, pid=2044
unique: 2, error: 0 (Unknown error: 0), outsize: 96
unique: 1, opcode: ACCESS (34), nodeid: 1, insize: 48
ACCESS / 00
unique: 1, error: 0 (Unknown error: 0), outsize: 16
unique: 2, opcode: STATFS (17), nodeid: 1, insize: 40
statfs path=/, pid=2080
unique: 2, error: 0 (Unknown error: 0), outsize: 96
unique: 0, opcode: GETATTR (3), nodeid: 1, insize: 40
getattr path=/, pid=2044
unique: 0, error: -2 (No such file or directory), outsize: 16
unique: 1, opcode: STATFS (17), nodeid: 1, insize: 40
statfs path=/, pid=2080
unique: 1, error: 0 (Unknown error: 0), outsize: 96
unique: 2, opcode: STATFS (17), nodeid: 1, insize: 40
statfs path=/, pid=2044
unique: 2, error: 0 (Unknown error: 0), outsize: 96
unique: 0, opcode: STATFS (17), nodeid: 1, insize: 40
statfs path=/, pid=2044
unique: 0, error: 0 (Unknown error: 0), outsize: 96
unique: 1, opcode: STATFS (17), nodeid: 1, insize: 40
statfs path=/, pid=2080
unique: 1, error: 0 (Unknown error: 0), outsize: 96
unique: 2, opcode: STATFS (17), nodeid: 1, insize: 40
statfs path=/, pid=2080
unique: 2, error: 0 (Unknown error: 0), outsize: 96
[ 0/3 ] src/tup/CC path.c
Users/anatol/sources/tup: Not a directory
What I see from the log:
- a bunch of processes tried to stat the root of the new filesystem.
This is ok - our function returns success.
- A process with id 2044 (Finder) tries to GETATTR on the root
directory and fails because we do not allow any other processes read
the directory.
- our process fails *without* accessing fuse filesystem
"Users/anatol/sources/tup: Not a directory". It does not even tries to
GETATTR it.
I removed security check from fs_getattr and then the function works
more or less fine http://pastie.org/1823106
All this information above makes me believe that Finder needs access
to the new filesystem, and if it does not have it - then it reports to
the kernel that fs is not available. Is it true? If so what is the
best way to workaround "filesystem is not available issue"? I would
prefer something like:
if (user == root and access_path=='/')
then bypass security check
else check process access permissions
And my question: how to get information about the original process -
how to define whether the original process is privileged (if I
understand correctly Finder and all other core processes are
privileged, right)?
--
You received this message because you are subscribed to the Google Groups
"MacFUSE" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/macfuse?hl=en.
