Commit graph

69 commits

Author SHA1 Message Date
Guillaume Girol
0c9ed22e64
Merge pull request #119562 from symphorien/fusermountsetuid
fuse: fix mount.fuse -o setuid=...
2021-04-30 14:26:39 +00:00
Symphorien Gibol
fbb8dbdac6 fuse: fix mount.fuse -o setuid=...
when mounting a fuse fs by fstab on can write:
/nix/store/sdlflj/bin/somefuseexe#argument /mountpoint fuse setuid=someuser

mount is run by root, and setuid is a way to tell mount.fuse to run
somefuseexe as someuser instead. Under the hood, mount.fuse uses su.
The problem is that mount is run by systemd in a seemingly very empty
environment not containing /run/current-system/sw/bin nor
/run/wrappers/bin in $PATH, so mount fails with "su command not found".

We now patch the command to run su with an absolute path.

man mount.fuse3 indicates that this option is reserved to root (or with
enough capabilities) so not using
/run/wrappers/bin/su is thus correct. It has the very small advantage of
possibly working on non nixos.
2021-04-17 21:51:40 +02:00
Michael Weiss
4e90ff6e61
fuse3: 3.10.2 -> 3.10.3 2021-04-12 13:45:51 +02:00
Michael Weiss
df9dac5e77
fuse3: 3.10.1 -> 3.10.2 (#112016) 2021-02-06 11:52:09 +01:00
Ben Siraphob
16d91ee628 pkgs/os-specific: stdenv.lib -> lib 2021-01-17 23:26:08 +07:00
Profpatsch
4a7f99d55d treewide: with stdenv.lib; in meta -> with lib;
Part of: https://github.com/NixOS/nixpkgs/issues/108938

meta = with stdenv.lib;

is a widely used pattern. We want to slowly remove
the `stdenv.lib` indirection and encourage people
to use `lib` directly. Thus let’s start with the meta
field.

This used a rewriting script to mostly automatically
replace all occurances of this pattern, and add the
`lib` argument to the package header if it doesn’t
exist yet.

The script in its current form is available at
https://cs.tvl.fyi/depot@2f807d7f141068d2d60676a89213eaa5353ca6e0/-/blob/users/Profpatsch/nixpkgs-rewriter/default.nix
2021-01-11 10:38:22 +01:00
Michael Weiss
101c5a96ad
fuse3: 3.10.0 -> 3.10.1 (#106162) 2020-12-07 16:37:19 +01:00
Graham Christensen
bc49a0815a
utillinux: rename to util-linux 2020-11-24 12:42:06 -05:00
Michael Weiss
33473c422c
fuse3: 3.9.4 -> 3.10.0 (#100075) 2020-10-10 12:51:49 +02:00
Michael Weiss
a3c71c3e5d
fuse3: 3.9.2 -> 3.9.4 (#95072)
Note: Version 3.9.3 and 3.9.4 are equivalent:
"This was an "accidental" release, it is equivalent to 3.9.3."
2020-08-10 16:04:55 +02:00
Michael Weiss
82a0240bb0
fuse3: 3.9.1 -> 3.9.2 (#90232) 2020-06-13 12:23:42 +02:00
Michael Weiss
68e9ddacc2
fuse3: 3.9.0 -> 3.9.1 (#82999) 2020-03-21 21:41:37 +01:00
Michael Weiss
e6b29634d2
fuse3: 3.8.0 -> 3.9.0 (#75655)
Changelog: https://github.com/libfuse/libfuse/blob/fuse-3.9.0/ChangeLog.rst
2019-12-14 20:16:36 +01:00
Michael Weiss
828061351c
fuse3: 3.7.0 -> 3.8.0 2019-11-03 14:21:43 +01:00
Michael Weiss
262b17a375
fuse3: 3.6.2 -> 3.7.0 2019-09-28 21:08:47 +02:00
volth
c814d72b51 treewide: name -> pname 2019-08-17 10:54:38 +00:00
Michael Weiss
50464716e3
fuse3: 3.6.1 -> 3.6.2 2019-07-10 13:29:00 +02:00
Michael Weiss
f2cfc158b2
fuse,fuse3: Avoid unnecessary build warnings
Do not set FUSERMOUNT_DIR since we already set it though
NIX_CFLAGS_COMPILE.

Setting it twice results in a lot of warnings like this one:

