fix
diff --git a/lib/fuse.c b/lib/fuse.c
index 82adeb2..9659a0d 100644
--- a/lib/fuse.c
+++ b/lib/fuse.c
@@ -35,6 +35,9 @@
/** Use st_ino field in getattr instead of generating inode numbers */
#define FUSE_USE_INO (1 << 3)
+/** Only allow root or the owner to access the filesystem */
+#define FUSE_ALLOW_ROOT (1 << 4)
+
#define FUSE_KERNEL_MINOR_VERSION_NEED 1
#define FUSE_VERSION_FILE_OLD "/proc/fs/fuse/version"
#define FUSE_VERSION_FILE_NEW "/sys/fs/fuse/version"
@@ -1765,6 +1768,15 @@
goto out;
}
+ if ((f->flags & FUSE_ALLOW_ROOT) && in->uid != f->owner && in->uid != 0 &&
+ in->opcode != FUSE_INIT && in->opcode != FUSE_READ &&
+ in->opcode != FUSE_WRITE && in->opcode != FUSE_FSYNC &&
+ in->opcode != FUSE_RELEASE && in->opcode != FUSE_READDIR &&
+ in->opcode != FUSE_FSYNCDIR && in->opcode != FUSE_RELEASEDIR) {
+ send_reply(f, in, -EACCES, NULL, 0);
+ goto out;
+ }
+
ctx->fuse = f;
ctx->uid = in->uid;
ctx->gid = in->gid;
@@ -2000,7 +2012,8 @@
{
if (strcmp(opt, "debug") == 0 ||
strcmp(opt, "hard_remove") == 0 ||
- strcmp(opt, "use_ino") == 0)
+ strcmp(opt, "use_ino") == 0 ||
+ strcmp(opt, "allow_root") == 0)
return 1;
else
return 0;
@@ -2025,6 +2038,8 @@
f->flags |= FUSE_HARD_REMOVE;
else if (strcmp(opt, "use_ino") == 0)
f->flags |= FUSE_USE_INO;
+ else if (strcmp(opt, "allow_root") == 0)
+ f->flags |= FUSE_ALLOW_ROOT;
else
fprintf(stderr, "fuse: warning: unknown option `%s'\n", opt);
}
@@ -2100,6 +2115,8 @@
root->refctr = 1;
hash_id(f, root);
+ f->owner = getuid();
+
return f;
out_free_root: