[GIT PULL] libfuse: run fuse servers as a contained service

[GIT PULL] libfuse: run fuse servers as a contained service

[Darrick J. Wong]

Hi Bernd,

Please pull this branch with changes for libfuse.

As usual, I did a test-merge with the main upstream branch as of a few
minutes ago, and didn't see any conflicts.  Please let me know if you
encounter any problems.

--D

The following changes since commit 3bb9cd99b3688df1bb7536de158ed9e532b277fb:

Add the codechecker/cppcheck github action (2026-04-07 10:08:49 +0200)

are available in the Git repository at:

https://git.kernel.org/pub/scm/linux/kernel/git/djwong/libfuse.git tags/fuse-service-container_2026-04-09

for you to fetch changes up to 0db39a8f8844ff88496ed36da417554cb4f3751d:

nullfs: support fuse systemd service mode (2026-04-09 12:31:08 -0700)

----------------------------------------------------------------
libfuse: run fuse servers as a contained service [v4 1/9]

This patchset defines the necessary communication protocols and library
code so that users can mount fuse servers that run in unprivileged
systemd service containers.  That in turn allows unprivileged untrusted
mounts, because the worst that can happen is that a malicious image
crashes the fuse server and the mount dies, instead of corrupting the
kernel's memory.

v4: fix a large number of security problems that only matter when the
mount helper is being run as a setuid program; fix protocol
byteswapping problems; add CLOEXEC to all files being traded
back and forth; add an umount command; and strengthen mount socket
protocol checks.
v3: refactor the sample code to reduce duplication; fix all the
checkpatch complaints; examples actually build standalone;
fuservicemount handles utab now; cleaned up meson feature detection;
handle MS_ flags that don't translate to MOUNT_ATTR_*
v2: cleaned up error code handling and logging; add some example fuse
service; fuservicemount3 can now be a setuid program to allow
unprivileged userspace to fire up a contained filesystem driver.
This could be opening Pandora's box...
v1: detach from fuse-iomap series

With a bit of luck, this should all go splendidly.

Signed-off-by: "Darrick J. Wong" <djwong@kernel.org>

----------------------------------------------------------------
Bernd Schubert (1):
Refactor mount code / move common functions to mount_util.c

Darrick J. Wong (12):
mount_service: add systemd/inetd socket service mounting helper
mount_service: create high level fuse helpers
mount_service: use the new mount api for the mount service
mount_service: update mtab after a successful mount
util: hoist the fuse.conf parsing and setuid mode enforcement code
util: fix checkpatch complaints in fuser_conf.[ch]
mount_service: enable unprivileged users in the same manner as fusermount
mount.fuse3: integrate systemd service startup
mount_service: allow installation as a setuid program
example/service_ll: create a sample systemd service fuse server
example/service: create a sample systemd service for a high-level fuse server
nullfs: support fuse systemd service mode

example/single_file.h                            |  184 +++
include/fuse.h                                   |   34 +
include/fuse_service.h                           |  243 +++
include/fuse_service_priv.h                      |  134 ++
lib/fuse_i.h                                     |    3 +
lib/mount_common_i.h                             |   22 +
lib/mount_util.h                                 |    8 +
lib/util.h                                       |   35 +
util/fuser_conf.h                                |   53 +
util/mount_service.h                             |   47 +
.github/workflows/install-ubuntu-dependencies.sh |   12 +-
README.md                                        |    3 +
doc/fuservicemount3.8                            |   32 +
doc/meson.build                                  |    3 +
example/meson.build                              |   26 +
example/null.c                                   |   51 +-
example/null.socket.in                           |   15 +
example/null@.service                            |  102 ++
example/service_hl.c                             |  237 +++
example/service_hl.socket.in                     |   15 +
example/service_hl@.service                      |  102 ++
example/service_ll.c                             |  309 ++++
example/service_ll.socket.in                     |   15 +
example/service_ll@.service                      |  102 ++
example/single_file.c                            |  856 ++++++++++
include/meson.build                              |    4 +
lib/fuse_service.c                               | 1114 +++++++++++++
lib/fuse_service_stub.c                          |  106 ++
lib/fuse_versionscript                           |   18 +
lib/helper.c                                     |  176 +-
lib/meson.build                                  |   17 +-
lib/mount.c                                      |   72 +-
lib/mount_util.c                                 |    9 +
meson.build                                      |   53 +-
meson_options.txt                                |    9 +
test/ci-build.sh                                 |    7 +
util/fuser_conf.c                                |  369 +++++
util/fusermount.c                                |  329 +---
util/fuservicemount.c                            |   66 +
util/install_helper.sh                           |    6 +
util/meson.build                                 |   24 +-
util/mount.fuse.c                                |  135 +-
util/mount_service.c                             | 1866 ++++++++++++++++++++++
43 files changed, 6650 insertions(+), 373 deletions(-)
create mode 100644 example/single_file.h
create mode 100644 include/fuse_service.h
create mode 100644 include/fuse_service_priv.h
create mode 100644 lib/mount_common_i.h
create mode 100644 util/fuser_conf.h
create mode 100644 util/mount_service.h
create mode 100644 doc/fuservicemount3.8
create mode 100644 example/null.socket.in
create mode 100644 example/null@.service
create mode 100644 example/service_hl.c
create mode 100644 example/service_hl.socket.in
create mode 100644 example/service_hl@.service
create mode 100644 example/service_ll.c
create mode 100644 example/service_ll.socket.in
create mode 100644 example/service_ll@.service
create mode 100644 example/single_file.c
create mode 100644 lib/fuse_service.c
create mode 100644 lib/fuse_service_stub.c
create mode 100644 util/fuser_conf.c
create mode 100644 util/fuservicemount.c
create mode 100644 util/mount_service.c

Re: [GIT PULL] libfuse: run fuse servers as a contained service

[Bernd Schubert]

Hi Darrick,

On 4/10/26 00:24, Darrick J. Wong wrote:
> Hi Bernd,
> 
> Please pull this branch with changes for libfuse.
> 
> As usual, I did a test-merge with the main upstream branch as of a few
> minutes ago, and didn't see any conflicts.  Please let me know if you
> encounter any problems.

I had already merged another patch beginning of this week that
introduced a new merge conflict in
.github/workflows/install-ubuntu-dependencies.sh

I resolved it myself now.

> 
> --D
> 
> The following changes since commit 3bb9cd99b3688df1bb7536de158ed9e532b277fb:
> 
> Add the codechecker/cppcheck github action (2026-04-07 10:08:49 +0200)
> 
> are available in the Git repository at:
> 
> https://git.kernel.org/pub/scm/linux/kernel/git/djwong/libfuse.git tags/fuse-service-container_2026-04-09
> 
> for you to fetch changes up to 0db39a8f8844ff88496ed36da417554cb4f3751d:
> 
> nullfs: support fuse systemd service mode (2026-04-09 12:31:08 -0700)

I had quite a busy last weekend, because I got libfuse security reports.
In ordert to avoid lots of reports, I just added support for CodeChecker
+ cppcheck and CodeChecker+gcc checker. Clang CTU is is prepared, but I
need to let AI work over the weekend to fixes for these (obviously will
need manual editing, as last weekend).
In the end not too bad and I don't think and urgent need for a new
release. Although I should probably make a new 3.18.3 version soon.

