[GIT PULL] libfuse: run fuse servers as a contained service

[GIT PULL] libfuse: run fuse servers as a contained service

[Darrick J. Wong]

Hi Bernd,

Please pull this branch with changes for libfuse.

As usual, I did a test-merge with the main upstream branch as of a few
minutes ago, and didn't see any conflicts.  Please let me know if you
encounter any problems.

--D

The following changes since commit 73db1b26a4c759ecf6cfce495d8be85d5e5085f4:

fix: add assert to prevent NULL pointer dereference in try_get_path (2026-03-03 15:39:48 +0100)

are available in the Git repository at:

https://git.kernel.org/pub/scm/linux/kernel/git/djwong/libfuse.git tags/fuse-service-container-3.19_2026-03-03

for you to fetch changes up to d686733ac24a50e957cfd1117cc3315cce510bf3:

example/service_ll: create a sample systemd service fuse server (2026-03-03 15:41:58 -0800)

----------------------------------------------------------------
libfuse: run fuse servers as a contained service [v8]

This patchset defines the necessary communication protocols and library
code so that users can mount fuse servers that run in unprivileged
systemd service containers.  That in turn allows unprivileged untrusted
mounts, because the worst that can happen is that a malicious image
crashes the fuse server and the mount dies, instead of corrupting the
kernel.

Bernd indicated that he might be interested in looking at the fuse
system service containment patches sooner than later, so I've separated
them from the iomap stuff and here we are.  With this patchset, we can
at least shift fuse servers to contained systemd services, albeit
without any of the performance improvements of iomap.

With a bit of luck, this should all go splendidly.

Signed-off-by: "Darrick J. Wong" <djwong@kernel.org>

----------------------------------------------------------------
Darrick J. Wong (3):
libfuse: add systemd/inetd socket service mounting helper
libfuse: integrate fuse services into mount.fuse3
example/service_ll: create a sample systemd service fuse server

include/fuse_service.h       |  180 +++++++
include/fuse_service_priv.h  |  118 +++++
lib/fuse_i.h                 |    5 +
util/mount_service.h         |   41 ++
doc/fuservicemount3.8        |   32 ++
doc/meson.build              |    3 +
example/meson.build          |    7 +
example/service_ll.c         |  823 ++++++++++++++++++++++++++++++++
example/service_ll.socket.in |   16 +
example/service_ll@.service  |   99 ++++
include/meson.build          |    4 +
lib/fuse_service.c           |  859 ++++++++++++++++++++++++++++++++++
lib/fuse_service_stub.c      |   91 ++++
lib/fuse_versionscript       |   15 +
lib/helper.c                 |   53 +++
lib/meson.build              |   14 +-
lib/mount.c                  |   57 ++-
meson.build                  |   37 ++
meson_options.txt            |    6 +
util/fuservicemount.c        |   66 +++
util/meson.build             |   13 +-
util/mount.fuse.c            |   58 ++-
util/mount_service.c         | 1056 ++++++++++++++++++++++++++++++++++++++++++
23 files changed, 3617 insertions(+), 36 deletions(-)
create mode 100644 include/fuse_service.h
create mode 100644 include/fuse_service_priv.h
create mode 100644 util/mount_service.h
create mode 100644 doc/fuservicemount3.8
create mode 100644 example/service_ll.c
create mode 100644 example/service_ll.socket.in
create mode 100644 example/service_ll@.service
create mode 100644 lib/fuse_service.c
create mode 100644 lib/fuse_service_stub.c
create mode 100644 util/fuservicemount.c
create mode 100644 util/mount_service.c

Re: [GIT PULL] libfuse: run fuse servers as a contained service

[Bernd Schubert]

On 3/4/26 01:11, Darrick J. Wong wrote:
> Hi Bernd,
> 
> Please pull this branch with changes for libfuse.
> 
> As usual, I did a test-merge with the main upstream branch as of a few
> minutes ago, and didn't see any conflicts.  Please let me know if you
> encounter any problems.

Hi Darrick,

quite some problems actually ;)

https://github.com/libfuse/libfuse/pull/1444

Basically everything fails.  Build test with

../../../home/runner/work/libfuse/libfuse/lib/fuse_service.c:24:10:
fatal error: 'systemd/sd-daemon.h' file not found
   24 | #include <systemd/sd-daemon.h>


Two issues here:
a) meson is not testing for sd-daemon.h?
a.1) If not available needs to disable that service? Because I don't
think BSD has support for systemd.

b) .github/workflow/*.yml files need to be adjusted to add in the new
dependency.


Please also have a look at checkpatch (which is a plain linux copy) and
the spelling test failures.


Thanks,
Bernd

Re: [GIT PULL] libfuse: run fuse servers as a contained service

[Darrick J. Wong]

On Wed, Mar 04, 2026 at 02:36:03PM +0100, Bernd Schubert wrote:
> 
> 
> On 3/4/26 01:11, Darrick J. Wong wrote:
> > Hi Bernd,
> > 
> > Please pull this branch with changes for libfuse.
> > 
> > As usual, I did a test-merge with the main upstream branch as of a few
> > minutes ago, and didn't see any conflicts.  Please let me know if you
> > encounter any problems.
> 
> Hi Darrick,
> 
> quite some problems actually ;)
> 
> https://github.com/libfuse/libfuse/pull/1444
> 
> Basically everything fails.  Build test with

Doh :(

> ../../../home/runner/work/libfuse/libfuse/lib/fuse_service.c:24:10:
> fatal error: 'systemd/sd-daemon.h' file not found
>    24 | #include <systemd/sd-daemon.h>
> 
> 
> Two issues here:
> a) meson is not testing for sd-daemon.h?

