* [GIT PULL v2] libfuse: run fuse servers as a contained service
@ 2026-03-16 23:50 Darrick J. Wong
2026-03-17 23:08 ` Bernd Schubert
0 siblings, 1 reply; 4+ messages in thread
From: Darrick J. Wong @ 2026-03-16 23:50 UTC (permalink / raw)
To: bschubert; +Cc: bernd, joannelkoong, linux-fsdevel, miklos, neal
Hi Bernd,
I hope you're feeling better!
Please have a look at this branch with changes for libfuse. This second
PR contains a bunch of new things:
* Cleaned up error code handling and logging
* Examples of systemd-enabled high and low-level fuse servers
* Most of the checkpatch complaints addressed
* fuservicemount3 can now be a setuid program to allow unprivileged
userspace to fire up a contained filesystem driver. This could be
opening Pandora's box...
As usual, I did a test-merge with the main upstream branch as of a few
minutes ago, and didn't see any conflicts. Please let me know if you
encounter any problems.
--D
The following changes since commit 9a003db94e0b4df6f984181468135fac96409b09:
Rename doc/libfuse-operations.txt to doc/fuse-operations.txt (2026-03-12 20:54:19 +0100)
are available in the Git repository at:
https://git.kernel.org/pub/scm/linux/kernel/git/djwong/libfuse.git tags/fuse-service-container_2026-03-16
for you to fetch changes up to 4ba4e3a12bb27cd64abfb56279ed342b08f555da:
nullfs: support fuse systemd service mode (2026-03-15 21:32:35 -0700)
----------------------------------------------------------------
libfuse: run fuse servers as a contained service [v8 1/9]
This patchset defines the necessary communication protocols and library
code so that users can mount fuse servers that run in unprivileged
systemd service containers. That in turn allows unprivileged untrusted
mounts, because the worst that can happen is that a malicious image
crashes the fuse server and the mount dies, instead of corrupting the
kernel.
Bernd indicated that he might be interested in looking at the fuse
system service containment patches sooner than later, so I've separated
them from the iomap stuff and here we are. With this patchset, we can
at least shift fuse servers to contained systemd services, albeit
without any of the performance improvements of iomap.
With a bit of luck, this should all go splendidly.
Signed-off-by: "Darrick J. Wong" <djwong@kernel.org>
----------------------------------------------------------------
Darrick J. Wong (11):
mount_service: add systemd/inetd socket service mounting helper
mount_service: create high level fuse helpers
mount_service: read fuse.conf to enable allow_other for unprivileged mounts
mount_service: use the new mount api for the mount service
mount_service: port over the other non-root user checks
mount.fuse3: integrate systemd service startup
mount_service: allow installation as a setuid program
example/service_ll: create a sample systemd service fuse server
example/hello_ll: port to single-file common code
example/service: create a sample systemd service for a high-level fuse server
nullfs: support fuse systemd service mode
example/single_file.h | 92 ++
include/fuse.h | 31 +
include/fuse_service.h | 203 ++++
include/fuse_service_priv.h | 127 +++
lib/fuse_i.h | 5 +
lib/util.h | 35 +
util/fuser_conf.h | 47 +
util/mount_service.h | 40 +
.github/workflows/abicheck.yml | 2 +-
.github/workflows/abicheck_prev_release.yml | 2 +-
.github/workflows/pr-ci.yml | 2 +-
README.md | 3 +
doc/fuservicemount3.8 | 32 +
doc/meson.build | 3 +
example/hello_ll.c | 124 +--
example/meson.build | 28 +-
example/null.c | 23 +-
example/nullfile.socket.in | 16 +
example/nullfile@.service | 102 ++
example/service_hl.c | 436 ++++++++
example/service_hl.socket.in | 16 +
example/service_hl@.service | 102 ++
example/service_ll.c | 421 ++++++++
example/service_ll.socket.in | 16 +
example/service_ll@.service | 102 ++
example/single_file.c | 394 ++++++++
include/meson.build | 4 +
lib/fuse_service.c | 989 ++++++++++++++++++
lib/fuse_service_stub.c | 96 ++
lib/fuse_versionscript | 17 +
lib/helper.c | 110 +-
lib/meson.build | 14 +-
lib/mount.c | 57 +-
meson.build | 63 ++
meson_options.txt | 6 +
test/ci-build.sh | 7 +
util/fuser_conf.c | 337 +++++++
util/fusermount.c | 313 +-----
util/fuservicemount.c | 66 ++
util/install_helper.sh | 5 +
util/meson.build | 19 +-
util/mount.fuse.c | 58 +-
util/mount_service.c | 1434 +++++++++++++++++++++++++++
43 files changed, 5523 insertions(+), 476 deletions(-)
create mode 100644 example/single_file.h
create mode 100644 include/fuse_service.h
create mode 100644 include/fuse_service_priv.h
create mode 100644 util/fuser_conf.h
create mode 100644 util/mount_service.h
create mode 100644 doc/fuservicemount3.8
create mode 100644 example/nullfile.socket.in
create mode 100644 example/nullfile@.service
create mode 100644 example/service_hl.c
create mode 100644 example/service_hl.socket.in
create mode 100644 example/service_hl@.service
create mode 100644 example/service_ll.c
create mode 100644 example/service_ll.socket.in
create mode 100644 example/service_ll@.service
create mode 100644 example/single_file.c
create mode 100644 lib/fuse_service.c
create mode 100644 lib/fuse_service_stub.c
create mode 100644 util/fuser_conf.c
create mode 100644 util/fuservicemount.c
create mode 100644 util/mount_service.c
NOTE: This is what I saw when I ran checkpatch.pl via the CI wrapper
scripts, and with strcpy complaints turned off. Nearly all the
complaints are from hoisting code from fusermount.c into fuser_conf.c.
I don't know if you want me to correct all the checkpatch complaints
from the old code? Or just copy-paste and ignore checkpatch because
all that code already works?
(My own preference is to copy-paste the code and then apply whatever
style fixes as a subsequent commit, so that the changes are easier to
spot.)
ERROR: Macros with complex values should be enclosed in parentheses
#83: FILE: example/single_file.h:77:
+#define SINGLE_FILE_OPT_KEYS \
+ FUSE_OPT_KEY("ro", SINGLE_FILE_RO), \
+ FUSE_OPT_KEY("rw", SINGLE_FILE_RW), \
+ FUSE_OPT_KEY("dio", SINGLE_FILE_DIO), \
+ FUSE_OPT_KEY("nodio", SINGLE_FILE_NODIO), \
+ FUSE_OPT_KEY("sync", SINGLE_FILE_SYNC), \
+ FUSE_OPT_KEY("nosync", SINGLE_FILE_NOSYNC), \
+ FUSE_OPT_KEY("size=%s", SINGLE_FILE_SIZE), \
+ FUSE_OPT_KEY("blocksize=%s", SINGLE_FILE_BLOCKSIZE)
WARNING: Missing a blank line after declarations
#599: FILE: util/fuser_conf.h:23:
+ struct mntent *entp = getmntent(stream);
+ if(entp != NULL) {
ERROR: space required before the open parenthesis '('
#599: FILE: util/fuser_conf.h:23:
+ if(entp != NULL) {
WARNING: return of an errno should typically be negative (ie: return -ENOENT)
#2477: FILE: example/single_file.c:115:
+ return ENOENT;
WARNING: return of an errno should typically be negative (ie: return -ENOENT)
#2533: FILE: example/single_file.c:171:
+ return ENOENT;
ERROR: do not initialise globals to 0
#4453: FILE: util/fuser_conf.c:31:
+int user_allow_other = 0;
WARNING: Missing a blank line after declarations
#4466: FILE: util/fuser_conf.c:44:
+ char *dest = buf;
+ while (1) {
WARNING: Missing a blank line after declarations
#4469: FILE: util/fuser_conf.c:47:
+ int offset = next_src - src;
+ memmove(dest, src, offset);
ERROR: space required before the open parenthesis '('
#4473: FILE: util/fuser_conf.c:51:
+ if(*src == '\0') {
ERROR: space required before the open parenthesis '('
#4479: FILE: util/fuser_conf.c:57:
+ if('0' <= src[0] && src[0] < '2' &&
ERROR: code indent should use tabs where possible
#4483: FILE: util/fuser_conf.c:61:
+^I^I^I | (src[1] - '0') << 3$
ERROR: code indent should use tabs where possible
#4484: FILE: util/fuser_conf.c:62:
+^I^I^I | (src[2] - '0') << 0;$
WARNING: Missing a blank line after declarations
#4502: FILE: util/fuser_conf.c:80:
+ FILE *fp = setmntent(mtab, "r");
+ if (fp == NULL) {
ERROR: space prohibited before that '++' (ctx:WxO)
#4510: FILE: util/fuser_conf.c:88:
+ count ++;
^
WARNING: Missing a blank line after declarations
#4592: FILE: util/fuser_conf.c:170:
+ char *s = strchr(line, '#');
+ if (s != NULL)
ERROR: trailing statements should be on next line
#4594: FILE: util/fuser_conf.c:172:
+ for (s = line + strlen(line) - 1;
+ s >= line && isspace((unsigned char) *s); s--);
ERROR: trailing statements should be on next line
#4597: FILE: util/fuser_conf.c:175:
+ for (s = line; isspace((unsigned char) *s); s++);
WARNING: Missing a blank line after declarations
#4605: FILE: util/fuser_conf.c:183:
+ int tmp;
+ if (strcmp(line, "user_allow_other") == 0)
ERROR: space required before the open parenthesis '('
#4609: FILE: util/fuser_conf.c:187:
+ else if(line[0])
WARNING: Missing a blank line after declarations
#4618: FILE: util/fuser_conf.c:196:
+ FILE *fp = fopen(FUSE_CONF, "r");
+ if (fp != NULL) {
WARNING: Missing a blank line after declarations
#4622: FILE: util/fuser_conf.c:200:
+ int isnewline = 1;
+ while (fgets(line, sizeof(line), fp) != NULL) {
ERROR: space required before the open parenthesis '('
#4630: FILE: util/fuser_conf.c:208:
+ } else if(line[strlen(line)-1] == '\n') {
WARNING: line length of 116 exceeds 100 columns
#4631: FILE: util/fuser_conf.c:209:
+ fprintf(stderr, "%s: reading %s: line %i too long\n", progname, FUSE_CONF, linenum);
ERROR: space prohibited before that '++' (ctx:WxO)
#4636: FILE: util/fuser_conf.c:214:
+ linenum ++;
^
WARNING: braces {} are not necessary for single statement blocks
#4638: FILE: util/fuser_conf.c:216:
+ if (!isnewline) {
+ fprintf(stderr, "%s: reading %s: missing newline at end of file\n", progname, FUSE_CONF);
+
+ }
WARNING: line length of 113 exceeds 100 columns
#4639: FILE: util/fuser_conf.c:217:
+ fprintf(stderr, "%s: reading %s: missing newline at end of file\n", progname, FUSE_CONF);
WARNING: Block comments use a trailing */ on a separate line
#4704: FILE: util/fuser_conf.c:282:
+ * Use a whitelist to be safe. */
WARNING: Block comments use a trailing */ on a separate line
#4710: FILE: util/fuser_conf.c:288:
+ * overlaid. */
WARNING: Prefer ARRAY_SIZE(f_type_whitelist)
#4751: FILE: util/fuser_conf.c:329:
+ for (i = 0; i < sizeof(f_type_whitelist)/sizeof(f_type_whitelist[0]); i++) {
total: 13 errors, 16 warnings, 6633 lines checked
NOTE: For some of the reported defects, checkpatch may be able to
mechanically convert to the typical style using --fix or --fix-inplace.
NOTE: Whitespace errors detected.
You may wish to use scripts/cleanpatch or scripts/cleanfile
/tmp/moo.patch has style problems, please review.
NOTE: Ignored message types: AVOID_EXTERNS COMMIT_MESSAGE EMAIL_SUBJECT ENOSYS ENOSYS_SYSCALL FILE_PATH_CHANGES FROM_SIGN_OFF_MISMATCH GIT_COMMIT_ID MAINTAINERS PREFER_ATTRIBUTE_ALWAYS_UNUSED PREFER_DEFINED_ATTRIBUTE_MACRO QUOTED_COMMIT_ID SPDX_LICENSE_TAG STRCPY
NOTE: If any of the errors are false positives, please report
them to the maintainer, see CHECKPATCH in MAINTAINERS.
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [GIT PULL v2] libfuse: run fuse servers as a contained service
2026-03-16 23:50 [GIT PULL v2] libfuse: run fuse servers as a contained service Darrick J. Wong
@ 2026-03-17 23:08 ` Bernd Schubert
2026-03-18 0:15 ` Darrick J. Wong
0 siblings, 1 reply; 4+ messages in thread
From: Bernd Schubert @ 2026-03-17 23:08 UTC (permalink / raw)
To: Darrick J. Wong, bschubert; +Cc: joannelkoong, linux-fsdevel, miklos, neal
On 3/17/26 00:50, Darrick J. Wong wrote:
> Hi Bernd,
>
> I hope you're feeling better!
Thank you much better!
>
> Please have a look at this branch with changes for libfuse. This second
> PR contains a bunch of new things:
>
> * Cleaned up error code handling and logging
> * Examples of systemd-enabled high and low-level fuse servers
> * Most of the checkpatch complaints addressed
> * fuservicemount3 can now be a setuid program to allow unprivileged
> userspace to fire up a contained filesystem driver. This could be
> opening Pandora's box...
>
> As usual, I did a test-merge with the main upstream branch as of a few
> minutes ago, and didn't see any conflicts. Please let me know if you
> encounter any problems.
I only found a minute to pull and push to my github repo to update the PR.
BSD still fails
2026-03-17T23:01:17.9810147Z FAILED: [code=1] example/hello_ll.p/single_file.c.o
2026-03-17T23:01:17.9813484Z cc -Iexample/hello_ll.p -Iexample -I../example -Iinclude -I../include -Ilib -I../lib -I. -I.. -fdiagnostics-color=always -Wall -Winvalid-pch -Wextra -std=gnu11 -O2 -g -D_REENTRANT -DHAVE_LIBFUSE_PRIVATE_CONFIG_H -Wno-sign-compare -D_FILE_OFFSET_BITS=64 -Wstrict-prototypes -Wmissing-declarations -Wwrite-strings -fno-strict-aliasing -pthread -MD -MQ example/hello_ll.p/single_file.c.o -MF example/hello_ll.p/single_file.c.o.d -o example/hello_ll.p/single_file.c.o -c ../example/single_file.c
2026-03-17T23:01:17.9817014Z ../example/single_file.c:46:10: error: use of undeclared identifier 'PTHREAD_MUTEX_INITIALIZER'
2026-03-17T23:01:17.9817870Z 46 | .lock = PTHREAD_MUTEX_INITIALIZER,
2026-03-17T23:01:17.9818369Z | ^
2026-03-17T23:01:17.9819309Z ../example/single_file.c:198:51: warning: unused parameter 'ino' [-Wunused-parameter]
2026-03-17T23:01:17.9820276Z 198 | void single_file_statx(fuse_req_t req, fuse_ino_t ino, int flags, int mask,
2026-03-17T23:01:17.9821012Z | ^
2026-03-17T23:01:17.9821785Z ../example/single_file.c:198:60: warning: unused parameter 'flags' [-Wunused-parameter]
2026-03-17T23:01:17.9823239Z 198 | void single_file_statx(fuse_req_t req, fuse_ino_t ino, int flags, int mask,
2026-03-17T23:01:17.9824029Z | ^
2026-03-17T23:01:17.9824978Z ../example/single_file.c:198:71: warning: unused parameter 'mask' [-Wunused-parameter]
2026-03-17T23:01:17.9829337Z 198 | void single_file_statx(fuse_req_t req, fuse_ino_t ino, int flags, int mask,
2026-03-17T23:01:17.9830366Z | ^
2026-03-17T23:01:17.9832001Z ../example/single_file.c:199:33: warning: unused parameter 'fi' [-Wunused-parameter]
2026-03-17T23:01:17.9833062Z 199 | struct fuse_file_info *fi)
2026-03-17T23:01:17.9833562Z | ^
2026-03-17T23:01:17.9834825Z ../example/single_file.c:211:2: warning: call to undeclared function 'pthread_mutex_lock'; ISO C99 and later do not support implicit function declarations [-Wimplicit-function-declaration]
2026-03-17T23:01:17.9836166Z 211 | pthread_mutex_lock(&single_file.lock);
2026-03-17T23:01:17.9836592Z | ^
2026-03-17T23:01:17.9837750Z ../example/single_file.c:226:2: warning: call to undeclared function 'pthread_mutex_unlock'; ISO C99 and later do not support implicit function declarations [-Wimplicit-function-declaration]
2026-03-17T23:01:17.9869585Z 226 | pthread_mutex_unlock(&single_file.lock);
2026-03-17T23:01:17.9870081Z | ^
2026-03-17T23:01:17.9871240Z ../example/single_file.c:239:2: warning: call to undeclared function 'pthread_mutex_lock'; ISO C99 and later do not support implicit function declarations [-Wimplicit-function-declaration]
2026-03-17T23:01:17.9872595Z 239 | pthread_mutex_lock(&single_file.lock);
2026-03-17T23:01:17.9873056Z | ^
2026-03-17T23:01:17.9874265Z ../example/single_file.c:241:2: warning: call to undeclared function 'pthread_mutex_unlock'; ISO C99 and later do not support implicit function declarations [-Wimplicit-function-declaration]
2026-03-17T23:01:17.9876020Z 241 | pthread_mutex_unlock(&single_file.lock);
2026-03-17T23:01:17.9876497Z | ^
2026-03-17T23:01:17.9877854Z ../example/single_file.c:252:2: warning: call to undeclared function 'pthread_mutex_lock'; ISO C99 and later do not support implicit function declarations [-Wimplicit-function-declaration]
2026-03-17T23:01:17.9879416Z 252 | pthread_mutex_lock(&single_file.lock);
2026-03-17T23:01:17.9879896Z | ^
2026-03-17T23:01:17.9881050Z ../example/single_file.c:259:2: warning: call to undeclared function 'pthread_mutex_unlock'; ISO C99 and later do not support implicit function declarations [-Wimplicit-function-declaration]
2026-03-17T23:01:17.9882409Z 259 | pthread_mutex_unlock(&single_file.lock);
2026-03-17T23:01:17.9882862Z | ^
2026-03-17T23:01:17.9884018Z ../example/single_file.c:273:2: warning: call to undeclared function 'pthread_mutex_lock'; ISO C99 and later do not support implicit function declarations [-Wimplicit-function-declaration]
2026-03-17T23:01:17.9885354Z 273 | pthread_mutex_lock(&single_file.lock);
2026-03-17T23:01:18.0387503Z | ^
2026-03-17T23:01:18.0402115Z ../example/single_file.c:275:2: warning: call to undeclared function 'pthread_mutex_unlock'; ISO C99 and later do not support implicit function declarations [-Wimplicit-function-declaration]
2026-03-17T23:01:18.0403861Z 275 | pthread_mutex_unlock(&single_file.lock);
2026-03-17T23:01:18.0404573Z | ^
2026-03-17T23:01:18.0404979Z 12 warnings and 1 error generated.
And actually, the Ubuntu build also fails
[12/109] Compiling C object lib/libfuse3.so.3.19.0.p/fuse_service.c.o
FAILED: [code=1] lib/libfuse3.so.3.19.0.p/fuse_service.c.o
clang -Ilib/libfuse3.so.3.19.0.p -Ilib -I../../../home/runner/work/libfuse/libfuse/lib -Iinclude -I../../../home/runner/work/libfuse/libfuse/include -I. -I../../../home/runner/work/libfuse/libfuse -fdiagnostics-color=always -fsanitize=address,undefined -fno-omit-frame-pointer -Wall -Winvalid-pch -Wextra -Werror -std=gnu11 -O2 -g -D_REENTRANT -DHAVE_LIBFUSE_PRIVATE_CONFIG_H -Wno-sign-compare -D_FILE_OFFSET_BITS=64 -Wstrict-prototypes -Wmissing-declarations -Wwrite-strings -fno-strict-aliasing -fPIC -pthread -DFUSE_USE_VERSION=317 '-DFUSERMOUNT_DIR="/tmp/libfuse-install-wwy0ckA/bin"' -MD -MQ lib/libfuse3.so.3.19.0.p/fuse_service.c.o -MF lib/libfuse3.so.3.19.0.p/fuse_service.c.o.d -o lib/libfuse3.so.3.19.0.p/fuse_service.c.o -c ../../../home/runner/work/libfuse/libfuse/lib/fuse_service.c
../../../home/runner/work/libfuse/libfuse/lib/fuse_service.c:400:19: error: implicit truncation from 'int' to a one-bit wide bit-field changes value from 1 to -1 [-Werror,-Wsingle-bit-bitfield-constant-conversion]
400 | sf->allow_other = 1;
| ^ ~
../../../home/runner/work/libfuse/libfuse/lib/fuse_service.c:473:21: error: implicit truncation from 'int' to a one-bit wide bit-field changes value from 1 to -1 [-Werror,-Wsingle-bit-bitfield-constant-conversion]
473 | sf->owns_fusedevfd = 1;
| ^ ~
2 errors generated.
