[PATCH] FUSE - core
This patch adds FUSE core.
This contains the following files:
o inode.c
- superblock operations (alloc_inode, destroy_inode, read_inode,
clear_inode, put_super, show_options)
- registers FUSE filesystem
o fuse_i.h
- private header file
Requirements
============
The most important difference between orinary filesystems and FUSE is
the fact, that the filesystem data/metadata is provided by a userspace
process run with the privileges of the mount "owner" instead of the
kernel, or some remote entity usually running with elevated
privileges.
The security implication of this is that a non-privileged user must
not be able to use this capability to compromise the system. Obvious
requirements arising from this are:
- mount owner should not be able to get elevated privileges with the
help of the mounted filesystem
- mount owner should not be able to induce undesired behavior in
other users' or the super user's processes
- mount owner should not get illegitimate access to information from
other users' and the super user's processes
These are currently ensured with the following constraints:
1) mount is only allowed to directory or file which the mount owner
can modify without limitation (write access + no sticky bit for
directories)
2) nosuid,nodev mount options are forced
3) any process running with fsuid different from the owner is denied
all access to the filesystem
1) and 2) are ensured by the "fusermount" mount utility which is a
setuid root application doing the actual mount operation.
3) is ensured by a check in the permission() method in kernel
I started thinking about doing 3) in a different way because Christoph
H. made a big deal out of it, saying that FUSE is unacceptable into
mainline in this form.
The suggested use of private namespaces would be OK, but in their
current form have many limitations that make their use impractical (as
discussed in this thread).
Suggested improvements that would address these limitations:
- implement shared subtrees
- allow a process to join an existing namespace (make namespaces
first-class objects)
- implement the namespace creation/joining in a PAM module
With all that in place the check of owner against current->fsuid may
be removed from the FUSE kernel module, without compromising the
security requirements.
Suid programs still interesting questions, since they get access even
to the private namespace causing some information leak (exact
order/timing of filesystem operations performed), giving some
ptrace-like capabilities to unprivileged users. BTW this problem is
not strictly limited to the namespace approach, since suid programs
setting fsuid and accessing users' files will succeed with the current
approach too.
Signed-off-by: Miklos Szeredi <miklos@szeredi.hu>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-09-10 04:10:26 +08:00
|
|
|
/*
|
|
|
|
FUSE: Filesystem in Userspace
|
2006-06-25 20:48:52 +08:00
|
|
|
Copyright (C) 2001-2006 Miklos Szeredi <miklos@szeredi.hu>
|
[PATCH] FUSE - core
This patch adds FUSE core.
This contains the following files:
o inode.c
- superblock operations (alloc_inode, destroy_inode, read_inode,
clear_inode, put_super, show_options)
- registers FUSE filesystem
o fuse_i.h
- private header file
Requirements
============
The most important difference between orinary filesystems and FUSE is
the fact, that the filesystem data/metadata is provided by a userspace
process run with the privileges of the mount "owner" instead of the
kernel, or some remote entity usually running with elevated
privileges.
The security implication of this is that a non-privileged user must
not be able to use this capability to compromise the system. Obvious
requirements arising from this are:
- mount owner should not be able to get elevated privileges with the
help of the mounted filesystem
- mount owner should not be able to induce undesired behavior in
other users' or the super user's processes
- mount owner should not get illegitimate access to information from
other users' and the super user's processes
These are currently ensured with the following constraints:
1) mount is only allowed to directory or file which the mount owner
can modify without limitation (write access + no sticky bit for
directories)
2) nosuid,nodev mount options are forced
3) any process running with fsuid different from the owner is denied
all access to the filesystem
1) and 2) are ensured by the "fusermount" mount utility which is a
setuid root application doing the actual mount operation.
3) is ensured by a check in the permission() method in kernel
I started thinking about doing 3) in a different way because Christoph
H. made a big deal out of it, saying that FUSE is unacceptable into
mainline in this form.
The suggested use of private namespaces would be OK, but in their
current form have many limitations that make their use impractical (as
discussed in this thread).
Suggested improvements that would address these limitations:
- implement shared subtrees
- allow a process to join an existing namespace (make namespaces
first-class objects)
- implement the namespace creation/joining in a PAM module
With all that in place the check of owner against current->fsuid may
be removed from the FUSE kernel module, without compromising the
security requirements.
Suid programs still interesting questions, since they get access even
to the private namespace causing some information leak (exact
order/timing of filesystem operations performed), giving some
ptrace-like capabilities to unprivileged users. BTW this problem is
not strictly limited to the namespace approach, since suid programs
setting fsuid and accessing users' files will succeed with the current
approach too.
