--- fuse_module/fuse_vfsops.c Sat Jul 14 13:13:55 2007 +++ fuse_module/fuse_vfsops.c Sat Jul 14 13:13:55 2007 @@ -23,6 +23,20 @@ #include "fuse_session.h" #include "fuse_vnode.h" +#if USE_PRIVILEGE_API +#include +#endif + + +/* This will do for privilege types for now */ +#ifndef PRIV_VFS_FUSE_ALLOWOTHER +#define PRIV_VFS_FUSE_ALLOWOTHER PRIV_VFS_MOUNT_NONUSER +#endif +#ifndef PRIV_VFS_FUSE_MOUNT_NONUSER +#define PRIV_VFS_FUSE_MOUNT_NONUSER PRIV_VFS_MOUNT_NONUSER +#endif + + static int fuse_init_handler(struct fuse_ticket *tick, struct uio *uio); static void fuse_send_init(struct fuse_data *data, struct thread *td); static vfs_hash_cmp_t fuse_vnode_bgdrop_cmp; @@ -207,10 +221,8 @@ fuse_mount(struct mount *mp, struct thre KASSERT(fuse_useco >= 0, ("negative fuse usecount despite Giant")); - if (mp->mnt_flag & MNT_UPDATE) { - uprintf("fuse: updating mounts is not supported\n"); + if (mp->mnt_flag & MNT_UPDATE) return (EOPNOTSUPP); - } mp->mnt_flag |= MNT_SYNCHRONOUS; /* Get the new options passed to mount */ @@ -293,10 +305,8 @@ fuse_mount(struct mount *mp, struct thre if (fdata_kick_get(data)) err = ENOTCONN; - if (mntopts & FSESS_DAEMON_CAN_SPY && suser(td)) { - uprintf("only root can use \"allow_other\"\n"); - err = EPERM; - } + if (mntopts & FSESS_DAEMON_CAN_SPY) + err = priv_check(td, PRIV_VFS_FUSE_ALLOWOTHER); slock = &data->mhierlock; /* Note that sx_try_xlock returns 0 on _failure_ */ @@ -334,10 +344,9 @@ fuse_mount(struct mount *mp, struct thre */ err = EINVAL; } else { - if (suser(td) && - td->td_ucred->cr_uid != data->daemoncred->cr_uid) - /* we are not allowed to do the first mount */ - err = EPERM; + if (td->td_ucred->cr_uid != data->daemoncred->cr_uid) + /* are we allowed to do the first mount? */ + err = priv_check(td, PRIV_VFS_FUSE_MOUNT_NONUSER); } if (err) {