That also made me to add new checks. I actually already that github
codeql checker in place, but only realized last weekend that it didn't
generate any reports. On your PR that gives

New alerts in code changed by this pull request

Security Alerts:

    4 critical
    3 high

Other Alerts:

    4 warnings
    10 notes


Some of these, like "This switch statement should either handle more
cases, or be rewritten as an if statement." can be suppressed. With some
I probably agree


	cmd = malloc(iov.iov_len);
	if (!cmd) {
		int error = errno;
Note
Declaration hides parameter
Local variable 'error' hides a parameter of the same name.
CodeQL


The new CodeChecker (gcc,cppchechk) actions also complain, the GUI
should give the output, but I don't see it yet.


My plan for the weekend is to address your comments in my series and
then to merge it. If still some time left, I would like to fix all the
reports in your series and merge that as well.
Then maybe next week to combine some mount code dup that comes from both
series.

Ok with you?


Thanks,
Bernd

Re: [GIT PULL] libfuse: run fuse servers as a contained service

[Darrick J. Wong]

On Fri, Apr 10, 2026 at 02:24:28PM +0200, Bernd Schubert wrote:
> Hi Darrick,
> 
> On 4/10/26 00:24, Darrick J. Wong wrote:
> > Hi Bernd,
> > 
> > Please pull this branch with changes for libfuse.
> > 
> > As usual, I did a test-merge with the main upstream branch as of a few
> > minutes ago, and didn't see any conflicts.  Please let me know if you
> > encounter any problems.
> 
> I had already merged another patch beginning of this week that
> introduced a new merge conflict in
> .github/workflows/install-ubuntu-dependencies.sh
> 
> I resolved it myself now.
> 
> > 
> > --D
> > 
> > The following changes since commit 3bb9cd99b3688df1bb7536de158ed9e532b277fb:
> > 
> > Add the codechecker/cppcheck github action (2026-04-07 10:08:49 +0200)
> > 
> > are available in the Git repository at:
> > 
> > https://git.kernel.org/pub/scm/linux/kernel/git/djwong/libfuse.git tags/fuse-service-container_2026-04-09
> > 
> > for you to fetch changes up to 0db39a8f8844ff88496ed36da417554cb4f3751d:
> > 
> > nullfs: support fuse systemd service mode (2026-04-09 12:31:08 -0700)
> 
> I had quite a busy last weekend, because I got libfuse security reports.
> In ordert to avoid lots of reports, I just added support for CodeChecker
> + cppcheck and CodeChecker+gcc checker. Clang CTU is is prepared, but I
> need to let AI work over the weekend to fixes for these (obviously will
> need manual editing, as last weekend).
> In the end not too bad and I don't think and urgent need for a new
> release. Although I should probably make a new 3.18.3 version soon.
> 
> That also made me to add new checks. I actually already that github
> codeql checker in place, but only realized last weekend that it didn't
> generate any reports. On your PR that gives
> 
> New alerts in code changed by this pull request
> 
> Security Alerts:
> 
>     4 critical
>     3 high
> 
> Other Alerts:
> 
>     4 warnings
>     10 notes
> 
> 
> Some of these, like "This switch statement should either handle more
> cases, or be rewritten as an if statement." can be suppressed. With some
> I probably agree
> 
> 
> 	cmd = malloc(iov.iov_len);
> 	if (!cmd) {
> 		int error = errno;
> Note
> Declaration hides parameter
> Local variable 'error' hides a parameter of the same name.
> CodeQL

Oh yikes yes.  I probably ought to have added the same "turn the gcc
warnings up real high" patch to my branch that I use for xfs stuff.

(Huh.  No warnings.  Well, that's good at least.)

> The new CodeChecker (gcc,cppchechk) actions also complain, the GUI
> should give the output, but I don't see it yet.

<nod> Any reports you get about my branch, please feel free to lob it at
me and tell me to fix it :)

I can run cppcheck locally, so I'll try to fix all the warnings that
your copy is throwing out, and send you an updated pr.

> My plan for the weekend is to address your comments in my series and
> then to merge it. If still some time left, I would like to fix all the
> reports in your series and merge that as well.
> Then maybe next week to combine some mount code dup that comes from both
> series.
> 
> Ok with you?

Yes, that sounds good.  Let me know if you want any help. :)

--D

> 
> Thanks,
> Bernd

Re: [GIT PULL] libfuse: run fuse servers as a contained service

[Bernd Schubert]

On 4/10/26 17:56, Darrick J. Wong wrote:
> On Fri, Apr 10, 2026 at 02:24:28PM +0200, Bernd Schubert wrote:
>> Hi Darrick,
>>
>> On 4/10/26 00:24, Darrick J. Wong wrote:
>>> Hi Bernd,
>>>
>>> Please pull this branch with changes for libfuse.
>>>
>>> As usual, I did a test-merge with the main upstream branch as of a few
>>> minutes ago, and didn't see any conflicts.  Please let me know if you
>>> encounter any problems.
>>
>> I had already merged another patch beginning of this week that
>> introduced a new merge conflict in
>> .github/workflows/install-ubuntu-dependencies.sh
>>
>> I resolved it myself now.
>>
>>>
>>> --D
>>>
>>> The following changes since commit 3bb9cd99b3688df1bb7536de158ed9e532b277fb:
>>>
>>> Add the codechecker/cppcheck github action (2026-04-07 10:08:49 +0200)
>>>
>>> are available in the Git repository at:
>>>
>>> https://git.kernel.org/pub/scm/linux/kernel/git/djwong/libfuse.git tags/fuse-service-container_2026-04-09
>>>
>>> for you to fetch changes up to 0db39a8f8844ff88496ed36da417554cb4f3751d:
>>>
>>> nullfs: support fuse systemd service mode (2026-04-09 12:31:08 -0700)
>>
>> I had quite a busy last weekend, because I got libfuse security reports.
>> In ordert to avoid lots of reports, I just added support for CodeChecker
>> + cppcheck and CodeChecker+gcc checker. Clang CTU is is prepared, but I
>> need to let AI work over the weekend to fixes for these (obviously will
>> need manual editing, as last weekend).
>> In the end not too bad and I don't think and urgent need for a new
>> release. Although I should probably make a new 3.18.3 version soon.
>>
>> That also made me to add new checks. I actually already that github
>> codeql checker in place, but only realized last weekend that it didn't
>> generate any reports. On your PR that gives
>>
>> New alerts in code changed by this pull request
>>
>> Security Alerts:
>>
>>     4 critical
>>     3 high
>>
>> Other Alerts:
>>
>>     4 warnings
>>     10 notes
>>
>>
>> Some of these, like "This switch statement should either handle more
>> cases, or be rewritten as an if statement." can be suppressed. With some
>> I probably agree
>>
>>
>> 	cmd = malloc(iov.iov_len);
>> 	if (!cmd) {
>> 		int error = errno;
>> Note
>> Declaration hides parameter
>> Local variable 'error' hides a parameter of the same name.
>> CodeQL
> 
> Oh yikes yes.  I probably ought to have added the same "turn the gcc
> warnings up real high" patch to my branch that I use for xfs stuff.
> 
> (Huh.  No warnings.  Well, that's good at least.)
> 
>> The new CodeChecker (gcc,cppchechk) actions also complain, the GUI
>> should give the output, but I don't see it yet.
> 
> <nod> Any reports you get about my branch, please feel free to lob it at
> me and tell me to fix it :)
> 
> I can run cppcheck locally, so I'll try to fix all the warnings that
> your copy is throwing out, and send you an updated pr.
> 
>> My plan for the weekend is to address your comments in my series and
>> then to merge it. If still some time left, I would like to fix all the
>> reports in your series and merge that as well.
>> Then maybe next week to combine some mount code dup that comes from both
>> series.
>>
>> Ok with you?
> 
> Yes, that sounds good.  Let me know if you want any help. :)