Signed-off-by: Miklos Szeredi <miklos@szeredi.hu>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-09-10 04:10:26 +08:00
|
|
|
|
|
|
|
This program can be distributed under the terms of the GNU GPL.
|
|
|
|
See the file COPYING.
|
|
|
|
*/
|
|
|
|
|
2007-10-18 18:06:59 +08:00
|
|
|
/*
|
|
|
|
* This file defines the kernel interface of FUSE
|
|
|
|
*
|
|
|
|
* Protocol changelog:
|
|
|
|
*
|
|
|
|
* 7.9:
|
|
|
|
* - new fuse_getattr_in input argument of GETATTR
|
2007-10-18 18:07:02 +08:00
|
|
|
* - add lk_flags in fuse_lk_in
|
2007-10-18 18:07:04 +08:00
|
|
|
* - add lock_owner field to fuse_setattr_in, fuse_read_in and fuse_write_in
|
2007-10-18 18:07:05 +08:00
|
|
|
* - add blksize field to fuse_attr
|
2007-10-18 18:06:59 +08:00
|
|
|
*/
|
[PATCH] FUSE - core
This patch adds FUSE core.
This contains the following files:
o inode.c
- superblock operations (alloc_inode, destroy_inode, read_inode,
clear_inode, put_super, show_options)
- registers FUSE filesystem
o fuse_i.h
- private header file
Requirements
============
The most important difference between orinary filesystems and FUSE is
the fact, that the filesystem data/metadata is provided by a userspace
process run with the privileges of the mount "owner" instead of the
kernel, or some remote entity usually running with elevated
privileges.
The security implication of this is that a non-privileged user must
not be able to use this capability to compromise the system. Obvious
requirements arising from this are:
- mount owner should not be able to get elevated privileges with the
help of the mounted filesystem
- mount owner should not be able to induce undesired behavior in
other users' or the super user's processes
- mount owner should not get illegitimate access to information from
other users' and the super user's processes
These are currently ensured with the following constraints:
1) mount is only allowed to directory or file which the mount owner
can modify without limitation (write access + no sticky bit for
directories)
2) nosuid,nodev mount options are forced
3) any process running with fsuid different from the owner is denied
all access to the filesystem
1) and 2) are ensured by the "fusermount" mount utility which is a
setuid root application doing the actual mount operation.
3) is ensured by a check in the permission() method in kernel
I started thinking about doing 3) in a different way because Christoph
H. made a big deal out of it, saying that FUSE is unacceptable into
mainline in this form.
The suggested use of private namespaces would be OK, but in their
current form have many limitations that make their use impractical (as
discussed in this thread).
Suggested improvements that would address these limitations:
- implement shared subtrees
- allow a process to join an existing namespace (make namespaces
first-class objects)
- implement the namespace creation/joining in a PAM module
With all that in place the check of owner against current->fsuid may
be removed from the FUSE kernel module, without compromising the
security requirements.
Suid programs still interesting questions, since they get access even
to the private namespace causing some information leak (exact
order/timing of filesystem operations performed), giving some
ptrace-like capabilities to unprivileged users. BTW this problem is
not strictly limited to the namespace approach, since suid programs
setting fsuid and accessing users' files will succeed with the current
approach too.
Signed-off-by: Miklos Szeredi <miklos@szeredi.hu>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-09-10 04:10:26 +08:00
|
|
|
|
|
|
|
#include <asm/types.h>
|
2006-06-25 20:48:49 +08:00
|
|
|
#include <linux/major.h>
|
[PATCH] FUSE - core
This patch adds FUSE core.
This contains the following files:
o inode.c
- superblock operations (alloc_inode, destroy_inode, read_inode,
clear_inode, put_super, show_options)
- registers FUSE filesystem
o fuse_i.h
- private header file
Requirements
============
The most important difference between orinary filesystems and FUSE is
the fact, that the filesystem data/metadata is provided by a userspace
process run with the privileges of the mount "owner" instead of the
kernel, or some remote entity usually running with elevated
privileges.
The security implication of this is that a non-privileged user must
not be able to use this capability to compromise the system. Obvious
requirements arising from this are:
- mount owner should not be able to get elevated privileges with the
help of the mounted filesystem
- mount owner should not be able to induce undesired behavior in
other users' or the super user's processes
- mount owner should not get illegitimate access to information from
other users' and the super user's processes
These are currently ensured with the following constraints:
1) mount is only allowed to directory or file which the mount owner
can modify without limitation (write access + no sticky bit for
directories)
2) nosuid,nodev mount options are forced
3) any process running with fsuid different from the owner is denied
all access to the filesystem
1) and 2) are ensured by the "fusermount" mount utility which is a
setuid root application doing the actual mount operation.
3) is ensured by a check in the permission() method in kernel
I started thinking about doing 3) in a different way because Christoph
H. made a big deal out of it, saying that FUSE is unacceptable into
mainline in this form.
The suggested use of private namespaces would be OK, but in their
current form have many limitations that make their use impractical (as
discussed in this thread).
Suggested improvements that would address these limitations:
- implement shared subtrees
- allow a process to join an existing namespace (make namespaces
first-class objects)
- implement the namespace creation/joining in a PAM module
With all that in place the check of owner against current->fsuid may
be removed from the FUSE kernel module, without compromising the
security requirements.
Suid programs still interesting questions, since they get access even
to the private namespace causing some information leak (exact
order/timing of filesystem operations performed), giving some
ptrace-like capabilities to unprivileged users. BTW this problem is
not strictly limited to the namespace approach, since suid programs
setting fsuid and accessing users' files will succeed with the current
approach too.