[13/109] Compiling C object lib/libfuse3.so.3.19.0.p/modules_subdir.c.o
Checkpatch looks much better, I can push a patch tomorrow to disable the
strcpy warning.
Other than that I didn't look at the actual changes yet, will really try
to review this week.
Thanks,
Bernd
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [GIT PULL v2] libfuse: run fuse servers as a contained service
2026-03-17 23:08 ` Bernd Schubert
@ 2026-03-18 0:15 ` Darrick J. Wong
2026-03-18 8:48 ` Bernd Schubert
0 siblings, 1 reply; 4+ messages in thread
From: Darrick J. Wong @ 2026-03-18 0:15 UTC (permalink / raw)
To: Bernd Schubert; +Cc: bschubert, joannelkoong, linux-fsdevel, miklos, neal
On Wed, Mar 18, 2026 at 12:08:37AM +0100, Bernd Schubert wrote:
>
>
> On 3/17/26 00:50, Darrick J. Wong wrote:
> > Hi Bernd,
> >
> > I hope you're feeling better!
>
> Thank you much better!
>
> >
> > Please have a look at this branch with changes for libfuse. This second
> > PR contains a bunch of new things:
> >
> > * Cleaned up error code handling and logging
> > * Examples of systemd-enabled high and low-level fuse servers
> > * Most of the checkpatch complaints addressed
> > * fuservicemount3 can now be a setuid program to allow unprivileged
> > userspace to fire up a contained filesystem driver. This could be
> > opening Pandora's box...
> >
> > As usual, I did a test-merge with the main upstream branch as of a few
> > minutes ago, and didn't see any conflicts. Please let me know if you
> > encounter any problems.
>
> I only found a minute to pull and push to my github repo to update the PR.
> BSD still fails
>
> 2026-03-17T23:01:17.9810147Z FAILED: [code=1] example/hello_ll.p/single_file.c.o
> 2026-03-17T23:01:17.9813484Z cc -Iexample/hello_ll.p -Iexample -I../example -Iinclude -I../include -Ilib -I../lib -I. -I.. -fdiagnostics-color=always -Wall -Winvalid-pch -Wextra -std=gnu11 -O2 -g -D_REENTRANT -DHAVE_LIBFUSE_PRIVATE_CONFIG_H -Wno-sign-compare -D_FILE_OFFSET_BITS=64 -Wstrict-prototypes -Wmissing-declarations -Wwrite-strings -fno-strict-aliasing -pthread -MD -MQ example/hello_ll.p/single_file.c.o -MF example/hello_ll.p/single_file.c.o.d -o example/hello_ll.p/single_file.c.o -c ../example/single_file.c
> 2026-03-17T23:01:17.9817014Z ../example/single_file.c:46:10: error: use of undeclared identifier 'PTHREAD_MUTEX_INITIALIZER'
> 2026-03-17T23:01:17.9817870Z 46 | .lock = PTHREAD_MUTEX_INITIALIZER,
> 2026-03-17T23:01:17.9818369Z | ^
> 2026-03-17T23:01:17.9819309Z ../example/single_file.c:198:51: warning: unused parameter 'ino' [-Wunused-parameter]
> 2026-03-17T23:01:17.9820276Z 198 | void single_file_statx(fuse_req_t req, fuse_ino_t ino, int flags, int mask,
> 2026-03-17T23:01:17.9821012Z | ^
> 2026-03-17T23:01:17.9821785Z ../example/single_file.c:198:60: warning: unused parameter 'flags' [-Wunused-parameter]
> 2026-03-17T23:01:17.9823239Z 198 | void single_file_statx(fuse_req_t req, fuse_ino_t ino, int flags, int mask,
> 2026-03-17T23:01:17.9824029Z | ^
> 2026-03-17T23:01:17.9824978Z ../example/single_file.c:198:71: warning: unused parameter 'mask' [-Wunused-parameter]
> 2026-03-17T23:01:17.9829337Z 198 | void single_file_statx(fuse_req_t req, fuse_ino_t ino, int flags, int mask,
> 2026-03-17T23:01:17.9830366Z | ^
> 2026-03-17T23:01:17.9832001Z ../example/single_file.c:199:33: warning: unused parameter 'fi' [-Wunused-parameter]
> 2026-03-17T23:01:17.9833062Z 199 | struct fuse_file_info *fi)
> 2026-03-17T23:01:17.9833562Z | ^
> 2026-03-17T23:01:17.9834825Z ../example/single_file.c:211:2: warning: call to undeclared function 'pthread_mutex_lock'; ISO C99 and later do not support implicit function declarations [-Wimplicit-function-declaration]
> 2026-03-17T23:01:17.9836166Z 211 | pthread_mutex_lock(&single_file.lock);
> 2026-03-17T23:01:17.9836592Z | ^
> 2026-03-17T23:01:17.9837750Z ../example/single_file.c:226:2: warning: call to undeclared function 'pthread_mutex_unlock'; ISO C99 and later do not support implicit function declarations [-Wimplicit-function-declaration]
> 2026-03-17T23:01:17.9869585Z 226 | pthread_mutex_unlock(&single_file.lock);
> 2026-03-17T23:01:17.9870081Z | ^