Would be great if you could fix the cppcheck and gcc codechecker
reports. For cppcheck you might need to inline suppress some wrong
warnings - needs this patch

https://github.com/libfuse/libfuse/pull/1477/changes/0322af4d9bba93aad5f6445346aa83a549bb3d19

This commit also shows the path how to run it:

.github/workflows/codechecker.sh

Fow now we we ignore everything in example/ and some cppcheck warnings
are ignored for now - these were too many for now.


Thanks,
Bernd

Re: [GIT PULL] libfuse: run fuse servers as a contained service

[Darrick J. Wong]

On Fri, Apr 10, 2026 at 08:30:49PM +0200, Bernd Schubert wrote:
> 
> 
> On 4/10/26 17:56, Darrick J. Wong wrote:
> > On Fri, Apr 10, 2026 at 02:24:28PM +0200, Bernd Schubert wrote:
> >> Hi Darrick,
> >>
> >> On 4/10/26 00:24, Darrick J. Wong wrote:
> >>> Hi Bernd,
> >>>
> >>> Please pull this branch with changes for libfuse.
> >>>
> >>> As usual, I did a test-merge with the main upstream branch as of a few
> >>> minutes ago, and didn't see any conflicts.  Please let me know if you
> >>> encounter any problems.
> >>
> >> I had already merged another patch beginning of this week that
> >> introduced a new merge conflict in
> >> .github/workflows/install-ubuntu-dependencies.sh
> >>
> >> I resolved it myself now.
> >>
> >>>
> >>> --D
> >>>
> >>> The following changes since commit 3bb9cd99b3688df1bb7536de158ed9e532b277fb:
> >>>
> >>> Add the codechecker/cppcheck github action (2026-04-07 10:08:49 +0200)
> >>>
> >>> are available in the Git repository at:
> >>>
> >>> https://git.kernel.org/pub/scm/linux/kernel/git/djwong/libfuse.git tags/fuse-service-container_2026-04-09
> >>>
> >>> for you to fetch changes up to 0db39a8f8844ff88496ed36da417554cb4f3751d:
> >>>
> >>> nullfs: support fuse systemd service mode (2026-04-09 12:31:08 -0700)
> >>
> >> I had quite a busy last weekend, because I got libfuse security reports.
> >> In ordert to avoid lots of reports, I just added support for CodeChecker
> >> + cppcheck and CodeChecker+gcc checker. Clang CTU is is prepared, but I
> >> need to let AI work over the weekend to fixes for these (obviously will
> >> need manual editing, as last weekend).
> >> In the end not too bad and I don't think and urgent need for a new
> >> release. Although I should probably make a new 3.18.3 version soon.
> >>
> >> That also made me to add new checks. I actually already that github
> >> codeql checker in place, but only realized last weekend that it didn't
> >> generate any reports. On your PR that gives
> >>
> >> New alerts in code changed by this pull request
> >>
> >> Security Alerts:
> >>
> >>     4 critical
> >>     3 high
> >>
> >> Other Alerts:
> >>
> >>     4 warnings
> >>     10 notes
> >>
> >>
> >> Some of these, like "This switch statement should either handle more
> >> cases, or be rewritten as an if statement." can be suppressed. With some
> >> I probably agree
> >>
> >>
> >> 	cmd = malloc(iov.iov_len);
> >> 	if (!cmd) {
> >> 		int error = errno;
> >> Note
> >> Declaration hides parameter
> >> Local variable 'error' hides a parameter of the same name.
> >> CodeQL
> > 
> > Oh yikes yes.  I probably ought to have added the same "turn the gcc
> > warnings up real high" patch to my branch that I use for xfs stuff.
> > 
> > (Huh.  No warnings.  Well, that's good at least.)
> > 
> >> The new CodeChecker (gcc,cppchechk) actions also complain, the GUI
> >> should give the output, but I don't see it yet.
> > 
> > <nod> Any reports you get about my branch, please feel free to lob it at
> > me and tell me to fix it :)
> > 
> > I can run cppcheck locally, so I'll try to fix all the warnings that
> > your copy is throwing out, and send you an updated pr.
> > 
> >> My plan for the weekend is to address your comments in my series and
> >> then to merge it. If still some time left, I would like to fix all the
> >> reports in your series and merge that as well.
> >> Then maybe next week to combine some mount code dup that comes from both
> >> series.
> >>
> >> Ok with you?
> > 
> > Yes, that sounds good.  Let me know if you want any help. :)
> 
> Would be great if you could fix the cppcheck and gcc codechecker
> reports. For cppcheck you might need to inline suppress some wrong
> warnings - needs this patch
> 
> https://github.com/libfuse/libfuse/pull/1477/changes/0322af4d9bba93aad5f6445346aa83a549bb3d19
> 
> This commit also shows the path how to run it:
> 
> .github/workflows/codechecker.sh
> 
> Fow now we we ignore everything in example/ and some cppcheck warnings
> are ignored for now - these were too many for now.

Ok, I got the cppcheck part working, and the fixes were fairly straight
forward.  As for CodeChecker, is this the one:

https://github.com/Ericsson/codechecker

that the yml file tries to find?

--D

> 
> Thanks,
> Bernd

Re: [GIT PULL] libfuse: run fuse servers as a contained service

[Darrick J. Wong]

On Fri, Apr 10, 2026 at 03:12:10PM -0700, Darrick J. Wong wrote:
> On Fri, Apr 10, 2026 at 08:30:49PM +0200, Bernd Schubert wrote:
> > 
> > 
> > On 4/10/26 17:56, Darrick J. Wong wrote:
> > > On Fri, Apr 10, 2026 at 02:24:28PM +0200, Bernd Schubert wrote:
> > >> Hi Darrick,
> > >>
> > >> On 4/10/26 00:24, Darrick J. Wong wrote:
> > >>> Hi Bernd,
> > >>>
> > >>> Please pull this branch with changes for libfuse.
> > >>>
> > >>> As usual, I did a test-merge with the main upstream branch as of a few
> > >>> minutes ago, and didn't see any conflicts.  Please let me know if you
> > >>> encounter any problems.
> > >>
> > >> I had already merged another patch beginning of this week that
> > >> introduced a new merge conflict in
> > >> .github/workflows/install-ubuntu-dependencies.sh
> > >>
> > >> I resolved it myself now.
> > >>
> > >>>
> > >>> --D
> > >>>
> > >>> The following changes since commit 3bb9cd99b3688df1bb7536de158ed9e532b277fb:
> > >>>
> > >>> Add the codechecker/cppcheck github action (2026-04-07 10:08:49 +0200)
> > >>>
> > >>> are available in the Git repository at:
> > >>>
> > >>> https://git.kernel.org/pub/scm/linux/kernel/git/djwong/libfuse.git tags/fuse-service-container_2026-04-09

Hi Bernd,

Here's today's branch, with the static checker problems fixed, I hope:
https://git.kernel.org/pub/scm/linux/kernel/git/djwong/libfuse.git tags/fuse-service-container_2026-04-10

This is the codechecker report that I got (u:x p:x, I'm too lame for
anubis):
https://djwong.org/docs/libfuse/#sort=file-path&asc=1
from pip install'ing codechecker and running:

./.github/workflows/codechecker.sh --gcc --codechecker --build-dir build-x86_64/

AFAICT, none of those bugs are related to anything touched by the
containerization patches.  Though I'm not 100% sure of the outputs; I
didn't see anything about a switch statement.

