Skip to content

Commit

Permalink
main: add a mount flag to disable ACLs
Browse files Browse the repository at this point in the history
Signed-off-by: Giuseppe Scrivano <[email protected]>
  • Loading branch information
giuseppe committed Sep 15, 2021
1 parent b47bccf commit 30791df
Show file tree
Hide file tree
Showing 4 changed files with 41 additions and 30 deletions.
62 changes: 33 additions & 29 deletions fuse-overlayfs.1
Original file line number Diff line number Diff line change
@@ -1,55 +1,55 @@
.nh
.TH fuse\-overlayfs 1 "User Commands"
.TH fuse-overlayfs 1 "User Commands"

.SH NAME
.PP
fuse\-overlayfs \- overlayfs FUSE implementation
fuse-overlayfs - overlayfs FUSE implementation


.SH SYNOPSIS
.PP
mounting
fuse\-overlayfs [\-f] [\-\-debug] [\-o OPTS] MOUNT\_TARGET
fuse-overlayfs [-f] [--debug] [-o OPTS] MOUNT_TARGET

.PP
unmounting
fusermount \-u mountpoint
fusermount -u mountpoint


.SH DESCRIPTION
.PP
fuse\-overlayfs provides an overlayfs FUSE implementation so that it
fuse-overlayfs provides an overlayfs FUSE implementation so that it
can be used since Linux 4.18 by unprivileged users in an user
namespace.


.SH OPTIONS
.PP
\fB\-\-debug\fP
\fB--debug\fP
Enable debugging mode, can be very noisy.

.PP
\fB\-o lowerdir=low1[:low2...]\fP
\fB-o lowerdir=low1[:low2...]\fP
A list of directories separated by \fB\fC:\fR\&. Their content is merged.

.PP
\fB\-o upperdir=upperdir\fP
\fB-o upperdir=upperdir\fP
A directory merged on top of all the lowerdirs where all the changes
done to the file system will be written.

.PP
\fB\-o workdir=workdir\fP
A directory used internally by fuse\-overlays, must be on the same file
\fB-o workdir=workdir\fP
A directory used internally by fuse-overlays, must be on the same file
system as the upper dir.

.PP
\fB\-o uidmapping=UID:MAPPED\-UID:LEN[,UID2:MAPPED\-UID2:LEN2]\fP
\fB\-o gidmapping=GID:MAPPED\-GID:LEN[,GID2:MAPPED\-GID2:LEN2]\fP
Specifies the dynamic UID/GID mapping used by fuse\-overlayfs when
\fB-o uidmapping=UID:MAPPED-UID:LEN[,UID2:MAPPED-UID2:LEN2]\fP
\fB-o gidmapping=GID:MAPPED-GID:LEN[,GID2:MAPPED-GID2:LEN2]\fP
Specifies the dynamic UID/GID mapping used by fuse-overlayfs when
reading/writing files to the system.

.PP
The fuse\-overlayfs dynamic mapping is an alternative and cheaper way
The fuse-overlayfs dynamic mapping is an alternative and cheaper way
to chown'ing the files on the host to accommodate the user namespace
settings.

Expand All @@ -62,21 +62,21 @@ without requiring to chown the files.
For example, given on the host two files like:

.PP
$ stat \-c %u:%g lower/a lower/b
$ stat -c %u:%g lower/a lower/b
0:0
1:1

.PP
When we run in a user namespace with the following configuration:
$ cat /proc/self/uid\_map
$ cat /proc/self/uid_map
0 1000 1
1 110000 65536

.PP
We would see:

.PP
$ stat \-c %u:%g merged/a merged/b
$ stat -c %u:%g merged/a merged/b
65534:65534
65534:65534

Expand All @@ -86,48 +86,52 @@ user namespace. This happens because both users 0:0 and 1:1 are not
mapped.

.PP
In the above example, if we mount the fuse\-overlayfs file system using:
\fB\fC\-ouidmapping=0:1000:1:1:110000:65536,gidmapping=0:1000:1:1:110000:65536\fR,
In the above example, if we mount the fuse-overlayfs file system using:
\fB\fC-ouidmapping=0:1000:1:1:110000:65536,gidmapping=0:1000:1:1:110000:65536\fR,
which is the namespace configuration specified on a single line, we'd
see from the same user namespace:

.PP
$ stat \-c %u:%g merged/a merged/b
$ stat -c %u:%g merged/a merged/b
0:0
1:1

.PP
Those are the same IDs visible from outside the user namespace.

.PP
\fB\-o squash\_to\_root\fP
\fB-o squash_to_root\fP
Every file and directory is owned by the root user (0:0).

.PP
\fB\-o squash\_to\_uid=uid\fP
\fB\-o squash\_to\_gid=gid\fP
\fB-o squash_to_uid=uid\fP
\fB-o squash_to_gid=gid\fP
Every file and directory is owned by the specified uid or gid.

.PP
It has higher precedence over \fBsquash\_to\_root\fP\&.
It has higher precedence over \fBsquash_to_root\fP\&.

.PP
\fB\-o static\_nlink\fP
Set st\_nlink to the static value 1 for all directories.
\fB-o static_nlink\fP
Set st_nlink to the static value 1 for all directories.

.PP
This can be useful for higher latency file systems such as NFS, where
counting the number of hard links for a directory with many files can
be a slow operation. With this option enabled, the number of hard
links reported when running stat for any directory is 1.

.PP
\fB-o noacl\fP
Disable ACL support in the FUSE file system.


.SH SEE ALSO
.PP
\fBfuse\fP(8), \fBmount\fP(8), \fBuser\_namespaces\fP(7)
\fBfuse\fP(8), \fBmount\fP(8), \fBuser_namespaces\fP(7)


.SH AVAILABILITY
.PP
The fuse\-overlayfs command is available from
\fBhttps://github.com/containers/fuse\-overlayfs\fP under GNU GENERAL PUBLIC LICENSE Version 3 or later.
The fuse-overlayfs command is available from
\fBhttps://github.com/containers/fuse-overlayfs\fP under GNU GENERAL PUBLIC LICENSE Version 3 or later.
3 changes: 3 additions & 0 deletions fuse-overlayfs.1.md
Original file line number Diff line number Diff line change
Expand Up @@ -97,6 +97,9 @@ counting the number of hard links for a directory with many files can
be a slow operation. With this option enabled, the number of hard
links reported when running stat for any directory is 1.

**-o noacl**
Disable ACL support in the FUSE file system.

# SEE ALSO

**fuse**(8), **mount**(8), **user_namespaces**(7)
Expand Down
1 change: 1 addition & 0 deletions fuse-overlayfs.h
Original file line number Diff line number Diff line change
Expand Up @@ -92,6 +92,7 @@ struct ovl_data
double timeout;
int threaded;
int fsync;
int noacl;
int fast_ino_check;
int writeback;
int disable_xattrs;
Expand Down
5 changes: 4 additions & 1 deletion main.c
Original file line number Diff line number Diff line change
Expand Up @@ -227,6 +227,8 @@ static const struct fuse_opt ovl_opts[] = {
offsetof (struct ovl_data, static_nlink), 1},
{"volatile", /* native overlay supports "volatile" to mean fsync=0. */
offsetof (struct ovl_data, fsync), 0},
{"noacl",
offsetof (struct ovl_data, noacl), 1},
FUSE_OPT_END
};

Expand Down Expand Up @@ -427,7 +429,7 @@ ovl_init (void *userdata, struct fuse_conn_info *conn)
if ((conn->capable & FUSE_CAP_WRITEBACK_CACHE) == 0)
lo->writeback = 0;

if (conn->capable & FUSE_CAP_POSIX_ACL)
if ((lo->noacl == 0) && (conn->capable & FUSE_CAP_POSIX_ACL))
conn->want |= FUSE_CAP_POSIX_ACL;

conn->want |= FUSE_CAP_DONT_MASK | FUSE_CAP_SPLICE_READ | FUSE_CAP_SPLICE_WRITE | FUSE_CAP_SPLICE_MOVE;
Expand Down Expand Up @@ -5515,6 +5517,7 @@ main (int argc, char *argv[])
.redirect_dir = NULL,
.mountpoint = NULL,
.fsync = 1,
.noacl = 0,
.squash_to_uid = -1,
.squash_to_gid = -1,
.static_nlink = 0,
Expand Down

0 comments on commit 30791df

Please sign in to comment.