Hrm.  meson.build *should* have this clause to detect systemd:

# Check for systemd support
systemd_system_unit_dir = get_option('systemdsystemunitdir')
if systemd_system_unit_dir == ''
  systemd = dependency('systemd', required: false)
  if systemd.found()
     systemd_system_unit_dir = systemd.get_variable(pkgconfig: 'systemd_system_unit_dir')
  endif
endif

if systemd_system_unit_dir == ''
  warning('could not determine systemdsystemunitdir, systemd stuff will not be installed')
else
  private_cfg.set_quoted('SYSTEMD_SYSTEM_UNIT_DIR', systemd_system_unit_dir)
  private_cfg.set('HAVE_SYSTEMD', true)
endif

# Check for libc SCM_RIGHTS support (aka Linux)
code = '''
#include <sys/socket.h>
int main(void) {
    int moo = SCM_RIGHTS;
    return moo;
}'''
if cc.links(code, name: 'libc SCM_RIGHTS support')
  private_cfg.set('HAVE_SCM_RIGHTS', true)
endif

if private_cfg.get('HAVE_SCM_RIGHTS', false) and private_cfg.get('HAVE_SYSTEMD', false)
  private_cfg.set('HAVE_SERVICEMOUNT', true)
endif


But apparently it built fuse_service.c anyway?  I'll have to look deeper
into what github ci did, since the pkgconfig fil... oh crikey.

systemd-dev contains the systemd.pc file, so the systemd.get_variable
call succeeds and returns a path, thereby enabling the build.  However,
the header files are in libsystemd-dev, and neither package depends on
the other.

So I clearly need to test for the presence of sd-daemon.h in that first
clause that determines if HAVE_SYSTEMD gets set.

> a.1) If not available needs to disable that service? Because I don't
> think BSD has support for systemd.

<nod>

> b) .github/workflow/*.yml files need to be adjusted to add in the new
> dependency.

Oh, ok.  The 'apt install' lines should probably add in systemd-dev.

> Please also have a look at checkpatch (which is a plain linux copy) and
> the spelling test failures.

Ok, will do.

--D

> 
> 
> Thanks,
> Bernd
> 
> 

Re: [GIT PULL] libfuse: run fuse servers as a contained service

[Darrick J. Wong]

On Wed, Mar 04, 2026 at 09:06:52AM -0800, Darrick J. Wong wrote:
> On Wed, Mar 04, 2026 at 02:36:03PM +0100, Bernd Schubert wrote:
> > 
> > 
> > On 3/4/26 01:11, Darrick J. Wong wrote:
> > > Hi Bernd,
> > > 
> > > Please pull this branch with changes for libfuse.
> > > 
> > > As usual, I did a test-merge with the main upstream branch as of a few
> > > minutes ago, and didn't see any conflicts.  Please let me know if you
> > > encounter any problems.
> > 
> > Hi Darrick,
> > 
> > quite some problems actually ;)
> > 
> > https://github.com/libfuse/libfuse/pull/1444
> > 
> > Basically everything fails.  Build test with
> 
> Doh :(
> 
> > ../../../home/runner/work/libfuse/libfuse/lib/fuse_service.c:24:10:
> > fatal error: 'systemd/sd-daemon.h' file not found
> >    24 | #include <systemd/sd-daemon.h>
> > 
> > 
> > Two issues here:
> > a) meson is not testing for sd-daemon.h?
> 
> Hrm.  meson.build *should* have this clause to detect systemd:
> 
> # Check for systemd support
> systemd_system_unit_dir = get_option('systemdsystemunitdir')
> if systemd_system_unit_dir == ''
>   systemd = dependency('systemd', required: false)
>   if systemd.found()
>      systemd_system_unit_dir = systemd.get_variable(pkgconfig: 'systemd_system_unit_dir')
>   endif
> endif
> 
> if systemd_system_unit_dir == ''
>   warning('could not determine systemdsystemunitdir, systemd stuff will not be installed')
> else
>   private_cfg.set_quoted('SYSTEMD_SYSTEM_UNIT_DIR', systemd_system_unit_dir)
>   private_cfg.set('HAVE_SYSTEMD', true)
> endif
> 
> # Check for libc SCM_RIGHTS support (aka Linux)
> code = '''
> #include <sys/socket.h>
> int main(void) {
>     int moo = SCM_RIGHTS;
>     return moo;
> }'''
> if cc.links(code, name: 'libc SCM_RIGHTS support')
>   private_cfg.set('HAVE_SCM_RIGHTS', true)
> endif
> 
> if private_cfg.get('HAVE_SCM_RIGHTS', false) and private_cfg.get('HAVE_SYSTEMD', false)
>   private_cfg.set('HAVE_SERVICEMOUNT', true)
> endif
> 
> 
> But apparently it built fuse_service.c anyway?  I'll have to look deeper
> into what github ci did, since the pkgconfig fil... oh crikey.
> 
> systemd-dev contains the systemd.pc file, so the systemd.get_variable
> call succeeds and returns a path, thereby enabling the build.  However,
> the header files are in libsystemd-dev, and neither package depends on
> the other.
> 
> So I clearly need to test for the presence of sd-daemon.h in that first
> clause that determines if HAVE_SYSTEMD gets set.
> 
> > a.1) If not available needs to disable that service? Because I don't
> > think BSD has support for systemd.
> 
> <nod>
> 
> > b) .github/workflow/*.yml files need to be adjusted to add in the new
> > dependency.
> 
> Oh, ok.  The 'apt install' lines should probably add in systemd-dev.
> 
> > Please also have a look at checkpatch (which is a plain linux copy) and
> > the spelling test failures.
> 
> Ok, will do.