--D

> > >>>
> > >>> for you to fetch changes up to 0db39a8f8844ff88496ed36da417554cb4f3751d:
> > >>>
> > >>> nullfs: support fuse systemd service mode (2026-04-09 12:31:08 -0700)
> > >>
> > >> I had quite a busy last weekend, because I got libfuse security reports.
> > >> In ordert to avoid lots of reports, I just added support for CodeChecker
> > >> + cppcheck and CodeChecker+gcc checker. Clang CTU is is prepared, but I
> > >> need to let AI work over the weekend to fixes for these (obviously will
> > >> need manual editing, as last weekend).
> > >> In the end not too bad and I don't think and urgent need for a new
> > >> release. Although I should probably make a new 3.18.3 version soon.
> > >>
> > >> That also made me to add new checks. I actually already that github
> > >> codeql checker in place, but only realized last weekend that it didn't
> > >> generate any reports. On your PR that gives
> > >>
> > >> New alerts in code changed by this pull request
> > >>
> > >> Security Alerts:
> > >>
> > >>     4 critical
> > >>     3 high
> > >>
> > >> Other Alerts:
> > >>
> > >>     4 warnings
> > >>     10 notes
> > >>
> > >>
> > >> Some of these, like "This switch statement should either handle more
> > >> cases, or be rewritten as an if statement." can be suppressed. With some
> > >> I probably agree
> > >>
> > >>
> > >> 	cmd = malloc(iov.iov_len);
> > >> 	if (!cmd) {
> > >> 		int error = errno;
> > >> Note
> > >> Declaration hides parameter
> > >> Local variable 'error' hides a parameter of the same name.
> > >> CodeQL
> > > 
> > > Oh yikes yes.  I probably ought to have added the same "turn the gcc
> > > warnings up real high" patch to my branch that I use for xfs stuff.
> > > 
> > > (Huh.  No warnings.  Well, that's good at least.)
> > > 
> > >> The new CodeChecker (gcc,cppchechk) actions also complain, the GUI
> > >> should give the output, but I don't see it yet.
> > > 
> > > <nod> Any reports you get about my branch, please feel free to lob it at
> > > me and tell me to fix it :)
> > > 
> > > I can run cppcheck locally, so I'll try to fix all the warnings that
> > > your copy is throwing out, and send you an updated pr.
> > > 
> > >> My plan for the weekend is to address your comments in my series and
> > >> then to merge it. If still some time left, I would like to fix all the
> > >> reports in your series and merge that as well.
> > >> Then maybe next week to combine some mount code dup that comes from both
> > >> series.
> > >>
> > >> Ok with you?
> > > 
> > > Yes, that sounds good.  Let me know if you want any help. :)
> > 
> > Would be great if you could fix the cppcheck and gcc codechecker
> > reports. For cppcheck you might need to inline suppress some wrong
> > warnings - needs this patch
> > 
> > https://github.com/libfuse/libfuse/pull/1477/changes/0322af4d9bba93aad5f6445346aa83a549bb3d19
> > 
> > This commit also shows the path how to run it:
> > 
> > .github/workflows/codechecker.sh
> > 
> > Fow now we we ignore everything in example/ and some cppcheck warnings
> > are ignored for now - these were too many for now.
> 
> Ok, I got the cppcheck part working, and the fixes were fairly straight
> forward.  As for CodeChecker, is this the one:
> 
> https://github.com/Ericsson/codechecker
> 
> that the yml file tries to find?
> 
> --D
> 
> > 
> > Thanks,
> > Bernd
> 

Re: [GIT PULL] libfuse: run fuse servers as a contained service

[Bernd Schubert]

On 4/11/26 04:48, Darrick J. Wong wrote:
> On Fri, Apr 10, 2026 at 03:12:10PM -0700, Darrick J. Wong wrote:
>> On Fri, Apr 10, 2026 at 08:30:49PM +0200, Bernd Schubert wrote:
>>>
>>>
>>> On 4/10/26 17:56, Darrick J. Wong wrote:
>>>> On Fri, Apr 10, 2026 at 02:24:28PM +0200, Bernd Schubert wrote:
>>>>> Hi Darrick,
>>>>>
>>>>> On 4/10/26 00:24, Darrick J. Wong wrote:
>>>>>> Hi Bernd,
>>>>>>
>>>>>> Please pull this branch with changes for libfuse.
>>>>>>
>>>>>> As usual, I did a test-merge with the main upstream branch as of a few
>>>>>> minutes ago, and didn't see any conflicts.  Please let me know if you
>>>>>> encounter any problems.
>>>>>
>>>>> I had already merged another patch beginning of this week that
>>>>> introduced a new merge conflict in
>>>>> .github/workflows/install-ubuntu-dependencies.sh
>>>>>
>>>>> I resolved it myself now.
>>>>>
>>>>>>
>>>>>> --D
>>>>>>
>>>>>> The following changes since commit 3bb9cd99b3688df1bb7536de158ed9e532b277fb:
>>>>>>
>>>>>> Add the codechecker/cppcheck github action (2026-04-07 10:08:49 +0200)
>>>>>>
>>>>>> are available in the Git repository at:
>>>>>>
>>>>>> https://git.kernel.org/pub/scm/linux/kernel/git/djwong/libfuse.git tags/fuse-service-container_2026-04-09
> 
> Hi Bernd,
> 
> Here's today's branch, with the static checker problems fixed, I hope:
> https://git.kernel.org/pub/scm/linux/kernel/git/djwong/libfuse.git tags/fuse-service-container_2026-04-10
> 
> This is the codechecker report that I got (u:x p:x, I'm too lame for
> anubis):
> https://djwong.org/docs/libfuse/#sort=file-path&asc=1
> from pip install'ing codechecker and running:
> 
> ./.github/workflows/codechecker.sh --gcc --codechecker --build-dir build-x86_64/
> 
> AFAICT, none of those bugs are related to anything touched by the
> containerization patches.  Though I'm not 100% sure of the outputs; I
> didn't see anything about a switch statement.
> 
> --D
> 
>>>>>>
>>>>>> for you to fetch changes up to 0db39a8f8844ff88496ed36da417554cb4f3751d:
>>>>>>
>>>>>> nullfs: support fuse systemd service mode (2026-04-09 12:31:08 -0700)
>>>>>
>>>>> I had quite a busy last weekend, because I got libfuse security reports.
>>>>> In ordert to avoid lots of reports, I just added support for CodeChecker
>>>>> + cppcheck and CodeChecker+gcc checker. Clang CTU is is prepared, but I
>>>>> need to let AI work over the weekend to fixes for these (obviously will
>>>>> need manual editing, as last weekend).
>>>>> In the end not too bad and I don't think and urgent need for a new
>>>>> release. Although I should probably make a new 3.18.3 version soon.
>>>>>
>>>>> That also made me to add new checks. I actually already that github
>>>>> codeql checker in place, but only realized last weekend that it didn't
>>>>> generate any reports. On your PR that gives
>>>>>
>>>>> New alerts in code changed by this pull request
>>>>>
>>>>> Security Alerts:
>>>>>
>>>>>     4 critical
>>>>>     3 high
>>>>>
>>>>> Other Alerts:
>>>>>
>>>>>     4 warnings
>>>>>     10 notes
>>>>>
>>>>>
>>>>> Some of these, like "This switch statement should either handle more
>>>>> cases, or be rewritten as an if statement." can be suppressed. With some
>>>>> I probably agree
>>>>>
>>>>>
>>>>> 	cmd = malloc(iov.iov_len);
>>>>> 	if (!cmd) {
>>>>> 		int error = errno;
>>>>> Note
>>>>> Declaration hides parameter
>>>>> Local variable 'error' hides a parameter of the same name.
>>>>> CodeQL
>>>>
>>>> Oh yikes yes.  I probably ought to have added the same "turn the gcc
>>>> warnings up real high" patch to my branch that I use for xfs stuff.
>>>>
>>>> (Huh.  No warnings.  Well, that's good at least.)
>>>>
>>>>> The new CodeChecker (gcc,cppchechk) actions also complain, the GUI
>>>>> should give the output, but I don't see it yet.
>>>>
>>>> <nod> Any reports you get about my branch, please feel free to lob it at
>>>> me and tell me to fix it :)
>>>>
>>>> I can run cppcheck locally, so I'll try to fix all the warnings that
>>>> your copy is throwing out, and send you an updated pr.
>>>>
>>>>> My plan for the weekend is to address your comments in my series and
>>>>> then to merge it. If still some time left, I would like to fix all the
>>>>> reports in your series and merge that as well.
>>>>> Then maybe next week to combine some mount code dup that comes from both
>>>>> series.
>>>>>
>>>>> Ok with you?
>>>>
>>>> Yes, that sounds good.  Let me know if you want any help. :)


