Index | Thread | Search

From:
Ingo Schwarze <schwarze@usta.de>
Subject:
Re: Skip fuse FS by /usr/libexec/security
To:
"Kirill A. Korinsky" <kirill@korins.ky>
Cc:
tech@openbsd.org, mvs@openbsd.org
Date:
Wed, 15 May 2024 23:07:29 +0200

Download raw body.

Thread 
Hi,

Kirill A. Korinsky wrote on Wed, May 15, 2024 at 08:05:51PM +0100:
 
> The better approach to solve the same issue were suggested [1]
> [1]  https://marc.info/?t=171465050600003&r=1&w=2
> and merged already.
> 
> So, no need to mvoe forward with this one.

I see, thanks for the pointer.

While looking at this, i noticed the related documentation appears
to be a bit sparse.  So if anybody more familiar than me with the mount(2)
system call wants to have a look and provide patches or direction
for improving the manuals, that might be useful.

 * The mount(8) manual says
     If no arguments are given to mount, this list is printed.
   But it says nothing about the format of the list.
   While it isn't hard to guess that the format is
     special on node type type (options)
   the "options" part can include "local" and the precise
   meaning of that option appears to be undocumented.

 * According to "man -k any=MNT_LOCAL", the only page mentioning
   MNT_LOCAL is df(1), which seems suspicious for two reasons:
   Refering to a #define'd constant in a section 1 manual may be
   excessive technicality, and not mentioning a #define'd constant
   in section 2 or 3 may amount to a documentation gap, in particular
   when the constant is so important that even non-programmer users
   are expected to consider it.

 * The only APIs i can find that expose MNT_LOCAL to userland
   are statfs(2), getfsstat(2), and fhstatfs(2) - but don't take
   my word for it, i'm not quite familiar with this area.
   None of these three manual pages mentions MNT_LOCAL.

One final observation, concerning kernel code and not only documentation:
kern/vfs_init.c explicitly sets MNT_LOCAL on the MOUNT_FUSEFS entry
in vfsconflist[], while it does not do so for MOUNT_NFS.
Shortly after sys_mount() retrieves that entry with vfs_byname()
and vfs_mount_alloc() copies it to mp->mnt_flag, fusefs_mount()
in miscfs/fuse/fuse_vfsops.c unconditionally wipes it out saying:

	/* FUSE file system is not truly local. */
	mp->mnt_flag &= ~MNT_LOCAL;

That looks somewhat confusing to me, but it may well just be me;
there may be reasons for setting the flag in the top level VFS
configuration and then only clearing it when the real work begins,
i don't really have an idea...

Yours,
  Ingo