...and the immediate problem that I run into is that all the logs are
hidden behind a login wall so I cannot read them. :(

(It leaked enough about the spelling errors that I can fix those, and
I can run checkpatch locally, but I don't know what else went wrong with
the bsd build or the abi check.)

--D

> --D
> 
> > 
> > 
> > Thanks,
> > Bernd
> > 
> > 
> 

Re: [GIT PULL] libfuse: run fuse servers as a contained service

[Bernd Schubert]

On 3/4/26 19:06, Darrick J. Wong wrote:
> On Wed, Mar 04, 2026 at 09:06:52AM -0800, Darrick J. Wong wrote:
>> On Wed, Mar 04, 2026 at 02:36:03PM +0100, Bernd Schubert wrote:
>>>
>>>
>>> On 3/4/26 01:11, Darrick J. Wong wrote:
>>>> Hi Bernd,
>>>>
>>>> Please pull this branch with changes for libfuse.
>>>>
>>>> As usual, I did a test-merge with the main upstream branch as of a few
>>>> minutes ago, and didn't see any conflicts.  Please let me know if you
>>>> encounter any problems.
>>>
>>> Hi Darrick,
>>>
>>> quite some problems actually ;)
>>>
>>> https://github.com/libfuse/libfuse/pull/1444
>>>
>>> Basically everything fails.  Build test with
>>
>> Doh :(
>>
>>> ../../../home/runner/work/libfuse/libfuse/lib/fuse_service.c:24:10:
>>> fatal error: 'systemd/sd-daemon.h' file not found
>>>    24 | #include <systemd/sd-daemon.h>
>>>
>>>
>>> Two issues here:
>>> a) meson is not testing for sd-daemon.h?
>>
>> Hrm.  meson.build *should* have this clause to detect systemd:
>>
>> # Check for systemd support
>> systemd_system_unit_dir = get_option('systemdsystemunitdir')
>> if systemd_system_unit_dir == ''
>>   systemd = dependency('systemd', required: false)
>>   if systemd.found()
>>      systemd_system_unit_dir = systemd.get_variable(pkgconfig: 'systemd_system_unit_dir')
>>   endif
>> endif
>>
>> if systemd_system_unit_dir == ''
>>   warning('could not determine systemdsystemunitdir, systemd stuff will not be installed')
>> else
>>   private_cfg.set_quoted('SYSTEMD_SYSTEM_UNIT_DIR', systemd_system_unit_dir)
>>   private_cfg.set('HAVE_SYSTEMD', true)
>> endif
>>
>> # Check for libc SCM_RIGHTS support (aka Linux)
>> code = '''
>> #include <sys/socket.h>
>> int main(void) {
>>     int moo = SCM_RIGHTS;
>>     return moo;
>> }'''
>> if cc.links(code, name: 'libc SCM_RIGHTS support')
>>   private_cfg.set('HAVE_SCM_RIGHTS', true)
>> endif
>>
>> if private_cfg.get('HAVE_SCM_RIGHTS', false) and private_cfg.get('HAVE_SYSTEMD', false)
>>   private_cfg.set('HAVE_SERVICEMOUNT', true)
>> endif
>>
>>
>> But apparently it built fuse_service.c anyway?  I'll have to look deeper
>> into what github ci did, since the pkgconfig fil... oh crikey.
>>
>> systemd-dev contains the systemd.pc file, so the systemd.get_variable
>> call succeeds and returns a path, thereby enabling the build.  However,
>> the header files are in libsystemd-dev, and neither package depends on
>> the other.
>>
>> So I clearly need to test for the presence of sd-daemon.h in that first
>> clause that determines if HAVE_SYSTEMD gets set.

Or link test for systemd

>>
>>> a.1) If not available needs to disable that service? Because I don't
>>> think BSD has support for systemd.
>>
>> <nod>
>>
>>> b) .github/workflow/*.yml files need to be adjusted to add in the new
>>> dependency.
>>
>> Oh, ok.  The 'apt install' lines should probably add in systemd-dev.
>>
>>> Please also have a look at checkpatch (which is a plain linux copy) and
>>> the spelling test failures.
>>
>> Ok, will do.
> 
> ...and the immediate problem that I run into is that all the logs are
> hidden behind a login wall so I cannot read them. :(
> 
> (It leaked enough about the spelling errors that I can fix those, and
> I can run checkpatch locally, but I don't know what else went wrong with
> the bsd build or the abi check.)
> 


BSD errors are actually a bit tricky, because it runs them in a VM, one has
to look at "raw logs". I think ABI checks are failling as the normal build
test because of the meson issue.
BSD is this