Hi Darrick,

thanks a lot for the updates. And apologies, I didn't get that far
during the weekend again :( I also eventually wanted to send the new
version for the reduced ring queue patches and then xfstests got stuck
at at generic/650 (cpu off/on loop) and I was searching for the issue
kind of all weekend. Unfortunately searched in the wrong place (kernel)
and only noticed when I had added debugfs support to fuse. Patch for
debugfs support follows during the next days. (The ugly part was that
passthrough_hp had crashed and got stuck in backtrace_symbols - process
alive, but not operating...).
I will get to your patch series the next evenings.


>>>
>>> Would be great if you could fix the cppcheck and gcc codechecker
>>> reports. For cppcheck you might need to inline suppress some wrong
>>> warnings - needs this patch
>>>
>>> https://github.com/libfuse/libfuse/pull/1477/changes/0322af4d9bba93aad5f6445346aa83a549bb3d19
>>>
>>> This commit also shows the path how to run it:
>>>
>>> .github/workflows/codechecker.sh
>>>
>>> Fow now we we ignore everything in example/ and some cppcheck warnings
>>> are ignored for now - these were too many for now.
>>
>> Ok, I got the cppcheck part working, and the fixes were fairly straight
>> forward.  As for CodeChecker, is this the one:
>>
>> https://github.com/Ericsson/codechecker
>>
>> that the yml file tries to find?

Yes. this one. There is also a codql yml file, which is githubs own code
checker, it complains about these single case conditions. I will just
click that away. I guess you cannot see the reports without a github
account.


Sorry again and I hope I get there soon,
Bernd

Re: [GIT PULL] libfuse: run fuse servers as a contained service

[Darrick J. Wong]

On Wed, Apr 15, 2026 at 12:00:41AM +0200, Bernd Schubert wrote:
> 
> 
> On 4/11/26 04:48, Darrick J. Wong wrote:
> > On Fri, Apr 10, 2026 at 03:12:10PM -0700, Darrick J. Wong wrote:
> >> On Fri, Apr 10, 2026 at 08:30:49PM +0200, Bernd Schubert wrote:
> >>>
> >>>
> >>> On 4/10/26 17:56, Darrick J. Wong wrote:
> >>>> On Fri, Apr 10, 2026 at 02:24:28PM +0200, Bernd Schubert wrote:
> >>>>> Hi Darrick,
> >>>>>
> >>>>> On 4/10/26 00:24, Darrick J. Wong wrote:
> >>>>>> Hi Bernd,
> >>>>>>
> >>>>>> Please pull this branch with changes for libfuse.
> >>>>>>
> >>>>>> As usual, I did a test-merge with the main upstream branch as of a few
> >>>>>> minutes ago, and didn't see any conflicts.  Please let me know if you
> >>>>>> encounter any problems.
> >>>>>
> >>>>> I had already merged another patch beginning of this week that
> >>>>> introduced a new merge conflict in
> >>>>> .github/workflows/install-ubuntu-dependencies.sh
> >>>>>
> >>>>> I resolved it myself now.
> >>>>>
> >>>>>>
> >>>>>> --D
> >>>>>>
> >>>>>> The following changes since commit 3bb9cd99b3688df1bb7536de158ed9e532b277fb:
> >>>>>>
> >>>>>> Add the codechecker/cppcheck github action (2026-04-07 10:08:49 +0200)
> >>>>>>
> >>>>>> are available in the Git repository at:
> >>>>>>
> >>>>>> https://git.kernel.org/pub/scm/linux/kernel/git/djwong/libfuse.git tags/fuse-service-container_2026-04-09
> > 
> > Hi Bernd,
> > 
> > Here's today's branch, with the static checker problems fixed, I hope:
> > https://git.kernel.org/pub/scm/linux/kernel/git/djwong/libfuse.git tags/fuse-service-container_2026-04-10
> > 
> > This is the codechecker report that I got (u:x p:x, I'm too lame for
> > anubis):
> > https://djwong.org/docs/libfuse/#sort=file-path&asc=1
> > from pip install'ing codechecker and running:
> > 
> > ./.github/workflows/codechecker.sh --gcc --codechecker --build-dir build-x86_64/
> > 
> > AFAICT, none of those bugs are related to anything touched by the
> > containerization patches.  Though I'm not 100% sure of the outputs; I
> > didn't see anything about a switch statement.
> > 
> > --D
> > 
> >>>>>>
> >>>>>> for you to fetch changes up to 0db39a8f8844ff88496ed36da417554cb4f3751d:
> >>>>>>
> >>>>>> nullfs: support fuse systemd service mode (2026-04-09 12:31:08 -0700)
> >>>>>
> >>>>> I had quite a busy last weekend, because I got libfuse security reports.
> >>>>> In ordert to avoid lots of reports, I just added support for CodeChecker
> >>>>> + cppcheck and CodeChecker+gcc checker. Clang CTU is is prepared, but I
> >>>>> need to let AI work over the weekend to fixes for these (obviously will
> >>>>> need manual editing, as last weekend).
> >>>>> In the end not too bad and I don't think and urgent need for a new
> >>>>> release. Although I should probably make a new 3.18.3 version soon.
> >>>>>
> >>>>> That also made me to add new checks. I actually already that github
> >>>>> codeql checker in place, but only realized last weekend that it didn't
> >>>>> generate any reports. On your PR that gives
> >>>>>
> >>>>> New alerts in code changed by this pull request
> >>>>>
> >>>>> Security Alerts:
> >>>>>
> >>>>>     4 critical
> >>>>>     3 high
> >>>>>
> >>>>> Other Alerts:
> >>>>>
> >>>>>     4 warnings
> >>>>>     10 notes
> >>>>>
> >>>>>
> >>>>> Some of these, like "This switch statement should either handle more
> >>>>> cases, or be rewritten as an if statement." can be suppressed. With some
> >>>>> I probably agree
> >>>>>
> >>>>>
> >>>>> 	cmd = malloc(iov.iov_len);
> >>>>> 	if (!cmd) {
> >>>>> 		int error = errno;
> >>>>> Note
> >>>>> Declaration hides parameter
> >>>>> Local variable 'error' hides a parameter of the same name.
> >>>>> CodeQL
> >>>>
> >>>> Oh yikes yes.  I probably ought to have added the same "turn the gcc
> >>>> warnings up real high" patch to my branch that I use for xfs stuff.
> >>>>
> >>>> (Huh.  No warnings.  Well, that's good at least.)
> >>>>
> >>>>> The new CodeChecker (gcc,cppchechk) actions also complain, the GUI
> >>>>> should give the output, but I don't see it yet.
> >>>>
> >>>> <nod> Any reports you get about my branch, please feel free to lob it at
> >>>> me and tell me to fix it :)
> >>>>
> >>>> I can run cppcheck locally, so I'll try to fix all the warnings that
> >>>> your copy is throwing out, and send you an updated pr.
> >>>>
> >>>>> My plan for the weekend is to address your comments in my series and
> >>>>> then to merge it. If still some time left, I would like to fix all the
> >>>>> reports in your series and merge that as well.
> >>>>> Then maybe next week to combine some mount code dup that comes from both
> >>>>> series.
> >>>>>
> >>>>> Ok with you?
> >>>>
> >>>> Yes, that sounds good.  Let me know if you want any help. :)
> 
> 
> Hi Darrick,
> 
> thanks a lot for the updates. And apologies, I didn't get that far
> during the weekend again :( I also eventually wanted to send the new