> 2026-03-17T23:01:17.9871240Z ../example/single_file.c:239:2: warning: call to undeclared function 'pthread_mutex_lock'; ISO C99 and later do not support implicit function declarations [-Wimplicit-function-declaration]
> 2026-03-17T23:01:17.9872595Z 239 | pthread_mutex_lock(&single_file.lock);
> 2026-03-17T23:01:17.9873056Z | ^
> 2026-03-17T23:01:17.9874265Z ../example/single_file.c:241:2: warning: call to undeclared function 'pthread_mutex_unlock'; ISO C99 and later do not support implicit function declarations [-Wimplicit-function-declaration]
> 2026-03-17T23:01:17.9876020Z 241 | pthread_mutex_unlock(&single_file.lock);
> 2026-03-17T23:01:17.9876497Z | ^
> 2026-03-17T23:01:17.9877854Z ../example/single_file.c:252:2: warning: call to undeclared function 'pthread_mutex_lock'; ISO C99 and later do not support implicit function declarations [-Wimplicit-function-declaration]
> 2026-03-17T23:01:17.9879416Z 252 | pthread_mutex_lock(&single_file.lock);
> 2026-03-17T23:01:17.9879896Z | ^
> 2026-03-17T23:01:17.9881050Z ../example/single_file.c:259:2: warning: call to undeclared function 'pthread_mutex_unlock'; ISO C99 and later do not support implicit function declarations [-Wimplicit-function-declaration]
> 2026-03-17T23:01:17.9882409Z 259 | pthread_mutex_unlock(&single_file.lock);
> 2026-03-17T23:01:17.9882862Z | ^
> 2026-03-17T23:01:17.9884018Z ../example/single_file.c:273:2: warning: call to undeclared function 'pthread_mutex_lock'; ISO C99 and later do not support implicit function declarations [-Wimplicit-function-declaration]
> 2026-03-17T23:01:17.9885354Z 273 | pthread_mutex_lock(&single_file.lock);
> 2026-03-17T23:01:18.0387503Z | ^
> 2026-03-17T23:01:18.0402115Z ../example/single_file.c:275:2: warning: call to undeclared function 'pthread_mutex_unlock'; ISO C99 and later do not support implicit function declarations [-Wimplicit-function-declaration]
> 2026-03-17T23:01:18.0403861Z 275 | pthread_mutex_unlock(&single_file.lock);
> 2026-03-17T23:01:18.0404573Z | ^
> 2026-03-17T23:01:18.0404979Z 12 warnings and 1 error generated.
Aha, I bet that came as a result of me boneheadedly copying this from
lib/util.c:
#ifdef HAVE_PTHREAD_SETNAME_NP
#define _GNU_SOURCE
#include <pthread.h>
#endif
Will fix that right up.
> And actually, the Ubuntu build also fails
>
> [12/109] Compiling C object lib/libfuse3.so.3.19.0.p/fuse_service.c.o
> FAILED: [code=1] lib/libfuse3.so.3.19.0.p/fuse_service.c.o
> clang -Ilib/libfuse3.so.3.19.0.p -Ilib -I../../../home/runner/work/libfuse/libfuse/lib -Iinclude -I../../../home/runner/work/libfuse/libfuse/include -I. -I../../../home/runner/work/libfuse/libfuse -fdiagnostics-color=always -fsanitize=address,undefined -fno-omit-frame-pointer -Wall -Winvalid-pch -Wextra -Werror -std=gnu11 -O2 -g -D_REENTRANT -DHAVE_LIBFUSE_PRIVATE_CONFIG_H -Wno-sign-compare -D_FILE_OFFSET_BITS=64 -Wstrict-prototypes -Wmissing-declarations -Wwrite-strings -fno-strict-aliasing -fPIC -pthread -DFUSE_USE_VERSION=317 '-DFUSERMOUNT_DIR="/tmp/libfuse-install-wwy0ckA/bin"' -MD -MQ lib/libfuse3.so.3.19.0.p/fuse_service.c.o -MF lib/libfuse3.so.3.19.0.p/fuse_service.c.o.d -o lib/libfuse3.so.3.19.0.p/fuse_service.c.o -c ../../../home/runner/work/libfuse/libfuse/lib/fuse_service.c
> ../../../home/runner/work/libfuse/libfuse/lib/fuse_service.c:400:19: error: implicit truncation from 'int' to a one-bit wide bit-field changes value from 1 to -1 [-Werror,-Wsingle-bit-bitfield-constant-conversion]
> 400 | sf->allow_other = 1;
> | ^ ~
> ../../../home/runner/work/libfuse/libfuse/lib/fuse_service.c:473:21: error: implicit truncation from 'int' to a one-bit wide bit-field changes value from 1 to -1 [-Werror,-Wsingle-bit-bitfield-constant-conversion]
> 473 | sf->owns_fusedevfd = 1;
Er... ok. Debian 13 gcc (14.2) doesn't complain about this, but fmeh,
I'll just turn that into a fullblown int. :)
Thanks for dipping your toes in!
--D
> | ^ ~
> 2 errors generated.
> [13/109] Compiling C object lib/libfuse3.so.3.19.0.p/modules_subdir.c.o
>
> Checkpatch looks much better, I can push a patch tomorrow to disable the
> strcpy warning.
>
> Other than that I didn't look at the actual changes yet, will really try
> to review this week.
