From 66bbbf25528f51689c44bd3a51561acac7ad198c Mon Sep 17 00:00:00 2001 From: Radu Marias Date: Tue, 20 Aug 2024 01:41:37 +0300 Subject: [PATCH] add read-only CLI arg --- java-bridge/Cargo.lock | 2 +- src/mount/linux.rs | 38 ++++---------------------------------- src/run.rs | 22 ++-------------------- 3 files changed, 7 insertions(+), 55 deletions(-) diff --git a/java-bridge/Cargo.lock b/java-bridge/Cargo.lock index ae9235d..9b18f65 100644 --- a/java-bridge/Cargo.lock +++ b/java-bridge/Cargo.lock @@ -1644,7 +1644,7 @@ checksum = "7a66a03ae7c801facd77a29370b4faec201768915ac14a721ba36f20bc9c209b" [[package]] name = "rencfs" -version = "0.13.63" +version = "0.13.65" dependencies = [ "anyhow", "argon2", diff --git a/src/mount/linux.rs b/src/mount/linux.rs index 1cba7c5..2e91a58 100644 --- a/src/mount/linux.rs +++ b/src/mount/linux.rs @@ -53,9 +53,6 @@ const FMODE_EXEC: i32 = 0x20; // const MAX_NAME_LENGTH: u32 = 255 - ENCRYPT_FILENAME_OVERHEAD_CHARS as u32; -// Flags returned by the open request -const FOPEN_DIRECT_IO: u32 = 1 << 0; // bypass page cache for this open file - pub struct DirectoryEntryIterator(crate::encryptedfs::DirectoryEntryIterator, u64); impl Iterator for DirectoryEntryIterator { @@ -133,8 +130,6 @@ impl Iterator for DirectoryEntryPlusIterator { pub struct EncryptedFsFuse3 { fs: Arc, - direct_io: bool, - suid_support: bool, } impl EncryptedFsFuse3 { @@ -142,25 +137,10 @@ impl EncryptedFsFuse3 { data_dir: PathBuf, password_provider: Box, cipher: Cipher, - direct_io: bool, - #[allow(unused_variables)] suid_support: bool, ) -> FsResult { - // #[cfg(feature = "abi-7-26")] - // { - // Ok(Self { - // fs: EncryptedFs::new(data_dir, password_provider, cipher).await?, - // direct_io, - // suid_support, - // }) - // } - // #[cfg(not(feature = "abi-7-26"))] - // { Ok(Self { fs: EncryptedFs::new(data_dir, password_provider, cipher).await?, - direct_io, - suid_support, }) - // } } fn get_fs(&self) -> Arc { @@ -169,11 +149,7 @@ impl EncryptedFsFuse3 { #[allow(clippy::cast_possible_truncation)] const fn creation_mode(&self, mode: u32) -> u16 { - if self.suid_support { - mode as u16 - } else { - (mode & !(libc::S_ISUID | libc::S_ISGID)) as u16 - } + (mode & !(libc::S_ISUID | libc::S_ISGID)) as u16 } #[instrument(skip(self, name), fields(name = name.to_str().unwrap()), err(level = Level::WARN), ret(level = Level::DEBUG))] @@ -933,7 +909,6 @@ impl Filesystem for EncryptedFsFuse3 { EIO })?; } - let open_flags = if self.direct_io { FOPEN_DIRECT_IO } else { 0 }; let fh = self .get_fs() .open(inode, read, write) @@ -942,10 +917,7 @@ impl Filesystem for EncryptedFsFuse3 { error!(err = %err); EIO })?; - Ok(ReplyOpen { - fh, - flags: open_flags, - }) + Ok(ReplyOpen { fh, flags: 0 }) } else { return Err(EACCES.into()); } @@ -1102,10 +1074,9 @@ impl Filesystem for EncryptedFsFuse3 { }; if check_access(attr.uid, attr.gid, attr.perm, req.uid, req.gid, access_mask) { - let open_flags = if self.direct_io { FOPEN_DIRECT_IO } else { 0 }; Ok(ReplyOpen { fh: 0, // we don't use handles for directories - flags: open_flags, + flags: 0, }) } else { return Err(EACCES.into()); @@ -1485,8 +1456,7 @@ async fn mount_fuse( info!("Checking password and mounting FUSE filesystem"); Ok(Session::new(mount_options) .mount_with_unprivileged( - EncryptedFsFuse3::new(data_dir, password_provider, cipher, direct_io, suid_support) - .await?, + EncryptedFsFuse3::new(data_dir, password_provider, cipher).await?, mount_path, ) .await?) diff --git a/src/run.rs b/src/run.rs index f9d3d20..b3d1bb8 100644 --- a/src/run.rs +++ b/src/run.rs @@ -155,7 +155,7 @@ fn get_cli_args() -> ArgMatches { .arg( Arg::new("allow-root") .long("allow-root") - .short('r') + .short('s') .action(ArgAction::SetTrue) .requires("mount-point") .requires("data-dir") @@ -170,28 +170,10 @@ fn get_cli_args() -> ArgMatches { .requires("data-dir") .help("Allow other user to access filesystem"), ) - .arg( - Arg::new("direct-io") - .long("direct-io") - .short('i') - .action(ArgAction::SetTrue) - .requires("mount-point") - .requires("data-dir") - .help("Use direct I/O (bypass page cache for an open file)"), - ) - .arg( - Arg::new("suid") - .long("suid") - .short('s') - .action(ArgAction::SetTrue) - .requires("mount-point") - .requires("data-dir") - .help("If it should allow setting SUID and SGID when files are created. Default is false and it will unset those flags when creating files"), - ) .arg( Arg::new("read-only") .long("read-only") - .short('e') + .short('r') .action(ArgAction::SetTrue) .requires("mount-point") .requires("data-dir")