summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorCsaba Henk <csaba@redhat.com>2016-11-02 07:22:39 +0100
committerRaghavendra G <rgowdapp@redhat.com>2017-01-17 23:19:58 -0800
commit90cb8c49787d41a46e5b86d73bdc515f54aff4c0 (patch)
tree990006682f1b5592d2c0c7071ca035bdeed9c07c
parent2c03c753fe77dfadb7660ecb39fe0bbb6bad026f (diff)
fuse: limit fusermount fallback to EPERM cases
There are two mount mechanims for fuse: 1) Call mount(2) syscall directly -- implemented by fuse_mount_sys 2) Call out to fusermount(1) helper utilty to do the mount -- implemented by fuse_mount_fusermount [Note: both libfuse and glusterfs ships a variant of this helper utility; named, respectively, fusermount and fusermount-glusterfs. The two has diverged, and are not compatible at the moment.] The intended use of 1) is privileged mounting, ie. when root is invoking the glusterfs client. (It cannot work for non-privileged users as the kernel enforces privilege for mount(2), more precisely, caller context needs CAP_SYS_ADMIN, see capabilities(7).) The intended use of 2) is unprivileged mountig, ie. when the glusterfs client is invoked by an unprivileged user. The helper utility is a setuid binary, so it can perform mount(2) on behalf of the user. The main mount routine, gf_fuse_mount, calls fuse_mount_sys first, and if that fails, tries also with fuse_mount_fusermount. This is what we call "fusermount fallback". However, in the light of the above remarks about intended use, this logic should apply if the fuse_mount_fusermount fails because of a privilege shortage, ie. with error "Operation not permitted" (errno EPERM). So far the fallback was unconditional (masking bugs of fuser_mount_sys, as it happens in referred BUG). Now we add the "errno == EPERM" condition. BUG: 1297182 Change-Id: Ia89d975d1e27fcfa5ab2036ba546aa8fa0d2d1b0 Signed-off-by: Csaba Henk <csaba@redhat.com> Reviewed-on: http://review.gluster.org/15766 Smoke: Gluster Build System <jenkins@build.gluster.org> NetBSD-regression: NetBSD Build System <jenkins@build.gluster.org> CentOS-regression: Gluster Build System <jenkins@build.gluster.org>
-rw-r--r--contrib/fuse-lib/mount.c13
1 files changed, 9 insertions, 4 deletions
diff --git a/contrib/fuse-lib/mount.c b/contrib/fuse-lib/mount.c
index 1edde86014a..bfe28d3a26a 100644
--- a/contrib/fuse-lib/mount.c
+++ b/contrib/fuse-lib/mount.c
@@ -360,12 +360,17 @@ gf_fuse_mount (const char *mountpoint, char *fsname,
fd);
if (ret == -1) {
gf_log ("glusterfs-fuse", GF_LOG_INFO,
- "direct mount failed (%s) errno %d, "
- "retry to mount via fusermount",
+ "direct mount failed (%s) errno %d",
strerror (errno), errno);
- ret = fuse_mount_fusermount (mountpoint, fsname,
- mountflags, mnt_param, fd);
+ if (errno == EPERM) {
+ gf_log ("glusterfs-fuse", GF_LOG_INFO,
+ "retry to mount via fusermount");
+
+ ret = fuse_mount_fusermount (mountpoint, fsname,
+ mountflags,
+ mnt_param, fd);
+ }
}
if (ret == -1)