Prior to this commit, after the fuse_loop function returns (e.g. as a
result of "fusermount -u" or equivalent from a separate process), this
main function would call fchdir(oldpwd) unconditionally and then, if the
archive was modified (in memory), rewrite the archive on disk.
This commit changes the "unconditionally" part so that fchdir is only
called if we're about to rewrite the archive on disk. Walking backwards,
the original working directory (the oldpwd variable) is no longer read
if options.readonly is true, as it is not used anywhere else.
For a read-only mount, the fchdir would just be unnecessary work. More
importantly, when running archivemount (in read-only mode) in a
syscall-based sandbox (e.g. minijail), removing the unconditionality of
the fchdir call means fewer syscalls in our allow-list.
Prior to this commit, after the fuse_loop function returns (e.g. as a result of "fusermount -u" or equivalent from a separate process), this main function would call fchdir(oldpwd) unconditionally and then, if the archive was modified (in memory), rewrite the archive on disk.
This commit changes the "unconditionally" part so that fchdir is only called if we're about to rewrite the archive on disk. Walking backwards, the original working directory (the oldpwd variable) is no longer read if options.readonly is true, as it is not used anywhere else.
For a read-only mount, the fchdir would just be unnecessary work. More importantly, when running archivemount (in read-only mode) in a syscall-based sandbox (e.g. minijail), removing the unconditionality of the fchdir call means fewer syscalls in our allow-list.