Signed-off-by: Miklos Szeredi <miklos@szeredi.hu>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-09-10 04:10:26 +08:00
|
|
|
|
|
|
|
/** Version number of this interface */
|
2005-09-10 04:10:29 +08:00
|
|
|
#define FUSE_KERNEL_VERSION 7
|
[PATCH] FUSE - core
This patch adds FUSE core.
This contains the following files:
o inode.c
- superblock operations (alloc_inode, destroy_inode, read_inode,
clear_inode, put_super, show_options)
- registers FUSE filesystem
o fuse_i.h
- private header file
Requirements
============
The most important difference between orinary filesystems and FUSE is
the fact, that the filesystem data/metadata is provided by a userspace
process run with the privileges of the mount "owner" instead of the
kernel, or some remote entity usually running with elevated
privileges.
The security implication of this is that a non-privileged user must
not be able to use this capability to compromise the system. Obvious
requirements arising from this are:
- mount owner should not be able to get elevated privileges with the
help of the mounted filesystem
- mount owner should not be able to induce undesired behavior in
other users' or the super user's processes
- mount owner should not get illegitimate access to information from
other users' and the super user's processes
These are currently ensured with the following constraints:
1) mount is only allowed to directory or file which the mount owner
can modify without limitation (write access + no sticky bit for
directories)
2) nosuid,nodev mount options are forced
3) any process running with fsuid different from the owner is denied
all access to the filesystem
1) and 2) are ensured by the "fusermount" mount utility which is a
setuid root application doing the actual mount operation.
3) is ensured by a check in the permission() method in kernel
I started thinking about doing 3) in a different way because Christoph
H. made a big deal out of it, saying that FUSE is unacceptable into
mainline in this form.
The suggested use of private namespaces would be OK, but in their
current form have many limitations that make their use impractical (as
discussed in this thread).
Suggested improvements that would address these limitations:
- implement shared subtrees
- allow a process to join an existing namespace (make namespaces
first-class objects)
- implement the namespace creation/joining in a PAM module
With all that in place the check of owner against current->fsuid may
be removed from the FUSE kernel module, without compromising the
security requirements.
Suid programs still interesting questions, since they get access even
to the private namespace causing some information leak (exact
order/timing of filesystem operations performed), giving some
ptrace-like capabilities to unprivileged users. BTW this problem is
not strictly limited to the namespace approach, since suid programs
setting fsuid and accessing users' files will succeed with the current
approach too.
Signed-off-by: Miklos Szeredi <miklos@szeredi.hu>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-09-10 04:10:26 +08:00
|
|
|
|
|
|
|
/** Minor version number of this interface */
|
2007-10-18 18:06:59 +08:00
|
|
|
#define FUSE_KERNEL_MINOR_VERSION 9
|
[PATCH] FUSE - core
This patch adds FUSE core.
This contains the following files:
o inode.c
- superblock operations (alloc_inode, destroy_inode, read_inode,
clear_inode, put_super, show_options)
- registers FUSE filesystem
o fuse_i.h
- private header file
Requirements
============
The most important difference between orinary filesystems and FUSE is
the fact, that the filesystem data/metadata is provided by a userspace
process run with the privileges of the mount "owner" instead of the
kernel, or some remote entity usually running with elevated
privileges.
The security implication of this is that a non-privileged user must
not be able to use this capability to compromise the system. Obvious
requirements arising from this are:
- mount owner should not be able to get elevated privileges with the
help of the mounted filesystem
- mount owner should not be able to induce undesired behavior in
other users' or the super user's processes
- mount owner should not get illegitimate access to information from
other users' and the super user's processes
These are currently ensured with the following constraints:
1) mount is only allowed to directory or file which the mount owner
can modify without limitation (write access + no sticky bit for
directories)
2) nosuid,nodev mount options are forced
3) any process running with fsuid different from the owner is denied
all access to the filesystem
1) and 2) are ensured by the "fusermount" mount utility which is a
setuid root application doing the actual mount operation.
3) is ensured by a check in the permission() method in kernel
I started thinking about doing 3) in a different way because Christoph
H. made a big deal out of it, saying that FUSE is unacceptable into
mainline in this form.
The suggested use of private namespaces would be OK, but in their
current form have many limitations that make their use impractical (as
discussed in this thread).
Suggested improvements that would address these limitations:
- implement shared subtrees
- allow a process to join an existing namespace (make namespaces
first-class objects)
- implement the namespace creation/joining in a PAM module
With all that in place the check of owner against current->fsuid may
be removed from the FUSE kernel module, without compromising the
security requirements.
Suid programs still interesting questions, since they get access even
to the private namespace causing some information leak (exact
order/timing of filesystem operations performed), giving some
ptrace-like capabilities to unprivileged users. BTW this problem is
not strictly limited to the namespace approach, since suid programs
setting fsuid and accessing users' files will succeed with the current
approach too.
