From: Miklos Szeredi This patch removes the "allow_root" mount option, since it can be done in userspace. Based on Jamie Lokier's idea. Signed-off-by: Miklos Szeredi Signed-off-by: Andrew Morton --- fs/fuse/dir.c | 7 ++----- fs/fuse/fuse_i.h | 4 ---- fs/fuse/inode.c | 8 -------- 3 files changed, 2 insertions(+), 17 deletions(-) diff -puN fs/fuse/dir.c~fuse-mount-options-remove-allow_root-mount-option fs/fuse/dir.c --- 25/fs/fuse/dir.c~fuse-mount-options-remove-allow_root-mount-option 2005-05-10 02:22:03.000000000 -0700 +++ 25-akpm/fs/fuse/dir.c 2005-05-10 02:22:03.000000000 -0700 @@ -419,9 +419,7 @@ static int fuse_revalidate(struct dentry if (get_node_id(inode) == FUSE_ROOT_ID) { if (!(fc->flags & FUSE_ALLOW_OTHER) && - current->fsuid != fc->user_id && - (!(fc->flags & FUSE_ALLOW_ROOT) || - !capable(CAP_DAC_OVERRIDE))) + current->fsuid != fc->user_id) return -EACCES; } else if (time_before_eq(jiffies, fi->i_time)) return 0; @@ -433,8 +431,7 @@ static int fuse_permission(struct inode { struct fuse_conn *fc = get_fuse_conn(inode); - if (!(fc->flags & FUSE_ALLOW_OTHER) && current->fsuid != fc->user_id && - (!(fc->flags & FUSE_ALLOW_ROOT) || !capable(CAP_DAC_OVERRIDE))) + if (!(fc->flags & FUSE_ALLOW_OTHER) && current->fsuid != fc->user_id) return -EACCES; else if (fc->flags & FUSE_DEFAULT_PERMISSIONS) { int err = generic_permission(inode, mask, NULL); diff -puN fs/fuse/fuse_i.h~fuse-mount-options-remove-allow_root-mount-option fs/fuse/fuse_i.h --- 25/fs/fuse/fuse_i.h~fuse-mount-options-remove-allow_root-mount-option 2005-05-10 02:22:03.000000000 -0700 +++ 25-akpm/fs/fuse/fuse_i.h 2005-05-10 02:22:03.000000000 -0700 @@ -34,10 +34,6 @@ be flushed on open */ #define FUSE_KERNEL_CACHE (1 << 2) -/** Allow root and setuid-root programs to access fuse-mounted - filesystems */ -#define FUSE_ALLOW_ROOT (1 << 4) - /** FUSE inode */ struct fuse_inode { /** Inode data */ diff -puN fs/fuse/inode.c~fuse-mount-options-remove-allow_root-mount-option fs/fuse/inode.c --- 25/fs/fuse/inode.c~fuse-mount-options-remove-allow_root-mount-option 2005-05-10 02:22:03.000000000 -0700 +++ 25-akpm/fs/fuse/inode.c 2005-05-10 02:22:03.000000000 -0700 @@ -249,7 +249,6 @@ enum { OPT_USER_ID, OPT_DEFAULT_PERMISSIONS, OPT_ALLOW_OTHER, - OPT_ALLOW_ROOT, OPT_KERNEL_CACHE, OPT_ERR }; @@ -260,7 +259,6 @@ static match_table_t tokens = { {OPT_USER_ID, "user_id=%u"}, {OPT_DEFAULT_PERMISSIONS, "default_permissions"}, {OPT_ALLOW_OTHER, "allow_other"}, - {OPT_ALLOW_ROOT, "allow_root"}, {OPT_KERNEL_CACHE, "kernel_cache"}, {OPT_ERR, NULL} }; @@ -306,10 +304,6 @@ static int parse_fuse_opt(char *opt, str d->flags |= FUSE_ALLOW_OTHER; break; - case OPT_ALLOW_ROOT: - d->flags |= FUSE_ALLOW_ROOT; - break; - case OPT_KERNEL_CACHE: d->flags |= FUSE_KERNEL_CACHE; break; @@ -333,8 +327,6 @@ static int fuse_show_options(struct seq_ seq_puts(m, ",default_permissions"); if (fc->flags & FUSE_ALLOW_OTHER) seq_puts(m, ",allow_other"); - if (fc->flags & FUSE_ALLOW_ROOT) - seq_puts(m, ",allow_root"); if (fc->flags & FUSE_KERNEL_CACHE) seq_puts(m, ",kernel_cache"); return 0; _