No worries.  Don't strain yourself! :D

> version for the reduced ring queue patches and then xfstests got stuck
> at at generic/650 (cpu off/on loop) and I was searching for the issue

Urrrk, g/650 is one of my horrible creations.

> kind of all weekend. Unfortunately searched in the wrong place (kernel)
> and only noticed when I had added debugfs support to fuse. Patch for
> debugfs support follows during the next days. (The ugly part was that
> passthrough_hp had crashed and got stuck in backtrace_symbols - process
> alive, but not operating...).
> I will get to your patch series the next evenings.

Ok.  Here's today's branch:
https://git.kernel.org/pub/scm/linux/kernel/git/djwong/libfuse.git/log/?h=fuse-service-container_2026-04-14

along with all the changes/fixes I mentioned upthread.  Whichever day
you think you'll get to it, please don't hesitate to reach out and ask
me for the freshest branch.

> >>>
> >>> Would be great if you could fix the cppcheck and gcc codechecker
> >>> reports. For cppcheck you might need to inline suppress some wrong
> >>> warnings - needs this patch
> >>>
> >>> https://github.com/libfuse/libfuse/pull/1477/changes/0322af4d9bba93aad5f6445346aa83a549bb3d19
> >>>
> >>> This commit also shows the path how to run it:
> >>>
> >>> .github/workflows/codechecker.sh
> >>>
> >>> Fow now we we ignore everything in example/ and some cppcheck warnings
> >>> are ignored for now - these were too many for now.
> >>
> >> Ok, I got the cppcheck part working, and the fixes were fairly straight
> >> forward.  As for CodeChecker, is this the one:
> >>
> >> https://github.com/Ericsson/codechecker
> >>
> >> that the yml file tries to find?
> 
> Yes. this one. There is also a codql yml file, which is githubs own code
> checker, it complains about these single case conditions. I will just
> click that away. I guess you cannot see the reports without a github
> account.

I created a virtualenv so I could install it and run it locally, and
touched up the things it complained about.  I haven't gotten to whatever
--infer does yet, but I hope I'm getting close to parity with the github
actions.

--D

Re: [GIT PULL] libfuse: run fuse servers as a contained service

[Darrick J. Wong]

On Tue, Apr 14, 2026 at 05:01:47PM -0700, Darrick J. Wong wrote:

<delete a bunch of stuff>

Hi Bernd!

> > alive, but not operating...).
> > I will get to your patch series the next evenings.
> 
> Ok.  Here's today's branch:
> https://git.kernel.org/pub/scm/linux/kernel/git/djwong/libfuse.git/log/?h=fuse-service-container_2026-04-14
> 
> along with all the changes/fixes I mentioned upthread.  Whichever day
> you think you'll get to it, please don't hesitate to reach out and ask
> me for the freshest branch.

Here's today's branch, with all the cleanups and bug fixes that I
mentioned in the patchset:
https://git.kernel.org/pub/scm/linux/kernel/git/djwong/libfuse.git/log/?h=fuse-service-container_2026-04-17

AFAICT it doesn't introduce any new cppcheck/checkpatch complaints.

--D

[GIT PULL] libfuse: run fuse servers as a contained service

[Darrick J. Wong]

Hi Bernd,

Please pull this branch with changes for libfuse.

As usual, I did a test-merge with the main upstream branch as of a few
minutes ago, and didn't see any conflicts.  Please let me know if you
encounter any problems.

--D

The following changes since commit 73db1b26a4c759ecf6cfce495d8be85d5e5085f4:

fix: add assert to prevent NULL pointer dereference in try_get_path (2026-03-03 15:39:48 +0100)

are available in the Git repository at:

https://git.kernel.org/pub/scm/linux/kernel/git/djwong/libfuse.git tags/fuse-service-container-3.19_2026-03-03

for you to fetch changes up to d686733ac24a50e957cfd1117cc3315cce510bf3:

example/service_ll: create a sample systemd service fuse server (2026-03-03 15:41:58 -0800)

----------------------------------------------------------------
libfuse: run fuse servers as a contained service [v8]

This patchset defines the necessary communication protocols and library
code so that users can mount fuse servers that run in unprivileged
systemd service containers.  That in turn allows unprivileged untrusted
mounts, because the worst that can happen is that a malicious image
crashes the fuse server and the mount dies, instead of corrupting the
kernel.

Bernd indicated that he might be interested in looking at the fuse
system service containment patches sooner than later, so I've separated
them from the iomap stuff and here we are.  With this patchset, we can
at least shift fuse servers to contained systemd services, albeit
without any of the performance improvements of iomap.

With a bit of luck, this should all go splendidly.