2026-03-04T13:17:20.5979965Z [14/82] cc -Ilib/libfuse3.so.3.19.0.p -Ilib -I../lib -Iinclude -I../include -I. -I.. -fdiagnostics-color=always -Wall -Winvalid-pch -Wextra -std=gnu11 -O2 -g -D_REENTRANT -DHAVE_LIBFUSE_PRIVATE_CONFIG_H -Wno-sign-compare -D_FILE_OFFSET_BITS=64 -Wstrict-prototypes -Wmissing-declarations -Wwrite-strings -fno-strict-aliasing -fPIC -pthread -DFUSE_USE_VERSION=317 '-DFUSERMOUNT_DIR="/usr/local/bin"' -MD -MQ lib/libfuse3.so.3.19.0.p/fuse_service_stub.c.o -MF lib/libfuse3.so.3.19.0.p/fuse_service_stub.c.o.d -o lib/libfuse3.so.3.19.0.p/fuse_service_stub.c.o -c ../lib/fuse_service_stub.c
2026-03-04T13:17:20.6004021Z FAILED: [code=1] lib/libfuse3.so.3.19.0.p/fuse_service_stub.c.o 
2026-03-04T13:17:20.6008119Z cc -Ilib/libfuse3.so.3.19.0.p -Ilib -I../lib -Iinclude -I../include -I. -I.. -fdiagnostics-color=always -Wall -Winvalid-pch -Wextra -std=gnu11 -O2 -g -D_REENTRANT -DHAVE_LIBFUSE_PRIVATE_CONFIG_H -Wno-sign-compare -D_FILE_OFFSET_BITS=64 -Wstrict-prototypes -Wmissing-declarations -Wwrite-strings -fno-strict-aliasing -fPIC -pthread -DFUSE_USE_VERSION=317 '-DFUSERMOUNT_DIR="/usr/local/bin"' -MD -MQ lib/libfuse3.so.3.19.0.p/fuse_service_stub.c.o -MF lib/libfuse3.so.3.19.0.p/fuse_service_stub.c.o.d -o lib/libfuse3.so.3.19.0.p/fuse_service_stub.c.o -c ../lib/fuse_service_stub.c
2026-03-04T13:17:20.6012011Z In file included from ../lib/fuse_service_stub.c:21:
2026-03-04T13:17:20.6013206Z ../include/fuse_service_priv.h:12:2: error: unknown type name '__be32'
2026-03-04T13:17:20.6013899Z    12 |         __be32 pos;
2026-03-04T13:17:20.6014268Z       |         ^
2026-03-04T13:17:20.6014789Z ../include/fuse_service_priv.h:13:2: error: unknown type name '__be32'
2026-03-04T13:17:20.6015421Z    13 |         __be32 len;
2026-03-04T13:17:20.6015779Z       |         ^
2026-03-04T13:17:20.6016510Z ../include/fuse_service_priv.h:17:2: error: unknown type name '__be32'
2026-03-04T13:17:20.6017130Z    17 |         __be32 magic;
2026-03-04T13:17:20.6017506Z       |         ^
2026-03-04T13:17:20.6018004Z ../include/fuse_service_priv.h:18:2: error: unknown type name '__be32'
2026-03-04T13:17:20.6018615Z    18 |         __be32 argc;
2026-03-04T13:17:20.6018988Z       |         ^


Cheers,
Bernd

Re: [GIT PULL] libfuse: run fuse servers as a contained service

[Darrick J. Wong]

On Wed, Mar 04, 2026 at 08:29:35PM +0100, Bernd Schubert wrote:
> 
> 
> On 3/4/26 19:06, Darrick J. Wong wrote:
> > On Wed, Mar 04, 2026 at 09:06:52AM -0800, Darrick J. Wong wrote:
> >> On Wed, Mar 04, 2026 at 02:36:03PM +0100, Bernd Schubert wrote:
> >>>
> >>>
> >>> On 3/4/26 01:11, Darrick J. Wong wrote:
> >>>> Hi Bernd,
> >>>>
> >>>> Please pull this branch with changes for libfuse.
> >>>>
> >>>> As usual, I did a test-merge with the main upstream branch as of a few
> >>>> minutes ago, and didn't see any conflicts.  Please let me know if you
> >>>> encounter any problems.
> >>>
> >>> Hi Darrick,
> >>>
> >>> quite some problems actually ;)
> >>>
> >>> https://github.com/libfuse/libfuse/pull/1444
> >>>
> >>> Basically everything fails.  Build test with
> >>
> >> Doh :(
> >>
> >>> ../../../home/runner/work/libfuse/libfuse/lib/fuse_service.c:24:10:
> >>> fatal error: 'systemd/sd-daemon.h' file not found
> >>>    24 | #include <systemd/sd-daemon.h>
> >>>
> >>>
> >>> Two issues here:
> >>> a) meson is not testing for sd-daemon.h?
> >>
> >> Hrm.  meson.build *should* have this clause to detect systemd:
> >>
> >> # Check for systemd support
> >> systemd_system_unit_dir = get_option('systemdsystemunitdir')
> >> if systemd_system_unit_dir == ''
> >>   systemd = dependency('systemd', required: false)
> >>   if systemd.found()
> >>      systemd_system_unit_dir = systemd.get_variable(pkgconfig: 'systemd_system_unit_dir')
> >>   endif
> >> endif
> >>
> >> if systemd_system_unit_dir == ''
> >>   warning('could not determine systemdsystemunitdir, systemd stuff will not be installed')
> >> else
> >>   private_cfg.set_quoted('SYSTEMD_SYSTEM_UNIT_DIR', systemd_system_unit_dir)
> >>   private_cfg.set('HAVE_SYSTEMD', true)
> >> endif
> >>
> >> # Check for libc SCM_RIGHTS support (aka Linux)
> >> code = '''
> >> #include <sys/socket.h>
> >> int main(void) {
> >>     int moo = SCM_RIGHTS;
> >>     return moo;
> >> }'''
> >> if cc.links(code, name: 'libc SCM_RIGHTS support')
> >>   private_cfg.set('HAVE_SCM_RIGHTS', true)
> >> endif
> >>
> >> if private_cfg.get('HAVE_SCM_RIGHTS', false) and private_cfg.get('HAVE_SYSTEMD', false)
> >>   private_cfg.set('HAVE_SERVICEMOUNT', true)
> >> endif
> >>
> >>
> >> But apparently it built fuse_service.c anyway?  I'll have to look deeper
> >> into what github ci did, since the pkgconfig fil... oh crikey.
> >>
> >> systemd-dev contains the systemd.pc file, so the systemd.get_variable
> >> call succeeds and returns a path, thereby enabling the build.  However,
> >> the header files are in libsystemd-dev, and neither package depends on
> >> the other.
> >>
> >> So I clearly need to test for the presence of sd-daemon.h in that first
> >> clause that determines if HAVE_SYSTEMD gets set.
> 
> Or link test for systemd