<command-line>:0:0: warning: "FUSERMOUNT_DIR" redefined

which makes the build look potentially broken.
This doesn't affect the result but fuse3 will now build without any
warnings and building fuse yields less warnings.
2019-06-14 22:09:15 +02:00
Michael Weiss
b8c827c266
fuse3: 3.5.0 -> 3.6.1 2019-06-14 13:38:22 +02:00
Michael Weiss
b3bcdf8cf5
fuse3: 3.4.2 -> 3.5.0 2019-04-16 23:40:41 +02:00
Matthew Bauer
5541559635 fuse3: use /etc/fuse.conf for configuration (#59043)
We don’t want the config file to be read only and in the Nix store.
2019-04-07 23:00:51 +02:00
Michael Weiss
c1c13e4115
fuse3: 3.4.1 -> 3.4.2 2019-03-10 00:03:25 +01:00
Michael Weiss
e7e18206dd
fuse: 2.9.8 -> 2.9.9 2019-01-05 02:26:02 +01:00
Michael Weiss
1259a24c05 fuse3: 3.3.0 -> 3.4.1 2018-12-22 17:56:42 +01:00
Michael Weiss
fee991333d fuse3: 3.2.6 -> 3.3.0 2018-11-07 14:45:27 +01:00
Michael Weiss
bf0f63090b fuse3: 3.2.5 -> 3.2.6 2018-08-31 21:42:03 +02:00
Vladimír Čunát
765d695b89
Merge branch 'staging-next'
Security fixes for a few packages are included.
2018-08-21 15:36:02 +02:00
Markus Kowalewski
da7a32ef17
fuse: add license 2018-08-20 00:47:52 +02:00
Jan Malakhovski
662756bb6d fuse: make tests run, but disable 2018-08-11 09:35:31 +00:00
Michael Weiss
ec1082c58f fuse: 2.9.7 -> 2.9.8 (security, CVE-2018-10906)
Upstream changelog:
- SECURITY UPDATE: In previous versions of libfuse it was possible to
  for unprivileged users to specify the allow_other option even when
  this was forbidden in /etc/fuse.conf. The vulnerability is present
  only on systems where SELinux is active (including in permissive
  mode).
- libfuse no longer segfaults when fuse_interrupted() is called outside
  the event loop.
- The fusermount binary has been hardened in several ways to reduce
  potential attack surface. Most importantly, mountpoints and mount
  options must now match a hard-coded whitelist. It is expected that
  this whitelist covers all regular use-cases.
- Fixed rename deadlock on FreeBSD.
2018-07-25 23:53:40 +02:00
Michael Weiss
46cd782b43 fuse3: 3.2.4 -> 3.2.5 (security, CVE-2018-10906)
Upstream changelog:
- SECURITY UPDATE: In previous versions of libfuse it was possible to
  for unprivileged users to specify the allow_other option even when
  this was forbidden in /etc/fuse.conf. The vulnerability is present
  only on systems where SELinux is active (including in permissive
  mode).
- The fusermount binary has been hardened in several ways to reduce
  potential attack surface. Most importantly, mountpoints and mount
  options must now match a hard-coded whitelist. It is expected that
  this whitelist covers all regular use-cases.
- Added a test of seekdir to test_syscalls.
- Fixed readdir bug when non-zero offsets are given to filler and the
  filesystem client, after reading a whole directory, re-reads it from a
  non-zero offset e. g. by calling seekdir followed by readdir.
2018-07-25 23:53:40 +02:00
volth
52f53c69ce pkgs/*: remove unreferenced function arguments 2018-07-21 02:48:04 +00:00
Michael Weiss
fa6941f108 fuse3: 3.2.3 -> 3.2.4 2018-07-13 16:43:21 +02:00
Michael Weiss
d3e3e131f5 fuse3: 3.2.2 -> 3.2.3 2018-05-11 22:12:53 +02:00
Michael Raskin
085eab7ef6 fuse3: install fuse.conf without execute bit 2018-04-01 23:02:25 +02:00
Michael Weiss
c00b5bf6a2 fuse3: 3.2.1 -> 3.2.2
Stop using bin/mount.fuse from fuse3 for fuse2 (mount.fuse from fuse3
isn't guaranteed to remain backwards compatible).
2018-04-01 01:55:14 +02:00
Shea Levy
ed5bd8ad49
fuse: Fix cross-compilation 2018-02-28 15:01:32 -05:00
Yegor Timoshenko
506c89c30a maintainers: remove mornfall from packages 2018-01-17 05:17:33 +00:00
Michael Weiss
f46003798e fuse3: 3.2.0 -> 3.2.1 2017-11-15 13:42:44 +01:00
Michael Weiss
1a9467edd5 fuse3: 3.1.1 -> 3.2.0 2017-09-23 21:31:15 +02:00
Michael Weiss
351f5fc585 fuse3: init at 3.1.1
This includes fuse-common (fusePackages.fuse_3.common) as recommended by
upstream. But while fuse(2) and fuse3 would normally depend on
fuse-common we can't do that in nixpkgs while fuse-common is just
another output from the fuse3 multiple-output derivation (i.e. this
would result in a circular dependency). To avoid building fuse3 twice I
decided it would be best to copy the shared files (i.e. the ones
provided by fuse(2) and fuse3) from fuse-common to fuse (version 2) and
avoid collision warnings by defining priorities. Now it should be
possible to install an arbitrary combination of "fuse", "fuse3", and
"fuse-common" without getting any collision warnings. The end result
should be the same and all changes should be backwards compatible
(assuming that mount.fuse from fuse3 is backwards compatible as stated
by upstream [0] - if not this might break some /etc/fstab definitions
but that should be very unlikely).

My tests with sshfs (version 2 and 3) didn't show any problems.

See #28409 for some additional information.

[0]: https://github.com/libfuse/libfuse/releases/tag/fuse-3.0.0
2017-09-21 23:59:46 +02:00
Parnell Springmeyer
6777e6f812
Merging with upstream 2017-01-29 05:54:01 -06:00
Parnell Springmeyer
4aa0923009
Getting rid of the var indirection and using a bin path instead 2017-01-29 04:11:01 -06:00
Parnell Springmeyer
e92b8402b0
Addressing PR feedback 2017-01-28 20:48:03 -08:00
Parnell Springmeyer
bae00e8aa8
setcap-wrapper: Merging with upstream master and resolving conflicts 2017-01-25 11:08:05 -08:00
Tuomas Tynkkynen
8999ab9e56 fuse: Add Aarch64 patch from upstream git to fix build
See e.g. https://bugs.launchpad.net/linaro-oe/+bug/1087757
2017-01-25 00:01:54 +02:00
Tuomas Tynkkynen
45338a3077 fuse: Minor cleanup 2016-12-28 17:37:10 +02:00
rushmorem
7be7620e51 fuse: 2.9.5 -> 2.9.7 2016-09-16 22:28:14 +02:00
Parnell Springmeyer
98c058a1ee Adapting everything for the merged permissions wrappers work. 2016-09-01 19:21:06 -05:00
Eelco Dolstra
497c828611 fuse: 2.9.3 -> 2.9.5 2016-03-19 21:01:20 +01:00