Signed-off-by: "Darrick J. Wong" <djwong@kernel.org>

----------------------------------------------------------------
Darrick J. Wong (3):
libfuse: add systemd/inetd socket service mounting helper
libfuse: integrate fuse services into mount.fuse3
example/service_ll: create a sample systemd service fuse server

include/fuse_service.h       |  180 +++++++
include/fuse_service_priv.h  |  118 +++++
lib/fuse_i.h                 |    5 +
util/mount_service.h         |   41 ++
doc/fuservicemount3.8        |   32 ++
doc/meson.build              |    3 +
example/meson.build          |    7 +
example/service_ll.c         |  823 ++++++++++++++++++++++++++++++++
example/service_ll.socket.in |   16 +
example/service_ll@.service  |   99 ++++
include/meson.build          |    4 +
lib/fuse_service.c           |  859 ++++++++++++++++++++++++++++++++++
lib/fuse_service_stub.c      |   91 ++++
lib/fuse_versionscript       |   15 +
lib/helper.c                 |   53 +++
lib/meson.build              |   14 +-
lib/mount.c                  |   57 ++-
meson.build                  |   37 ++
meson_options.txt            |    6 +
util/fuservicemount.c        |   66 +++
util/meson.build             |   13 +-
util/mount.fuse.c            |   58 ++-
util/mount_service.c         | 1056 ++++++++++++++++++++++++++++++++++++++++++
23 files changed, 3617 insertions(+), 36 deletions(-)
create mode 100644 include/fuse_service.h
create mode 100644 include/fuse_service_priv.h
create mode 100644 util/mount_service.h
create mode 100644 doc/fuservicemount3.8
create mode 100644 example/service_ll.c
create mode 100644 example/service_ll.socket.in
create mode 100644 example/service_ll@.service
create mode 100644 lib/fuse_service.c
create mode 100644 lib/fuse_service_stub.c
create mode 100644 util/fuservicemount.c
create mode 100644 util/mount_service.c

Re: [GIT PULL] libfuse: run fuse servers as a contained service

[Bernd Schubert]

On 3/4/26 01:11, Darrick J. Wong wrote:
> Hi Bernd,
> 
> Please pull this branch with changes for libfuse.
> 
> As usual, I did a test-merge with the main upstream branch as of a few
> minutes ago, and didn't see any conflicts.  Please let me know if you
> encounter any problems.

Hi Darrick,

quite some problems actually ;)

https://github.com/libfuse/libfuse/pull/1444

Basically everything fails.  Build test with

../../../home/runner/work/libfuse/libfuse/lib/fuse_service.c:24:10:
fatal error: 'systemd/sd-daemon.h' file not found
   24 | #include <systemd/sd-daemon.h>


Two issues here:
a) meson is not testing for sd-daemon.h?
a.1) If not available needs to disable that service? Because I don't
think BSD has support for systemd.

b) .github/workflow/*.yml files need to be adjusted to add in the new
dependency.


Please also have a look at checkpatch (which is a plain linux copy) and
the spelling test failures.


Thanks,
Bernd

Re: [GIT PULL] libfuse: run fuse servers as a contained service

[Darrick J. Wong]

On Wed, Mar 04, 2026 at 02:36:03PM +0100, Bernd Schubert wrote:
> 
> 
> On 3/4/26 01:11, Darrick J. Wong wrote:
> > Hi Bernd,
> > 
> > Please pull this branch with changes for libfuse.
> > 
> > As usual, I did a test-merge with the main upstream branch as of a few
> > minutes ago, and didn't see any conflicts.  Please let me know if you
> > encounter any problems.
> 
> Hi Darrick,
> 
> quite some problems actually ;)
> 
> https://github.com/libfuse/libfuse/pull/1444
> 
> Basically everything fails.  Build test with

Doh :(

> ../../../home/runner/work/libfuse/libfuse/lib/fuse_service.c:24:10:
> fatal error: 'systemd/sd-daemon.h' file not found
>    24 | #include <systemd/sd-daemon.h>
> 
> 
> Two issues here:
> a) meson is not testing for sd-daemon.h?

Hrm.  meson.build *should* have this clause to detect systemd:

# Check for systemd support
systemd_system_unit_dir = get_option('systemdsystemunitdir')
if systemd_system_unit_dir == ''
  systemd = dependency('systemd', required: false)
  if systemd.found()
     systemd_system_unit_dir = systemd.get_variable(pkgconfig: 'systemd_system_unit_dir')
  endif
endif

if systemd_system_unit_dir == ''
  warning('could not determine systemdsystemunitdir, systemd stuff will not be installed')
else
  private_cfg.set_quoted('SYSTEMD_SYSTEM_UNIT_DIR', systemd_system_unit_dir)
  private_cfg.set('HAVE_SYSTEMD', true)
endif

# Check for libc SCM_RIGHTS support (aka Linux)
code = '''
#include <sys/socket.h>
int main(void) {
    int moo = SCM_RIGHTS;
    return moo;
}'''
if cc.links(code, name: 'libc SCM_RIGHTS support')
  private_cfg.set('HAVE_SCM_RIGHTS', true)
endif

if private_cfg.get('HAVE_SCM_RIGHTS', false) and private_cfg.get('HAVE_SYSTEMD', false)
  private_cfg.set('HAVE_SERVICEMOUNT', true)
endif


But apparently it built fuse_service.c anyway?  I'll have to look deeper
into what github ci did, since the pkgconfig fil... oh crikey.

systemd-dev contains the systemd.pc file, so the systemd.get_variable
call succeeds and returns a path, thereby enabling the build.  However,
the header files are in libsystemd-dev, and neither package depends on
the other.

So I clearly need to test for the presence of sd-daemon.h in that first
clause that determines if HAVE_SYSTEMD gets set.

> a.1) If not available needs to disable that service? Because I don't
> think BSD has support for systemd.

<nod>

> b) .github/workflow/*.yml files need to be adjusted to add in the new
> dependency.

Oh, ok.  The 'apt install' lines should probably add in systemd-dev.

> Please also have a look at checkpatch (which is a plain linux copy) and
> the spelling test failures.

Ok, will do.

--D

> 
> 
> Thanks,
> Bernd
> 
> 

Re: [GIT PULL] libfuse: run fuse servers as a contained service

[Darrick J. Wong]