<nod> Hilariously we only need a single #define out of that header file:
SD_LISTEN_FDS_START

> >>
> >>> a.1) If not available needs to disable that service? Because I don't
> >>> think BSD has support for systemd.
> >>
> >> <nod>
> >>
> >>> b) .github/workflow/*.yml files need to be adjusted to add in the new
> >>> dependency.
> >>
> >> Oh, ok.  The 'apt install' lines should probably add in systemd-dev.
> >>
> >>> Please also have a look at checkpatch (which is a plain linux copy) and
> >>> the spelling test failures.
> >>
> >> Ok, will do.
> > 
> > ...and the immediate problem that I run into is that all the logs are
> > hidden behind a login wall so I cannot read them. :(
> > 
> > (It leaked enough about the spelling errors that I can fix those, and
> > I can run checkpatch locally, but I don't know what else went wrong with
> > the bsd build or the abi check.)
> > 
> 
> 
> BSD errors are actually a bit tricky, because it runs them in a VM, one has
> to look at "raw logs". I think ABI checks are failling as the normal build
> test because of the meson issue.
> BSD is this
> 
> 2026-03-04T13:17:20.5979965Z [14/82] cc -Ilib/libfuse3.so.3.19.0.p -Ilib -I../lib -Iinclude -I../include -I. -I.. -fdiagnostics-color=always -Wall -Winvalid-pch -Wextra -std=gnu11 -O2 -g -D_REENTRANT -DHAVE_LIBFUSE_PRIVATE_CONFIG_H -Wno-sign-compare -D_FILE_OFFSET_BITS=64 -Wstrict-prototypes -Wmissing-declarations -Wwrite-strings -fno-strict-aliasing -fPIC -pthread -DFUSE_USE_VERSION=317 '-DFUSERMOUNT_DIR="/usr/local/bin"' -MD -MQ lib/libfuse3.so.3.19.0.p/fuse_service_stub.c.o -MF lib/libfuse3.so.3.19.0.p/fuse_service_stub.c.o.d -o lib/libfuse3.so.3.19.0.p/fuse_service_stub.c.o -c ../lib/fuse_service_stub.c
> 2026-03-04T13:17:20.6004021Z FAILED: [code=1] lib/libfuse3.so.3.19.0.p/fuse_service_stub.c.o 
> 2026-03-04T13:17:20.6008119Z cc -Ilib/libfuse3.so.3.19.0.p -Ilib -I../lib -Iinclude -I../include -I. -I.. -fdiagnostics-color=always -Wall -Winvalid-pch -Wextra -std=gnu11 -O2 -g -D_REENTRANT -DHAVE_LIBFUSE_PRIVATE_CONFIG_H -Wno-sign-compare -D_FILE_OFFSET_BITS=64 -Wstrict-prototypes -Wmissing-declarations -Wwrite-strings -fno-strict-aliasing -fPIC -pthread -DFUSE_USE_VERSION=317 '-DFUSERMOUNT_DIR="/usr/local/bin"' -MD -MQ lib/libfuse3.so.3.19.0.p/fuse_service_stub.c.o -MF lib/libfuse3.so.3.19.0.p/fuse_service_stub.c.o.d -o lib/libfuse3.so.3.19.0.p/fuse_service_stub.c.o -c ../lib/fuse_service_stub.c
> 2026-03-04T13:17:20.6012011Z In file included from ../lib/fuse_service_stub.c:21:
> 2026-03-04T13:17:20.6013206Z ../include/fuse_service_priv.h:12:2: error: unknown type name '__be32'
> 2026-03-04T13:17:20.6013899Z    12 |         __be32 pos;
> 2026-03-04T13:17:20.6014268Z       |         ^
> 2026-03-04T13:17:20.6014789Z ../include/fuse_service_priv.h:13:2: error: unknown type name '__be32'
> 2026-03-04T13:17:20.6015421Z    13 |         __be32 len;
> 2026-03-04T13:17:20.6015779Z       |         ^
> 2026-03-04T13:17:20.6016510Z ../include/fuse_service_priv.h:17:2: error: unknown type name '__be32'
> 2026-03-04T13:17:20.6017130Z    17 |         __be32 magic;
> 2026-03-04T13:17:20.6017506Z       |         ^
> 2026-03-04T13:17:20.6018004Z ../include/fuse_service_priv.h:18:2: error: unknown type name '__be32'
> 2026-03-04T13:17:20.6018615Z    18 |         __be32 argc;
> 2026-03-04T13:17:20.6018988Z       |         ^

Hrmm, well at least on BSD I see that it's building the service stub,
which means that it didn't actually try to build any of the real systemd
service stuff at all.  I think this is due to fuse_service_stub.c
including fuse_service_priv.h unnecessarily.