>
> Thanks,
> Bernd
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [GIT PULL v2] libfuse: run fuse servers as a contained service
2026-03-18 0:15 ` Darrick J. Wong
@ 2026-03-18 8:48 ` Bernd Schubert
0 siblings, 0 replies; 4+ messages in thread
From: Bernd Schubert @ 2026-03-18 8:48 UTC (permalink / raw)
To: Darrick J. Wong, Bernd Schubert; +Cc: joannelkoong, linux-fsdevel, miklos, neal
On 3/18/26 01:15, Darrick J. Wong wrote:
> On Wed, Mar 18, 2026 at 12:08:37AM +0100, Bernd Schubert wrote:
>>
>>
>> On 3/17/26 00:50, Darrick J. Wong wrote:
>>> Hi Bernd,
>>>
>>> I hope you're feeling better!
>>
>> Thank you much better!
>>
>>>
>>> Please have a look at this branch with changes for libfuse. This second
>>> PR contains a bunch of new things:
>>>
>>> * Cleaned up error code handling and logging
>>> * Examples of systemd-enabled high and low-level fuse servers
>>> * Most of the checkpatch complaints addressed
>>> * fuservicemount3 can now be a setuid program to allow unprivileged
>>> userspace to fire up a contained filesystem driver. This could be
>>> opening Pandora's box...
>>>
>>> As usual, I did a test-merge with the main upstream branch as of a few
>>> minutes ago, and didn't see any conflicts. Please let me know if you
>>> encounter any problems.
>>
>> I only found a minute to pull and push to my github repo to update the PR.
>> BSD still fails
>>
>> 2026-03-17T23:01:17.9810147Z FAILED: [code=1] example/hello_ll.p/single_file.c.o
>> 2026-03-17T23:01:17.9813484Z cc -Iexample/hello_ll.p -Iexample -I../example -Iinclude -I../include -Ilib -I../lib -I. -I.. -fdiagnostics-color=always -Wall -Winvalid-pch -Wextra -std=gnu11 -O2 -g -D_REENTRANT -DHAVE_LIBFUSE_PRIVATE_CONFIG_H -Wno-sign-compare -D_FILE_OFFSET_BITS=64 -Wstrict-prototypes -Wmissing-declarations -Wwrite-strings -fno-strict-aliasing -pthread -MD -MQ example/hello_ll.p/single_file.c.o -MF example/hello_ll.p/single_file.c.o.d -o example/hello_ll.p/single_file.c.o -c ../example/single_file.c
>> 2026-03-17T23:01:17.9817014Z ../example/single_file.c:46:10: error: use of undeclared identifier 'PTHREAD_MUTEX_INITIALIZER'
>> 2026-03-17T23:01:17.9817870Z 46 | .lock = PTHREAD_MUTEX_INITIALIZER,
>> 2026-03-17T23:01:17.9818369Z | ^
>> 2026-03-17T23:01:17.9819309Z ../example/single_file.c:198:51: warning: unused parameter 'ino' [-Wunused-parameter]
>> 2026-03-17T23:01:17.9820276Z 198 | void single_file_statx(fuse_req_t req, fuse_ino_t ino, int flags, int mask,
>> 2026-03-17T23:01:17.9821012Z | ^
>> 2026-03-17T23:01:17.9821785Z ../example/single_file.c:198:60: warning: unused parameter 'flags' [-Wunused-parameter]
>> 2026-03-17T23:01:17.9823239Z 198 | void single_file_statx(fuse_req_t req, fuse_ino_t ino, int flags, int mask,
>> 2026-03-17T23:01:17.9824029Z | ^
>> 2026-03-17T23:01:17.9824978Z ../example/single_file.c:198:71: warning: unused parameter 'mask' [-Wunused-parameter]
>> 2026-03-17T23:01:17.9829337Z 198 | void single_file_statx(fuse_req_t req, fuse_ino_t ino, int flags, int mask,
>> 2026-03-17T23:01:17.9830366Z | ^
>> 2026-03-17T23:01:17.9832001Z ../example/single_file.c:199:33: warning: unused parameter 'fi' [-Wunused-parameter]
>> 2026-03-17T23:01:17.9833062Z 199 | struct fuse_file_info *fi)
>> 2026-03-17T23:01:17.9833562Z | ^
>> 2026-03-17T23:01:17.9834825Z ../example/single_file.c:211:2: warning: call to undeclared function 'pthread_mutex_lock'; ISO C99 and later do not support implicit function declarations [-Wimplicit-function-declaration]
>> 2026-03-17T23:01:17.9836166Z 211 | pthread_mutex_lock(&single_file.lock);
>> 2026-03-17T23:01:17.9836592Z | ^
>> 2026-03-17T23:01:17.9837750Z ../example/single_file.c:226:2: warning: call to undeclared function 'pthread_mutex_unlock'; ISO C99 and later do not support implicit function declarations [-Wimplicit-function-declaration]
>> 2026-03-17T23:01:17.9869585Z 226 | pthread_mutex_unlock(&single_file.lock);
>> 2026-03-17T23:01:17.9870081Z | ^
>> 2026-03-17T23:01:17.9871240Z ../example/single_file.c:239:2: warning: call to undeclared function 'pthread_mutex_lock'; ISO C99 and later do not support implicit function declarations [-Wimplicit-function-declaration]
>> 2026-03-17T23:01:17.9872595Z 239 | pthread_mutex_lock(&single_file.lock);
>> 2026-03-17T23:01:17.9873056Z | ^
