From: Kirill A. Korinsky <kirill@korins.ky>
Subject: Skip fuse FS by /usr/libexec/security
To: tech@openbsd.org
Date: Thu, 25 Apr 2024 13:05:28 +0200

Greetings,

With this diff security(8) skips not only non-local filesystem but also
filesystem which was moundted via FUSE.

diff --git libexec/security/security libexec/security/security
index 12ae7d631c3..caed0b71247 100644
--- libexec/security/security
+++ libexec/security/security
@@ -534,14 +534,14 @@ sub find_special_files {
 	%skip = map { $_ => 1 } split ' ', $ENV{SUIDSKIP}
 	    if $ENV{SUIDSKIP};
 
-	# Add mount points of non-local file systems
+	# Add mount points of non-local and fuse file systems
 	# to the list of directories to skip.
 	nag !(open my $fh, '-|', 'mount'),
 	    "cannot spawn mount: $!"
 	    and return;
 	while (<$fh>) {
-		my ($path, $opt) = /\son\s+(.*?)\s+type\s+\w+(.*)/;
-		push @fs, $path if $path && $opt =~ /local/ &&
+		my ($path, $type, $opt) = /\son\s+(.*?)\s+type\s+(\w+)\s+(.*)/;
+		push @fs, $path if $path && $opt =~ /local/ && $type == /fuse/ &&
 		    !($opt =~ /nodev/ && $opt =~ /nosuid/);
 	}
 	close_or_nag $fh, "mount" or return;


-- 
wbr, Kirill