--D

> 
> 
> Cheers,
> Bernd
> 

Re: [GIT PULL] libfuse: run fuse servers as a contained service

[Darrick J. Wong]

On Wed, Mar 04, 2026 at 02:36:03PM +0100, Bernd Schubert wrote:
> 
> 
> On 3/4/26 01:11, Darrick J. Wong wrote:
> > Hi Bernd,
> > 
> > Please pull this branch with changes for libfuse.
> > 
> > As usual, I did a test-merge with the main upstream branch as of a few
> > minutes ago, and didn't see any conflicts.  Please let me know if you
> > encounter any problems.
> 
> Hi Darrick,
> 
> quite some problems actually ;)
> 
> https://github.com/libfuse/libfuse/pull/1444
> 
> Basically everything fails.  Build test with
> 
> ../../../home/runner/work/libfuse/libfuse/lib/fuse_service.c:24:10:
> fatal error: 'systemd/sd-daemon.h' file not found
>    24 | #include <systemd/sd-daemon.h>
> 
> 
> Two issues here:
> a) meson is not testing for sd-daemon.h?
> a.1) If not available needs to disable that service? Because I don't
> think BSD has support for systemd.
> 
> b) .github/workflow/*.yml files need to be adjusted to add in the new
> dependency.
> 
> 
> Please also have a look at checkpatch (which is a plain linux copy) and
> the spelling test failures.

I have a few questions after running checkpatch.pl (the one in the
libfuse repo):

1. What are the error return conventions for libfuse functions?

   The lowlevel library mostly seems to return 0 for succes or negative
   errno, but not all of them are like that, e.g. fuse_parse_cmdline*.

   The rest of libfuse mostly seems to return 0 for success or -1 for
   error, though it's unclear if they set errno to anything?

   This comes up because checkpatch complains about "return ENOTBLK",
   saying that it should be returning -ENOTBLK.  But I'm already sorta
   confused because libfuse and its examples use positive and negative
   errno inconsistently.

2. There's no strscpy, but the check is left on, and there are plenty of
   users in libfuse.

3. Comments at the top of files -- checkpatch complains that the
   non-first lines of a multiline C comment should start with " * "but
   not all of them do that.  Should I just do C comments the way
   checkpatch wants?  Or keep going with the existing code?

--D

> Thanks,
> Bernd
> 
> 

Re: [GIT PULL] libfuse: run fuse servers as a contained service

[Darrick J. Wong]

On Wed, Mar 04, 2026 at 03:23:53PM -0800, Darrick J. Wong wrote:
> On Wed, Mar 04, 2026 at 02:36:03PM +0100, Bernd Schubert wrote:
> > 
> > 
> > On 3/4/26 01:11, Darrick J. Wong wrote:
> > > Hi Bernd,
> > > 
> > > Please pull this branch with changes for libfuse.
> > > 
> > > As usual, I did a test-merge with the main upstream branch as of a few
> > > minutes ago, and didn't see any conflicts.  Please let me know if you
> > > encounter any problems.
> > 
> > Hi Darrick,
> > 
> > quite some problems actually ;)
> > 
> > https://github.com/libfuse/libfuse/pull/1444
> > 
> > Basically everything fails.  Build test with
> > 
> > ../../../home/runner/work/libfuse/libfuse/lib/fuse_service.c:24:10:
> > fatal error: 'systemd/sd-daemon.h' file not found
> >    24 | #include <systemd/sd-daemon.h>
> > 
> > 
> > Two issues here:
> > a) meson is not testing for sd-daemon.h?
> > a.1) If not available needs to disable that service? Because I don't
> > think BSD has support for systemd.
> > 
> > b) .github/workflow/*.yml files need to be adjusted to add in the new
> > dependency.
> > 
> > 
> > Please also have a look at checkpatch (which is a plain linux copy) and
> > the spelling test failures.
> 
> I have a few questions after running checkpatch.pl (the one in the
> libfuse repo):
> 
> 1. What are the error return conventions for libfuse functions?
> 
>    The lowlevel library mostly seems to return 0 for succes or negative
>    errno, but not all of them are like that, e.g. fuse_parse_cmdline*.
> 
>    The rest of libfuse mostly seems to return 0 for success or -1 for
>    error, though it's unclear if they set errno to anything?
> 
>    This comes up because checkpatch complains about "return ENOTBLK",
>    saying that it should be returning -ENOTBLK.  But I'm already sorta
>    confused because libfuse and its examples use positive and negative
>    errno inconsistently.

Hi Bernd,

Having spent a few days looking through lib/fuse*.c more carefully, I've
come to the conclusion that most lowlevel library functions return 0 or
negative errno on failure, and they often call fuse_log to complain
about whatever failed.  Oddly, fuse_reply_err takes positive errno and
ll servers are required to handle sign conversions correctly.  The high
level fuse library does this inversion.

