lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <176169819000.1431292.8063152341472986305.stgit@frogsfrogsfrogs>
Date: Tue, 28 Oct 2025 17:42:36 -0700
From: "Darrick J. Wong" <djwong@...nel.org>
To: tytso@....edu
Cc: linux-fsdevel@...r.kernel.org, joannelkoong@...il.com, bernd@...ernd.com,
 neal@...pa.dev, miklos@...redi.hu, linux-ext4@...r.kernel.org
Subject: [PATCHSET v6 6/6] fuse4fs: run servers as a contained service

Hi all,

In this final series of the fuse-iomap prototype, we package the newly
created fuse4fs server into a systemd socket service.  This service can
be used by the "mount.service" helper in libfuse to implement untrusted
unprivileged mounts.

If you're going to start using this code, I strongly recommend pulling
from my git trees, which are linked below.

Comments and questions are, as always, welcome.

e2fsprogs git tree:
https://git.kernel.org/cgit/linux/kernel/git/djwong/e2fsprogs.git/log/?h=fuse4fs-service-container
---
Commits in this patchset:
 * libext2fs: fix MMP code to work with unixfd IO manager
 * fuse4fs: enable safe service mode
 * fuse4fs: set proc title when in fuse service mode
 * fuse4fs: set iomap backing device blocksize
 * fuse4fs: ask for loop devices when opening via fuservicemount
 * fuse4fs: make MMP work correctly in safe service mode
 * debian: update packaging for fuse4fs service
---
 lib/ext2fs/ext2fs.h         |    1 
 MCONFIG.in                  |    1 
 configure                   |  181 ++++++++++++++++++++
 configure.ac                |   69 ++++++++
 debian/e2fsprogs.install    |    7 +
 debian/fuse4fs.install      |    3 
 debian/rules                |    3 
 fuse4fs/Makefile.in         |   42 ++++-
 fuse4fs/fuse4fs.c           |  383 +++++++++++++++++++++++++++++++++++++++++--
 fuse4fs/fuse4fs.socket.in   |   17 ++
 fuse4fs/fuse4fs@...rvice.in |   95 +++++++++++
 lib/config.h.in             |    6 +
 lib/ext2fs/mmp.c            |   82 +++++++++
 util/subst.conf.in          |    2 
 14 files changed, 867 insertions(+), 25 deletions(-)
 mode change 100644 => 100755 debian/fuse4fs.install
 create mode 100644 fuse4fs/fuse4fs.socket.in
 create mode 100644 fuse4fs/fuse4fs@...rvice.in

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