Open con-f-use opened 4 weeks ago
I would like to avoid regular files, because we than also have to implement a whole other things and we would have to send all reads through fuse, which has significant performance impact. Removing write permission sounds doable though and a very easy fix.
I'll take it. Thanks!
Only solves part of my problem, but at least one of the three apps I'm after would work. Are you sure you it's that annoying to do? I'd really love regular files, too.
The app maintainers rationalize this by "we are usually run as root and we don't want people to hijack our root by overwriting the executables we call" - but at that point, there's probably other issues and also, they could just call "sudo
Mhm actually, how do your programs check permissions?
No symlink exists on stat():
% ls -la /usr/bin/python
lsd: /usr/bin/python: No such file or directory (os error 2).
So I can't remove write permission from something that does not exist on a filesystem that is not writeable.
Ah. found something.
They are closed source, so I can't tell you without significant effort. One only checks for root, the other for read-only root somehow. Or at least they complain about trying to run ip
and the executable being writable for non-root.
strace -f
usually is the best tool for this. But anyway. I assume it's some sort of openat() + fstat(). Otherwise it would follow symlinks and normal stat() doesn't work.
Just for the record, how would I go about to simulate actual regular files instead of symlinks? I don't care about performance in that particular case.
You would need to track inodes and implement read.
I have run into a use-case where the 3rd-party app actually checks that the file is not only root owned, but also no one but the root-user has write permissions.
Can we make the file appear as a regular file, not a symlink and the apparent permissions for envfs-provided executables either configurable, or remove the write bit for group and others?