If that sounds like a reasonable approach for fuse_service.c then I'll
convert it to log and return negative errno like the lowlevel library
does.  Right now it mostly sets errno and returns -1, and isn't
completely consistent about fuse_log().  util/mount_service.c will get
changed to fprintf to stderr and return negative errno on failure.

For *_service.c functions that pass around fds from files opened on the
other side of the service socket, a failure to open a file will result
in the negative errno being sent in place of an fd.

How does that sound?

--D

> 2. There's no strscpy, but the check is left on, and there are plenty of
>    users in libfuse.
> 
> 3. Comments at the top of files -- checkpatch complains that the
>    non-first lines of a multiline C comment should start with " * "but
>    not all of them do that.  Should I just do C comments the way
>    checkpatch wants?  Or keep going with the existing code?
> 
> --D
> 
> > Thanks,
> > Bernd
> > 
> > 
> 

Re: [GIT PULL] libfuse: run fuse servers as a contained service

[Bernd Schubert]

Hi Darrick,

really sorry for mys late reply. To my excuse I have the flu since
Thursday and until yesterday it got worse every day.


On 3/9/26 03:27, Darrick J. Wong wrote:
> On Wed, Mar 04, 2026 at 03:23:53PM -0800, Darrick J. Wong wrote:
>> On Wed, Mar 04, 2026 at 02:36:03PM +0100, Bernd Schubert wrote:
>>>
>>>
>>> On 3/4/26 01:11, Darrick J. Wong wrote:
>>>> Hi Bernd,
>>>>
>>>> Please pull this branch with changes for libfuse.
>>>>
>>>> As usual, I did a test-merge with the main upstream branch as of a few
>>>> minutes ago, and didn't see any conflicts.  Please let me know if you
>>>> encounter any problems.
>>>
>>> Hi Darrick,
>>>
>>> quite some problems actually ;)
>>>
>>> https://github.com/libfuse/libfuse/pull/1444
>>>
>>> Basically everything fails.  Build test with
>>>
>>> ../../../home/runner/work/libfuse/libfuse/lib/fuse_service.c:24:10:
>>> fatal error: 'systemd/sd-daemon.h' file not found
>>>    24 | #include <systemd/sd-daemon.h>
>>>
>>>
>>> Two issues here:
>>> a) meson is not testing for sd-daemon.h?
>>> a.1) If not available needs to disable that service? Because I don't
>>> think BSD has support for systemd.
>>>
>>> b) .github/workflow/*.yml files need to be adjusted to add in the new
>>> dependency.
>>>
>>>
>>> Please also have a look at checkpatch (which is a plain linux copy) and
>>> the spelling test failures.
>>
>> I have a few questions after running checkpatch.pl (the one in the
>> libfuse repo):
>>
>> 1. What are the error return conventions for libfuse functions?
>>
>>    The lowlevel library mostly seems to return 0 for succes or negative
>>    errno, but not all of them are like that, e.g. fuse_parse_cmdline*.
>>
>>    The rest of libfuse mostly seems to return 0 for success or -1 for
>>    error, though it's unclear if they set errno to anything?
>>
>>    This comes up because checkpatch complains about "return ENOTBLK",
>>    saying that it should be returning -ENOTBLK.  But I'm already sorta
>>    confused because libfuse and its examples use positive and negative
>>    errno inconsistently.
> 
> Hi Bernd,
> 
> Having spent a few days looking through lib/fuse*.c more carefully, I've
> come to the conclusion that most lowlevel library functions return 0 or
> negative errno on failure, and they often call fuse_log to complain
> about whatever failed.  Oddly, fuse_reply_err takes positive errno and
> ll servers are required to handle sign conversions correctly.  The high
> level fuse library does this inversion.

Yeah I know, confusing. But without breaking the API I don't think there
is much we can do about now.

> 
> If that sounds like a reasonable approach for fuse_service.c then I'll
> convert it to log and return negative errno like the lowlevel library
> does.  Right now it mostly sets errno and returns -1, and isn't
> completely consistent about fuse_log().  util/mount_service.c will get
> changed to fprintf to stderr and return negative errno on failure.


Sounds good to me. Obviously for expected errors you don't want to
create logs. Logging is another topic I need to address at some point,
so that one can set the actual level one wants to print.

> 
> For *_service.c functions that pass around fds from files opened on the
> other side of the service socket, a failure to open a file will result
> in the negative errno being sent in place of an fd.
> 
> How does that sound?
> 
> --D
> 
>> 2. There's no strscpy, but the check is left on, and there are plenty of
>>    users in libfuse.

Hrmm right, I had copied the script from linux to libfuse so that it
complains about wrong code style. So far it was mostly possible to
disable checks, in this specific case we probably need to modify
checkpatch. Pity, that will make it impossible to simply copy over newer
versions.

>>
>> 3. Comments at the top of files -- checkpatch complains that the
>>    non-first lines of a multiline C comment should start with " * "but
>>    not all of them do that.  Should I just do C comments the way
>>    checkpatch wants?  Or keep going with the existing code?

I guess here it is better to follow checkpatch and change to the style,
it expects.


Thanks,
Bernd

Re: [GIT PULL] libfuse: run fuse servers as a contained service

[Darrick J. Wong]

On Mon, Mar 09, 2026 at 06:34:32PM +0100, Bernd Schubert wrote:
> Hi Darrick,
> 
> really sorry for mys late reply. To my excuse I have the flu since
> Thursday and until yesterday it got worse every day.

