fuse: limit fusermount fallback to EPERM cases

There are two mount mechanims for fuse: 1) Call mount(2) syscall directly -- implemented by fuse_mount_sys 2) Call out to fusermount(1) helper utilty to do the mount -- implemented by fuse_mount_fusermount [Note: both libfuse and glusterfs ships a variant of this helper utility; named, respectively, fusermount and fusermount-glusterfs. The two has diverged, and are not compatible at the moment.] The intended use of 1) is privileged mounting, ie. when root is invoking the glusterfs client. (It cannot work for non-privileged users as the kernel enforces privilege for mount(2), more precisely, caller context needs CAP_SYS_ADMIN, see capabilities(7).) The intended use of 2) is unprivileged mountig, ie. when the glusterfs client is invoked by an unprivileged user. The helper utility is a setuid binary, so it can perform mount(2) on behalf of the user. The main mount routine, gf_fuse_mount, calls fuse_mount_sys first, and if that fails, tries also with fuse_mount_fusermount. This is what we call "fusermount fallback". However, in the light of the above remarks about intended use, this logic should apply if the fuse_mount_fusermount fails because of a privilege shortage, ie. with error "Operation not permitted" (errno EPERM). So far the fallback was unconditional (masking bugs of fuser_mount_sys, as it happens in referred BUG). Now we add the "errno == EPERM" condition. BUG: 1297182 Change-Id: Ia89d975d1e27fcfa5ab2036ba546aa8fa0d2d1b0 Signed-off-by: Csaba Henk <csaba@redhat.com> Reviewed-on: http://review.gluster.org/15766 Smoke: Gluster Build System <jenkins@build.gluster.org> NetBSD-regression: NetBSD Build System <jenkins@build.gluster.org> CentOS-regression: Gluster Build System <jenkins@build.gluster.org>
2016-11-02 07:22:39 +01:00 · 2016-11-02 07:22:39 +01:00 · 90cb8c4978
commit 90cb8c4978
parent 2c03c753fe
1 changed files with 9 additions and 4 deletions
--- a/contrib/fuse-lib/mount.c
+++ b/contrib/fuse-lib/mount.c
@ -360,12 +360,17 @@ gf_fuse_mount (const char *mountpoint, char *fsname,
                                      fd);
                if (ret == -1) {
                        gf_log ("glusterfs-fuse", GF_LOG_INFO,
-                                "direct mount failed (%s) errno %d, "
-                                "retry to mount via fusermount",
+                                "direct mount failed (%s) errno %d",
                                strerror (errno), errno);

-                        ret = fuse_mount_fusermount (mountpoint, fsname,
-                                                     mountflags, mnt_param, fd);
+                        if (errno == EPERM) {
+                                gf_log ("glusterfs-fuse", GF_LOG_INFO,
+                                        "retry to mount via fusermount");
+
+                                ret = fuse_mount_fusermount (mountpoint, fsname,
+                                                             mountflags,
+                                                             mnt_param, fd);
+                        }
                }

                if (ret == -1)