Signed-off-by: Miklos Szeredi <miklos@szeredi.hu>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-09-10 04:10:26 +08:00
|
|
|
|
|
|
|
/** The node ID of the root inode */
|
|
|
|
#define FUSE_ROOT_ID 1
|
|
|
|
|
2005-09-10 04:10:27 +08:00
|
|
|
/** The major number of the fuse character device */
|
2006-06-25 20:48:49 +08:00
|
|
|
#define FUSE_MAJOR MISC_MAJOR
|
2005-09-10 04:10:27 +08:00
|
|
|
|
|
|
|
/** The minor number of the fuse character device */
|
|
|
|
#define FUSE_MINOR 229
|
|
|
|
|
2005-09-10 04:10:32 +08:00
|
|
|
/* Make sure all structures are padded to 64bit boundary, so 32bit
|
|
|
|
userspace works under 64bit kernels */
|
|
|
|
|
[PATCH] FUSE - core
This patch adds FUSE core.
This contains the following files:
o inode.c
- superblock operations (alloc_inode, destroy_inode, read_inode,
clear_inode, put_super, show_options)
- registers FUSE filesystem
o fuse_i.h
- private header file
Requirements
============
The most important difference between orinary filesystems and FUSE is
the fact, that the filesystem data/metadata is provided by a userspace
process run with the privileges of the mount "owner" instead of the
kernel, or some remote entity usually running with elevated
privileges.
The security implication of this is that a non-privileged user must
not be able to use this capability to compromise the system. Obvious
requirements arising from this are:
- mount owner should not be able to get elevated privileges with the
help of the mounted filesystem
- mount owner should not be able to induce undesired behavior in
other users' or the super user's processes
- mount owner should not get illegitimate access to information from
other users' and the super user's processes
These are currently ensured with the following constraints:
1) mount is only allowed to directory or file which the mount owner
can modify without limitation (write access + no sticky bit for
directories)
2) nosuid,nodev mount options are forced
3) any process running with fsuid different from the owner is denied
all access to the filesystem
1) and 2) are ensured by the "fusermount" mount utility which is a
setuid root application doing the actual mount operation.
3) is ensured by a check in the permission() method in kernel
I started thinking about doing 3) in a different way because Christoph
H. made a big deal out of it, saying that FUSE is unacceptable into
mainline in this form.
The suggested use of private namespaces would be OK, but in their
current form have many limitations that make their use impractical (as
discussed in this thread).
Suggested improvements that would address these limitations:
- implement shared subtrees
- allow a process to join an existing namespace (make namespaces
first-class objects)
- implement the namespace creation/joining in a PAM module
With all that in place the check of owner against current->fsuid may
be removed from the FUSE kernel module, without compromising the
security requirements.
Suid programs still interesting questions, since they get access even
to the private namespace causing some information leak (exact
order/timing of filesystem operations performed), giving some
ptrace-like capabilities to unprivileged users. BTW this problem is
not strictly limited to the namespace approach, since suid programs
setting fsuid and accessing users' files will succeed with the current
approach too.
Signed-off-by: Miklos Szeredi <miklos@szeredi.hu>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-09-10 04:10:26 +08:00
|
|
|
struct fuse_attr {
|
|
|
|
__u64 ino;
|
|
|
|
__u64 size;
|
|
|
|
__u64 blocks;
|
|
|
|
__u64 atime;
|
|
|
|
__u64 mtime;
|
|
|
|
__u64 ctime;
|
|
|
|
__u32 atimensec;
|
|
|
|
__u32 mtimensec;
|
|
|
|
__u32 ctimensec;
|
|
|
|
__u32 mode;
|
|
|
|
__u32 nlink;
|
|
|
|
__u32 uid;
|
|
|
|
__u32 gid;
|
|
|
|
__u32 rdev;
|
2007-10-18 18:07:05 +08:00
|
|
|
__u32 blksize;
|
|
|
|
__u32 padding;
|
[PATCH] FUSE - core
This patch adds FUSE core.
This contains the following files:
o inode.c
- superblock operations (alloc_inode, destroy_inode, read_inode,
clear_inode, put_super, show_options)
- registers FUSE filesystem
o fuse_i.h
- private header file
Requirements
============
The most important difference between orinary filesystems and FUSE is
the fact, that the filesystem data/metadata is provided by a userspace
process run with the privileges of the mount "owner" instead of the
kernel, or some remote entity usually running with elevated
privileges.
The security implication of this is that a non-privileged user must
not be able to use this capability to compromise the system. Obvious
requirements arising from this are:
- mount owner should not be able to get elevated privileges with the
help of the mounted filesystem
- mount owner should not be able to induce undesired behavior in
other users' or the super user's processes
- mount owner should not get illegitimate access to information from
other users' and the super user's processes
These are currently ensured with the following constraints:
1) mount is only allowed to directory or file which the mount owner
can modify without limitation (write access + no sticky bit for
directories)
2) nosuid,nodev mount options are forced
3) any process running with fsuid different from the owner is denied
all access to the filesystem
1) and 2) are ensured by the "fusermount" mount utility which is a
setuid root application doing the actual mount operation.
3) is ensured by a check in the permission() method in kernel
I started thinking about doing 3) in a different way because Christoph
H. made a big deal out of it, saying that FUSE is unacceptable into
mainline in this form.
The suggested use of private namespaces would be OK, but in their
current form have many limitations that make their use impractical (as
discussed in this thread).
Suggested improvements that would address these limitations:
- implement shared subtrees
- allow a process to join an existing namespace (make namespaces
first-class objects)
- implement the namespace creation/joining in a PAM module
With all that in place the check of owner against current->fsuid may
be removed from the FUSE kernel module, without compromising the
security requirements.
Suid programs still interesting questions, since they get access even
to the private namespace causing some information leak (exact
order/timing of filesystem operations performed), giving some
ptrace-like capabilities to unprivileged users. BTW this problem is
not strictly limited to the namespace approach, since suid programs
setting fsuid and accessing users' files will succeed with the current
approach too.
Signed-off-by: Miklos Szeredi <miklos@szeredi.hu>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-09-10 04:10:26 +08:00
|
|
|
};
|
|
|
|
|
2005-09-10 04:10:28 +08:00
|
|
|
struct fuse_kstatfs {
|
|
|
|
__u64 blocks;
|
|
|
|
__u64 bfree;
|
|
|
|
__u64 bavail;
|
|
|
|
__u64 files;
|
|
|
|
__u64 ffree;
|
|
|
|
__u32 bsize;
|
|
|
|
__u32 namelen;
|
2006-01-06 16:19:37 +08:00
|
|
|
__u32 frsize;
|
|
|
|
__u32 padding;
|
|
|
|
__u32 spare[6];
|
2005-09-10 04:10:28 +08:00
|
|
|
};
|
|
|
|
|
2006-06-25 20:48:52 +08:00
|
|
|
struct fuse_file_lock {
|
|
|
|
__u64 start;
|
|
|
|
__u64 end;
|
|
|
|
__u32 type;
|
|
|
|
__u32 pid; /* tgid */
|
|
|
|
};
|
|
|
|
|
2006-02-01 19:04:40 +08:00
|
|
|
/**
|
|
|
|
* Bitmasks for fuse_setattr_in.valid
|
|
|
|
*/
|
2005-09-10 04:10:29 +08:00
|
|
|
#define FATTR_MODE (1 << 0)
|
|
|
|
#define FATTR_UID (1 << 1)
|
|
|
|
#define FATTR_GID (1 << 2)
|
|
|
|
#define FATTR_SIZE (1 << 3)
|
|
|
|
#define FATTR_ATIME (1 << 4)
|
|
|
|
#define FATTR_MTIME (1 << 5)
|
2005-11-07 16:59:52 +08:00
|
|
|
#define FATTR_FH (1 << 6)
|
2007-10-18 18:07:01 +08:00
|
|
|
#define FATTR_ATIME_NOW (1 << 7)
|
|
|
|
#define FATTR_MTIME_NOW (1 << 8)
|
2007-10-18 18:07:04 +08:00
|
|
|
#define FATTR_LOCKOWNER (1 << 9)
|
2005-09-10 04:10:29 +08:00
|
|
|
|
2005-09-10 04:10:37 +08:00
|
|
|
/**
|
|
|
|
* Flags returned by the OPEN request
|
|
|
|
*
|
|
|
|
* FOPEN_DIRECT_IO: bypass page cache for this open file
|
|
|
|
* FOPEN_KEEP_CACHE: don't invalidate the data cache on open
|
|
|
|
*/
|
|
|
|
#define FOPEN_DIRECT_IO (1 << 0)
|
|
|
|
#define FOPEN_KEEP_CACHE (1 << 1)
|
|
|
|
|
2006-02-01 19:04:40 +08:00
|
|
|
/**
|
|
|
|
* INIT request/reply flags
|
|
|
|
*/
|
|
|
|
#define FUSE_ASYNC_READ (1 << 0)
|
2006-06-25 20:48:52 +08:00
|
|
|
#define FUSE_POSIX_LOCKS (1 << 1)
|
2007-10-18 18:06:59 +08:00
|
|
|
#define FUSE_FILE_OPS (1 << 2)
|
2007-10-18 18:07:02 +08:00
|
|
|
#define FUSE_ATOMIC_O_TRUNC (1 << 3)
|
2006-02-01 19:04:40 +08:00
|
|
|
|
2006-12-07 12:35:38 +08:00
|
|
|
/**
|
|
|
|
* Release flags
|
|
|
|
*/
|
|
|
|
#define FUSE_RELEASE_FLUSH (1 << 0)
|
|
|
|
|
2007-10-18 18:06:59 +08:00
|
|
|
/**
|
|
|
|
* Getattr flags
|
|
|
|
*/
|
|