Oh, no worries.  I hope you feel better soon, but take the time to rest
and get well!

> On 3/9/26 03:27, Darrick J. Wong wrote:
> > On Wed, Mar 04, 2026 at 03:23:53PM -0800, Darrick J. Wong wrote:
> >> On Wed, Mar 04, 2026 at 02:36:03PM +0100, Bernd Schubert wrote:
> >>>
> >>>
> >>> On 3/4/26 01:11, Darrick J. Wong wrote:
> >>>> Hi Bernd,
> >>>>
> >>>> Please pull this branch with changes for libfuse.
> >>>>
> >>>> As usual, I did a test-merge with the main upstream branch as of a few
> >>>> minutes ago, and didn't see any conflicts.  Please let me know if you
> >>>> encounter any problems.
> >>>
> >>> Hi Darrick,
> >>>
> >>> quite some problems actually ;)
> >>>
> >>> https://github.com/libfuse/libfuse/pull/1444
> >>>
> >>> Basically everything fails.  Build test with
> >>>
> >>> ../../../home/runner/work/libfuse/libfuse/lib/fuse_service.c:24:10:
> >>> fatal error: 'systemd/sd-daemon.h' file not found
> >>>    24 | #include <systemd/sd-daemon.h>
> >>>
> >>>
> >>> Two issues here:
> >>> a) meson is not testing for sd-daemon.h?
> >>> a.1) If not available needs to disable that service? Because I don't
> >>> think BSD has support for systemd.
> >>>
> >>> b) .github/workflow/*.yml files need to be adjusted to add in the new
> >>> dependency.
> >>>
> >>>
> >>> Please also have a look at checkpatch (which is a plain linux copy) and
> >>> the spelling test failures.
> >>
> >> I have a few questions after running checkpatch.pl (the one in the
> >> libfuse repo):
> >>
> >> 1. What are the error return conventions for libfuse functions?
> >>
> >>    The lowlevel library mostly seems to return 0 for succes or negative
> >>    errno, but not all of them are like that, e.g. fuse_parse_cmdline*.
> >>
> >>    The rest of libfuse mostly seems to return 0 for success or -1 for
> >>    error, though it's unclear if they set errno to anything?
> >>
> >>    This comes up because checkpatch complains about "return ENOTBLK",
> >>    saying that it should be returning -ENOTBLK.  But I'm already sorta
> >>    confused because libfuse and its examples use positive and negative
> >>    errno inconsistently.
> > 
> > Hi Bernd,
> > 
> > Having spent a few days looking through lib/fuse*.c more carefully, I've
> > come to the conclusion that most lowlevel library functions return 0 or
> > negative errno on failure, and they often call fuse_log to complain
> > about whatever failed.  Oddly, fuse_reply_err takes positive errno and
> > ll servers are required to handle sign conversions correctly.  The high
> > level fuse library does this inversion.
> 
> Yeah I know, confusing. But without breaking the API I don't think there
> is much we can do about now.

<nod> I agree, the existing library api can't change unless someone
introduce a new name (e.g. fuse_session_custom_io_317)

> > If that sounds like a reasonable approach for fuse_service.c then I'll
> > convert it to log and return negative errno like the lowlevel library
> > does.  Right now it mostly sets errno and returns -1, and isn't
> > completely consistent about fuse_log().  util/mount_service.c will get
> > changed to fprintf to stderr and return negative errno on failure.
> 
> 
> Sounds good to me. Obviously for expected errors you don't want to

Ok good, will go do that this afternoon.

For logging ... I think what I'm going to do is log communication errors
between the mount helper and the fuse server, but pass errors from the
kernel api calls (e.g. ENOENT for an open()) straight to the fuse server
and let them figure out what they want to do.

Maybe I'll consider negative errno for comms failure and positive errno
for expected errors <shrug>.  Let's see how that goes.

> create logs. Logging is another topic I need to address at some point,
> so that one can set the actual level one wants to print.

Oh, I figured one simply overrode the logging function if they wanted
non-default parameters. ;)

> > For *_service.c functions that pass around fds from files opened on the
> > other side of the service socket, a failure to open a file will result
> > in the negative errno being sent in place of an fd.
> > 
> > How does that sound?
> > 
> > --D
> > 
> >> 2. There's no strscpy, but the check is left on, and there are plenty of
> >>    users in libfuse.
> 
> Hrmm right, I had copied the script from linux to libfuse so that it
> complains about wrong code style. So far it was mostly possible to
> disable checks, in this specific case we probably need to modify
> checkpatch. Pity, that will make it impossible to simply copy over newer
> versions.

Oh I was just extracting the checkpatch.pl command line from
.github/workflows/checkpatch.yml so I think you could just add "STRCPY"
to the --ignore value in that file.

> >>
> >> 3. Comments at the top of files -- checkpatch complains that the
> >>    non-first lines of a multiline C comment should start with " * "but
> >>    not all of them do that.  Should I just do C comments the way
> >>    checkpatch wants?  Or keep going with the existing code?
> 
> I guess here it is better to follow checkpatch and change to the style,
> it expects.

That is the nice thing about running checkpatch as a git hook -- it only
applies to new(ly changed) code. :)

Get well soon!

--D

> 
> 
> Thanks,
> Bernd
> 
>