summaryrefslogtreecommitdiffhomepage
path: root/pkg/sentry/fsimpl/host
diff options
context:
space:
mode:
authorRahat Mahmood <rahat@google.com>2021-03-11 17:54:53 -0800
committergVisor bot <gvisor-bot@google.com>2021-03-11 17:59:13 -0800
commit192318a2316d84a3de9d28c29fbc73aae3e75206 (patch)
tree1d1d61fc5b34289e6c1744b6e32610a6938f872a /pkg/sentry/fsimpl/host
parenta7197c9c688fdfc2d37005063d3f6dbf9cef2341 (diff)
fusefs: Implement default_permissions and allow_other mount options.
By default, fusefs defers node permission checks to the server. The default_permissions mount option enables the usual unix permission checks based on the node owner and mode bits. Previously fusefs was incorrectly checking permissions unconditionally. Additionally, fusefs should restrict filesystem access to processes started by the mount owner to prevent the fuse daemon from gaining priviledge over other processes. The allow_other mount option overrides this behaviour. Previously fusefs was incorrectly skipping this check. Updates #3229 PiperOrigin-RevId: 362419092
Diffstat (limited to 'pkg/sentry/fsimpl/host')
0 files changed, 0 insertions, 0 deletions