|
|
#define FUSE_GETATTR_FH (1 << 0)
|
|
|
|
|
2007-10-18 18:07:02 +08:00
|
|
|
/**
|
|
|
|
* Lock flags
|
|
|
|
*/
|
|
|
|
#define FUSE_LK_FLOCK (1 << 0)
|
|
|
|
|
2007-10-18 18:07:03 +08:00
|
|
|
/**
|
|
|
|
* WRITE flags
|
|
|
|
*
|
|
|
|
* FUSE_WRITE_CACHE: delayed write from page cache, file handle is guessed
|
2007-10-18 18:07:04 +08:00
|
|
|
* FUSE_WRITE_LOCKOWNER: lock_owner field is valid
|
2007-10-18 18:07:03 +08:00
|
|
|
*/
|
|
|
|
#define FUSE_WRITE_CACHE (1 << 0)
|
2007-10-18 18:07:04 +08:00
|
|
|
#define FUSE_WRITE_LOCKOWNER (1 << 1)
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Read flags
|
|
|
|
*/
|
|
|
|
#define FUSE_READ_LOCKOWNER (1 << 1)
|
2007-10-18 18:07:03 +08:00
|
|
|
|
2005-09-10 04:10:27 +08:00
|
|
|
enum fuse_opcode {
|
2005-09-10 04:10:28 +08:00
|
|
|
FUSE_LOOKUP = 1,
|
|
|
|
FUSE_FORGET = 2, /* no reply */
|
|
|
|
FUSE_GETATTR = 3,
|
2005-09-10 04:10:29 +08:00
|
|
|
FUSE_SETATTR = 4,
|
2005-09-10 04:10:28 +08:00
|
|
|
FUSE_READLINK = 5,
|
2005-09-10 04:10:29 +08:00
|
|
|
FUSE_SYMLINK = 6,
|
|
|
|
FUSE_MKNOD = 8,
|
|
|
|
FUSE_MKDIR = 9,
|
|
|
|
FUSE_UNLINK = 10,
|
|
|
|
FUSE_RMDIR = 11,
|
|
|
|
FUSE_RENAME = 12,
|
|
|
|
FUSE_LINK = 13,
|
2005-09-10 04:10:30 +08:00
|
|
|
FUSE_OPEN = 14,
|
|
|
|
FUSE_READ = 15,
|
|
|
|
FUSE_WRITE = 16,
|
2005-09-10 04:10:28 +08:00
|
|
|
FUSE_STATFS = 17,
|
2005-09-10 04:10:30 +08:00
|
|
|
FUSE_RELEASE = 18,
|
|
|
|
FUSE_FSYNC = 20,
|
2005-09-10 04:10:31 +08:00
|
|
|
FUSE_SETXATTR = 21,
|
|
|
|
FUSE_GETXATTR = 22,
|
|
|
|
FUSE_LISTXATTR = 23,
|
|
|
|
FUSE_REMOVEXATTR = 24,
|
2005-09-10 04:10:30 +08:00
|
|
|
FUSE_FLUSH = 25,
|
2005-09-10 04:10:36 +08:00
|
|
|
FUSE_INIT = 26,
|
|
|
|
FUSE_OPENDIR = 27,
|
|
|
|
FUSE_READDIR = 28,
|
2005-09-10 04:10:38 +08:00
|
|
|
FUSE_RELEASEDIR = 29,
|
2005-11-07 16:59:50 +08:00
|
|
|
FUSE_FSYNCDIR = 30,
|
2006-06-25 20:48:52 +08:00
|
|
|
FUSE_GETLK = 31,
|
|
|
|
FUSE_SETLK = 32,
|
|
|
|
FUSE_SETLKW = 33,
|
2005-11-07 16:59:51 +08:00
|
|
|
FUSE_ACCESS = 34,
|
2006-06-25 20:48:54 +08:00
|
|
|
FUSE_CREATE = 35,
|
|
|
|
FUSE_INTERRUPT = 36,
|
2006-12-07 12:35:51 +08:00
|
|
|
FUSE_BMAP = 37,
|
2006-12-07 12:35:52 +08:00
|
|
|
FUSE_DESTROY = 38,
|
2005-09-10 04:10:27 +08:00
|
|
|
};
|
|
|
|
|
2006-01-06 16:19:40 +08:00
|
|
|
/* The read buffer is required to be at least 8k, but may be much larger */
|
|
|
|
#define FUSE_MIN_READ_BUFFER 8192
|
2005-09-10 04:10:28 +08:00
|
|
|
|
2007-10-18 18:07:05 +08:00
|
|
|
#define FUSE_COMPAT_ENTRY_OUT_SIZE 120
|
|
|
|
|
2005-09-10 04:10:28 +08:00
|
|
|
struct fuse_entry_out {
|
|
|
|
__u64 nodeid; /* Inode ID */
|
|
|
|
__u64 generation; /* Inode generation: nodeid:gen must
|
|
|
|
be unique for the fs's lifetime */
|
|
|
|
__u64 entry_valid; /* Cache timeout for the name */
|
|
|
|
__u64 attr_valid; /* Cache timeout for the attributes */
|
|
|
|
__u32 entry_valid_nsec;
|
|
|
|
__u32 attr_valid_nsec;
|
|
|
|
struct fuse_attr attr;
|
|
|
|
};
|
|
|
|
|
|
|
|
struct fuse_forget_in {
|
2005-09-10 04:10:29 +08:00
|
|
|
__u64 nlookup;
|
2005-09-10 04:10:28 +08:00
|
|
|
};
|
|
|
|
|
2007-10-18 18:06:59 +08:00
|
|
|
struct fuse_getattr_in {
|
|
|
|
__u32 getattr_flags;
|
|
|
|
__u32 dummy;
|
|
|
|
__u64 fh;
|
|
|
|
};
|
|
|
|
|
2007-10-18 18:07:05 +08:00
|
|
|
#define FUSE_COMPAT_ATTR_OUT_SIZE 96
|
|
|
|
|
2005-09-10 04:10:28 +08:00
|
|
|
struct fuse_attr_out {
|
|
|
|
__u64 attr_valid; /* Cache timeout for the attributes */
|
|
|
|
__u32 attr_valid_nsec;
|
|
|
|
__u32 dummy;
|
|
|
|
struct fuse_attr attr;
|
|
|
|
};
|
|
|
|
|
2005-09-10 04:10:29 +08:00
|
|
|
struct fuse_mknod_in {
|
|
|
|
__u32 mode;
|
|
|
|
__u32 rdev;
|
|
|
|
};
|
|
|
|
|
|
|
|
struct fuse_mkdir_in {
|
|
|
|
__u32 mode;
|
2005-09-10 04:10:32 +08:00
|
|
|
__u32 padding;
|
2005-09-10 04:10:29 +08:00
|
|
|
};
|
|
|
|
|
|
|
|
struct fuse_rename_in {
|
|
|
|
__u64 newdir;
|
|
|
|
};
|
|
|
|
|
|
|
|
struct fuse_link_in {
|
|
|
|
__u64 oldnodeid;
|
|
|
|
};
|
|
|
|
|
|
|
|
struct fuse_setattr_in {
|
|
|
|
__u32 valid;
|
2005-09-10 04:10:32 +08:00
|
|
|
__u32 padding;
|
2005-11-07 16:59:52 +08:00
|
|
|
__u64 fh;
|
|
|
|
__u64 size;
|
2007-10-18 18:07:04 +08:00
|
|
|
__u64 lock_owner;
|
2005-11-07 16:59:52 +08:00
|
|
|
__u64 atime;
|
|
|
|
__u64 mtime;
|
|
|
|
__u64 unused2;
|
|
|
|
__u32 atimensec;
|
|
|
|
__u32 mtimensec;
|
|
|
|
__u32 unused3;
|
|
|
|
__u32 mode;
|
|
|
|
__u32 unused4;
|
|
|
|
__u32 uid;
|
|
|
|
__u32 gid;
|
|
|
|
__u32 unused5;
|
2005-09-10 04:10:29 +08:00
|
|
|
};
|
|
|
|
|
2005-09-10 04:10:30 +08:00
|
|
|
struct fuse_open_in {
|
|
|
|
__u32 flags;
|
2005-11-07 16:59:51 +08:00
|
|
|
__u32 mode;
|
2005-09-10 04:10:30 +08:00
|
|
|
};
|
|
|
|
|
|
|
|
struct fuse_open_out {
|
|
|
|
__u64 fh;
|
|
|
|
__u32 open_flags;
|
2005-09-10 04:10:32 +08:00
|
|
|
__u32 padding;
|
2005-09-10 04:10:30 +08:00
|
|
|
};
|
|
|
|
|
|
|
|
struct fuse_release_in {
|
|
|
|
__u64 fh;
|
|
|
|
__u32 flags;
|
2006-12-07 12:35:38 +08:00
|
|
|
__u32 release_flags;
|
|
|
|
__u64 lock_owner;
|
2005-09-10 04:10:30 +08:00
|
|
|
};
|
|
|
|
|
|
|
|
struct fuse_flush_in {
|
|
|
|
__u64 fh;
|
2006-12-07 12:35:38 +08:00
|
|
|
__u32 unused;
|
2005-09-10 04:10:32 +08:00
|
|
|
__u32 padding;
|
2006-06-25 20:48:52 +08:00
|
|
|
__u64 lock_owner;
|
2005-09-10 04:10:30 +08:00
|
|
|
};
|
|
|
|
|
|
|
|
struct fuse_read_in {
|
|
|
|
__u64 fh;
|
|
|
|
__u64 offset;
|
|
|
|
__u32 size;
|
2007-10-18 18:07:04 +08:00
|
|
|
__u32 read_flags;
|
|
|
|
__u64 lock_owner;
|
2005-09-10 04:10:30 +08:00
|
|
|
};
|
|
|
|
|
2007-10-18 18:07:04 +08:00
|
|
|
#define FUSE_COMPAT_WRITE_IN_SIZE 24
|
|
|
|
|
2005-09-10 04:10:30 +08:00
|
|
|
struct fuse_write_in {
|
|
|
|
__u64 fh;
|
|
|
|
__u64 offset;
|
|
|
|
__u32 size;
|
|
|
|
__u32 write_flags;
|
2007-10-18 18:07:04 +08:00
|
|
|
__u64 lock_owner;
|
2005-09-10 04:10:30 +08:00
|
|
|
};
|
|
|
|
|
|
|
|
struct fuse_write_out {
|
|
|
|
__u32 size;
|
2005-09-10 04:10:32 +08:00
|
|
|
__u32 padding;
|
2005-09-10 04:10:30 +08:00
|
|
|
};
|
|
|
|
|
2006-01-06 16:19:37 +08:00
|
|
|
#define FUSE_COMPAT_STATFS_SIZE 48
|
|
|
|
|
2005-09-10 04:10:28 +08:00
|
|
|
struct fuse_statfs_out {
|
|
|
|
struct fuse_kstatfs st;
|
|
|
|
};
|
|
|
|
|
2005-09-10 04:10:30 +08:00
|
|
|
struct fuse_fsync_in {
|
|
|
|
__u64 fh;
|
|
|
|
__u32 fsync_flags;
|
2005-09-10 04:10:32 +08:00
|
|
|
__u32 padding;
|
2005-09-10 04:10:30 +08:00
|
|
|
};
|
|
|
|
|
2005-09-10 04:10:31 +08:00
|
|
|
struct fuse_setxattr_in {
|
|
|
|
__u32 size;
|
|
|
|
__u32 flags;
|
|
|
|
};
|
|
|
|
|
|
|
|
struct fuse_getxattr_in {
|
|
|
|
__u32 size;
|
2005-09-10 04:10:32 +08:00
|
|
|
__u32 padding;
|
2005-09-10 04:10:31 +08:00
|
|
|
};
|
|
|
|
|
|
|
|
struct fuse_getxattr_out {
|
|
|
|
__u32 size;
|
2005-09-10 04:10:32 +08:00
|
|
|
__u32 padding;
|
2005-09-10 04:10:31 +08:00
|
|
|
};
|
|
|
|
|
2006-06-25 20:48:52 +08:00
|
|
|
struct fuse_lk_in {
|
|
|
|
__u64 fh;
|
|
|
|
__u64 owner;
|
|
|
|
struct fuse_file_lock lk;
|
2007-10-18 18:07:02 +08:00
|
|
|
__u32 lk_flags;
|
|
|
|
__u32 padding;
|
2006-06-25 20:48:52 +08:00
|
|
|
};
|
|
|
|
|
|
|
|
struct fuse_lk_out {
|
|
|
|
struct fuse_file_lock lk;
|
|
|
|
};
|
|
|
|
|
2005-11-07 16:59:50 +08:00
|
|
|
struct fuse_access_in {
|
|
|
|
__u32 mask;
|
|
|
|
__u32 padding;
|
|
|
|
};
|
|
|
|
|
2006-01-06 16:19:41 +08:00
|
|
|
struct fuse_init_in {
|
2005-09-10 04:10:27 +08:00
|
|
|
__u32 major;
|
|
|
|
__u32 minor;
|
2006-02-01 19:04:40 +08:00
|
|
|
__u32 max_readahead;
|
|
|
|
__u32 flags;
|
2005-09-10 04:10:27 +08:00
|
|
|
};
|
|
|
|
|
2006-01-06 16:19:41 +08:00
|
|
|
struct fuse_init_out {
|
|
|
|
__u32 major;
|
|
|
|
__u32 minor;
|
2006-02-01 19:04:40 +08:00
|
|
|
__u32 max_readahead;
|
|
|
|
__u32 flags;
|
|
|
|
__u32 unused;
|
2006-01-06 16:19:41 +08:00
|
|
|
__u32 max_write;
|
|
|
|
};
|
|
|
|
|
2006-06-25 20:48:54 +08:00
|
|
|
struct fuse_interrupt_in {
|
|
|
|
__u64 unique;
|
|
|
|
};
|
|
|
|
|
2006-12-07 12:35:51 +08:00
|
|
|
struct fuse_bmap_in {
|
|
|
|
__u64 block;
|
|
|
|
__u32 blocksize;
|
|
|
|
__u32 padding;
|
|
|
|
};
|
|
|
|
|
|
|
|
struct fuse_bmap_out {
|
|
|
|
__u64 block;
|
|
|
|
};
|
|
|
|
|
2005-09-10 04:10:27 +08:00
|
|
|
struct fuse_in_header {
|
|
|
|
__u32 len;
|
|
|
|
__u32 opcode;
|
|
|
|
__u64 unique;
|
|
|
|
__u64 nodeid;
|
|
|
|
__u32 uid;
|
|
|
|
__u32 gid;
|
|
|
|
__u32 pid;
|
2005-09-10 04:10:32 +08:00
|
|
|
__u32 padding;
|
2005-09-10 04:10:27 +08:00
|
|
|
};
|
|
|
|
|
|
|
|
struct fuse_out_header {
|
|
|
|
__u32 len;
|
|
|
|
__s32 error;
|
|
|
|
__u64 unique;
|
|
|
|
};
|
|
|
|
|
2005-09-10 04:10:28 +08:00
|
|
|
struct fuse_dirent {
|
|
|
|
__u64 ino;
|
|
|
|
__u64 off;
|
|
|
|
__u32 namelen;
|
|
|
|
__u32 type;
|
|
|
|
char name[0];
|
|
|
|
};
|
|
|
|
|
2007-07-16 14:39:50 +08:00
|
|
|
#define FUSE_NAME_OFFSET offsetof(struct fuse_dirent, name)
|
2005-09-10 04:10:28 +08:00
|
|
|
#define FUSE_DIRENT_ALIGN(x) (((x) + sizeof(__u64) - 1) & ~(sizeof(__u64) - 1))
|
|
|
|
#define FUSE_DIRENT_SIZE(d) \
|
|
|
|
FUSE_DIRENT_ALIGN(FUSE_NAME_OFFSET + (d)->namelen)
|