>> 2026-03-17T23:01:17.9874265Z ../example/single_file.c:241:2: warning: call to undeclared function 'pthread_mutex_unlock'; ISO C99 and later do not support implicit function declarations [-Wimplicit-function-declaration]
>> 2026-03-17T23:01:17.9876020Z 241 | pthread_mutex_unlock(&single_file.lock);
>> 2026-03-17T23:01:17.9876497Z | ^
>> 2026-03-17T23:01:17.9877854Z ../example/single_file.c:252:2: warning: call to undeclared function 'pthread_mutex_lock'; ISO C99 and later do not support implicit function declarations [-Wimplicit-function-declaration]
>> 2026-03-17T23:01:17.9879416Z 252 | pthread_mutex_lock(&single_file.lock);
>> 2026-03-17T23:01:17.9879896Z | ^
>> 2026-03-17T23:01:17.9881050Z ../example/single_file.c:259:2: warning: call to undeclared function 'pthread_mutex_unlock'; ISO C99 and later do not support implicit function declarations [-Wimplicit-function-declaration]
>> 2026-03-17T23:01:17.9882409Z 259 | pthread_mutex_unlock(&single_file.lock);
>> 2026-03-17T23:01:17.9882862Z | ^
>> 2026-03-17T23:01:17.9884018Z ../example/single_file.c:273:2: warning: call to undeclared function 'pthread_mutex_lock'; ISO C99 and later do not support implicit function declarations [-Wimplicit-function-declaration]
>> 2026-03-17T23:01:17.9885354Z 273 | pthread_mutex_lock(&single_file.lock);
>> 2026-03-17T23:01:18.0387503Z | ^
>> 2026-03-17T23:01:18.0402115Z ../example/single_file.c:275:2: warning: call to undeclared function 'pthread_mutex_unlock'; ISO C99 and later do not support implicit function declarations [-Wimplicit-function-declaration]
>> 2026-03-17T23:01:18.0403861Z 275 | pthread_mutex_unlock(&single_file.lock);
>> 2026-03-17T23:01:18.0404573Z | ^
>> 2026-03-17T23:01:18.0404979Z 12 warnings and 1 error generated.
>
> Aha, I bet that came as a result of me boneheadedly copying this from
> lib/util.c:
>
> #ifdef HAVE_PTHREAD_SETNAME_NP
> #define _GNU_SOURCE
> #include <pthread.h>
> #endif
>
> Will fix that right up.
>
>> And actually, the Ubuntu build also fails
>>
>> [12/109] Compiling C object lib/libfuse3.so.3.19.0.p/fuse_service.c.o
>> FAILED: [code=1] lib/libfuse3.so.3.19.0.p/fuse_service.c.o
>> clang -Ilib/libfuse3.so.3.19.0.p -Ilib -I../../../home/runner/work/libfuse/libfuse/lib -Iinclude -I../../../home/runner/work/libfuse/libfuse/include -I. -I../../../home/runner/work/libfuse/libfuse -fdiagnostics-color=always -fsanitize=address,undefined -fno-omit-frame-pointer -Wall -Winvalid-pch -Wextra -Werror -std=gnu11 -O2 -g -D_REENTRANT -DHAVE_LIBFUSE_PRIVATE_CONFIG_H -Wno-sign-compare -D_FILE_OFFSET_BITS=64 -Wstrict-prototypes -Wmissing-declarations -Wwrite-strings -fno-strict-aliasing -fPIC -pthread -DFUSE_USE_VERSION=317 '-DFUSERMOUNT_DIR="/tmp/libfuse-install-wwy0ckA/bin"' -MD -MQ lib/libfuse3.so.3.19.0.p/fuse_service.c.o -MF lib/libfuse3.so.3.19.0.p/fuse_service.c.o.d -o lib/libfuse3.so.3.19.0.p/fuse_service.c.o -c ../../../home/runner/work/libfuse/libfuse/lib/fuse_service.c
>> ../../../home/runner/work/libfuse/libfuse/lib/fuse_service.c:400:19: error: implicit truncation from 'int' to a one-bit wide bit-field changes value from 1 to -1 [-Werror,-Wsingle-bit-bitfield-constant-conversion]
>> 400 | sf->allow_other = 1;
>> | ^ ~
>> ../../../home/runner/work/libfuse/libfuse/lib/fuse_service.c:473:21: error: implicit truncation from 'int' to a one-bit wide bit-field changes value from 1 to -1 [-Werror,-Wsingle-bit-bitfield-constant-conversion]
>> 473 | sf->owns_fusedevfd = 1;
>
> Er... ok. Debian 13 gcc (14.2) doesn't complain about this, but fmeh,
> I'll just turn that into a fullblown int. :)
That is exactly the reason why I always insist on running test with
clang, it finds a lot more things. Next step I need to set up in tests
ist clang static CTU analysis - it likely would have found the CVEs we
are going to get today (non public security ticket in github, sadly in
my own code.).
>
> Thanks for dipping your toes in!
No problem, maybe I can convince you at some point to create a github
account ;)
Please let me know when I should pull from your branch again.
Cheers,
Bernd
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2026-03-18 10:23 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-03-16 23:50 [GIT PULL v2] libfuse: run fuse servers as a contained service Darrick J. Wong
2026-03-17 23:08 ` Bernd Schubert
2026-03-18 0:15 ` Darrick J. Wong
2026-03-18 8:48 ` Bernd Schubert
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox