https://github.com/libfuse/libfuse/blob/fuse-3.16.1/ChangeLog.rst#libfuse-3161-2023-08-08
One change can be expected to break some setups:
- Unsupported mount options are no longer silently accepted [1]
For example, sshfs built against the present libfuse 3.11.0,
`$ sshfs 127.0.0.1:/home/test/testdir /home/test/sshfs_mnt -o atime`
terminates successfully (with the mount point established), while when
built against 3.16.1, it outputs the error message `fuse: unknown
option(s): `-o atime'` and terminates with exit status 1.
checkInputs used to be added to nativeBuildInputs. Now we have
nativeCheckInputs to do that instead. Doing this treewide change allows
to keep hashes identical to before the introduction of
nativeCheckInputs.
error: attribute 'homepage' missing
at ~/src/nixpkgs/pkgs/os-specific/linux/fuse/common.nix:91:21:
90|
91| meta = with lib; {
| ^
92| description = "Library that allows filesystems to be implemented in user space";
when mounting a fuse fs by fstab on can write:
/nix/store/sdlflj/bin/somefuseexe#argument /mountpoint fuse setuid=someuser
mount is run by root, and setuid is a way to tell mount.fuse to run
somefuseexe as someuser instead. Under the hood, mount.fuse uses su.
The problem is that mount is run by systemd in a seemingly very empty
environment not containing /run/current-system/sw/bin nor
/run/wrappers/bin in $PATH, so mount fails with "su command not found".
We now patch the command to run su with an absolute path.
man mount.fuse3 indicates that this option is reserved to root (or with
enough capabilities) so not using
/run/wrappers/bin/su is thus correct. It has the very small advantage of
possibly working on non nixos.
Do not set FUSERMOUNT_DIR since we already set it though
NIX_CFLAGS_COMPILE.
Setting it twice results in a lot of warnings like this one:
<command-line>:0:0: warning: "FUSERMOUNT_DIR" redefined
which makes the build look potentially broken.
This doesn't affect the result but fuse3 will now build without any
warnings and building fuse yields less warnings.
Upstream changelog:
- SECURITY UPDATE: In previous versions of libfuse it was possible to
for unprivileged users to specify the allow_other option even when
this was forbidden in /etc/fuse.conf. The vulnerability is present
only on systems where SELinux is active (including in permissive
mode).
- libfuse no longer segfaults when fuse_interrupted() is called outside
the event loop.
- The fusermount binary has been hardened in several ways to reduce
potential attack surface. Most importantly, mountpoints and mount
options must now match a hard-coded whitelist. It is expected that
this whitelist covers all regular use-cases.
- Fixed rename deadlock on FreeBSD.
Upstream changelog:
- SECURITY UPDATE: In previous versions of libfuse it was possible to
for unprivileged users to specify the allow_other option even when
this was forbidden in /etc/fuse.conf. The vulnerability is present
only on systems where SELinux is active (including in permissive
mode).
- The fusermount binary has been hardened in several ways to reduce
potential attack surface. Most importantly, mountpoints and mount
options must now match a hard-coded whitelist. It is expected that
this whitelist covers all regular use-cases.
- Added a test of seekdir to test_syscalls.
- Fixed readdir bug when non-zero offsets are given to filler and the
filesystem client, after reading a whole directory, re-reads it from a
non-zero offset e. g. by calling seekdir followed by readdir.