On Wed, Mar 04, 2026 at 09:06:52AM -0800, Darrick J. Wong wrote:
> On Wed, Mar 04, 2026 at 02:36:03PM +0100, Bernd Schubert wrote:
> > 
> > 
> > On 3/4/26 01:11, Darrick J. Wong wrote:
> > > Hi Bernd,
> > > 
> > > Please pull this branch with changes for libfuse.
> > > 
> > > As usual, I did a test-merge with the main upstream branch as of a few
> > > minutes ago, and didn't see any conflicts.  Please let me know if you
> > > encounter any problems.
> > 
> > Hi Darrick,
> > 
> > quite some problems actually ;)
> > 
> > https://github.com/libfuse/libfuse/pull/1444
> > 
> > Basically everything fails.  Build test with
> 
> Doh :(
> 
> > ../../../home/runner/work/libfuse/libfuse/lib/fuse_service.c:24:10:
> > fatal error: 'systemd/sd-daemon.h' file not found
> >    24 | #include <systemd/sd-daemon.h>
> > 
> > 
> > Two issues here:
> > a) meson is not testing for sd-daemon.h?
> 
> Hrm.  meson.build *should* have this clause to detect systemd:
> 
> # Check for systemd support
> systemd_system_unit_dir = get_option('systemdsystemunitdir')
> if systemd_system_unit_dir == ''
>   systemd = dependency('systemd', required: false)
>   if systemd.found()
>      systemd_system_unit_dir = systemd.get_variable(pkgconfig: 'systemd_system_unit_dir')
>   endif
> endif
> 
> if systemd_system_unit_dir == ''
>   warning('could not determine systemdsystemunitdir, systemd stuff will not be installed')
> else
>   private_cfg.set_quoted('SYSTEMD_SYSTEM_UNIT_DIR', systemd_system_unit_dir)
>   private_cfg.set('HAVE_SYSTEMD', true)
> endif
> 
> # Check for libc SCM_RIGHTS support (aka Linux)
> code = '''
> #include <sys/socket.h>
> int main(void) {
>     int moo = SCM_RIGHTS;
>     return moo;
> }'''
> if cc.links(code, name: 'libc SCM_RIGHTS support')
>   private_cfg.set('HAVE_SCM_RIGHTS', true)
> endif
> 
> if private_cfg.get('HAVE_SCM_RIGHTS', false) and private_cfg.get('HAVE_SYSTEMD', false)
>   private_cfg.set('HAVE_SERVICEMOUNT', true)
> endif
> 
> 
> But apparently it built fuse_service.c anyway?  I'll have to look deeper
> into what github ci did, since the pkgconfig fil... oh crikey.
> 
> systemd-dev contains the systemd.pc file, so the systemd.get_variable
> call succeeds and returns a path, thereby enabling the build.  However,
> the header files are in libsystemd-dev, and neither package depends on
> the other.
> 
> So I clearly need to test for the presence of sd-daemon.h in that first
> clause that determines if HAVE_SYSTEMD gets set.
> 
> > a.1) If not available needs to disable that service? Because I don't
> > think BSD has support for systemd.
> 
> <nod>
> 
> > b) .github/workflow/*.yml files need to be adjusted to add in the new
> > dependency.
> 
> Oh, ok.  The 'apt install' lines should probably add in systemd-dev.
> 
> > Please also have a look at checkpatch (which is a plain linux copy) and
> > the spelling test failures.
> 
> Ok, will do.

...and the immediate problem that I run into is that all the logs are
hidden behind a login wall so I cannot read them. :(

(It leaked enough about the spelling errors that I can fix those, and
I can run checkpatch locally, but I don't know what else went wrong with
the bsd build or the abi check.)

--D

> --D
> 
> > 
> > 
> > Thanks,
> > Bernd
> > 
> > 
> 

Re: [GIT PULL] libfuse: run fuse servers as a contained service

[Bernd Schubert]

On 3/4/26 19:06, Darrick J. Wong wrote:
> On Wed, Mar 04, 2026 at 09:06:52AM -0800, Darrick J. Wong wrote:
>> On Wed, Mar 04, 2026 at 02:36:03PM +0100, Bernd Schubert wrote:
>>>
>>>
>>> On 3/4/26 01:11, Darrick J. Wong wrote:
>>>> Hi Bernd,
>>>>
>>>> Please pull this branch with changes for libfuse.
>>>>
>>>> As usual, I did a test-merge with the main upstream branch as of a few
>>>> minutes ago, and didn't see any conflicts.  Please let me know if you
>>>> encounter any problems.
>>>
>>> Hi Darrick,
>>>
>>> quite some problems actually ;)
>>>
>>> https://github.com/libfuse/libfuse/pull/1444
>>>
>>> Basically everything fails.  Build test with
>>
>> Doh :(
>>
>>> ../../../home/runner/work/libfuse/libfuse/lib/fuse_service.c:24:10:
>>> fatal error: 'systemd/sd-daemon.h' file not found
>>>    24 | #include <systemd/sd-daemon.h>
>>>
>>>
>>> Two issues here:
>>> a) meson is not testing for sd-daemon.h?
>>
>> Hrm.  meson.build *should* have this clause to detect systemd:
>>
>> # Check for systemd support
>> systemd_system_unit_dir = get_option('systemdsystemunitdir')
>> if systemd_system_unit_dir == ''
>>   systemd = dependency('systemd', required: false)
>>   if systemd.found()
>>      systemd_system_unit_dir = systemd.get_variable(pkgconfig: 'systemd_system_unit_dir')
>>   endif
>> endif
>>
>> if systemd_system_unit_dir == ''
>>   warning('could not determine systemdsystemunitdir, systemd stuff will not be installed')
>> else
>>   private_cfg.set_quoted('SYSTEMD_SYSTEM_UNIT_DIR', systemd_system_unit_dir)
>>   private_cfg.set('HAVE_SYSTEMD', true)
>> endif
>>
>> # Check for libc SCM_RIGHTS support (aka Linux)
>> code = '''
>> #include <sys/socket.h>
>> int main(void) {
>>     int moo = SCM_RIGHTS;
>>     return moo;
>> }'''
>> if cc.links(code, name: 'libc SCM_RIGHTS support')
>>   private_cfg.set('HAVE_SCM_RIGHTS', true)
>> endif
>>
>> if private_cfg.get('HAVE_SCM_RIGHTS', false) and private_cfg.get('HAVE_SYSTEMD', false)
>>   private_cfg.set('HAVE_SERVICEMOUNT', true)
>> endif
>>
>>
>> But apparently it built fuse_service.c anyway?  I'll have to look deeper
>> into what github ci did, since the pkgconfig fil... oh crikey.
>>
>> systemd-dev contains the systemd.pc file, so the systemd.get_variable
>> call succeeds and returns a path, thereby enabling the build.  However,
>> the header files are in libsystemd-dev, and neither package depends on
>> the other.
>>
>> So I clearly need to test for the presence of sd-daemon.h in that first
>> clause that determines if HAVE_SYSTEMD gets set.

Or link test for systemd

>>
>>> a.1) If not available needs to disable that service? Because I don't
>>> think BSD has support for systemd.
>>
>> <nod>
>>
>>> b) .github/workflow/*.yml files need to be adjusted to add in the new
>>> dependency.
>>
>> Oh, ok.  The 'apt install' lines should probably add in systemd-dev.
>>
>>> Please also have a look at checkpatch (which is a plain linux copy) and
>>> the spelling test failures.
>>
>> Ok, will do.
> 
> ...and the immediate problem that I run into is that all the logs are
> hidden behind a login wall so I cannot read them. :(
> 
> (It leaked enough about the spelling errors that I can fix those, and
> I can run checkpatch locally, but I don't know what else went wrong with
> the bsd build or the abi check.)
> 


BSD errors are actually a bit tricky, because it runs them in a VM, one has
to look at "raw logs". I think ABI checks are failling as the normal build
test because of the meson issue.
BSD is this

2026-03-04T13:17:20.5979965Z [14/82] cc -Ilib/libfuse3.so.3.19.0.p -Ilib -I../lib -Iinclude -I../include -I. -I.. -fdiagnostics-color=always -Wall -Winvalid-pch -Wextra -std=gnu11 -O2 -g -D_REENTRANT -DHAVE_LIBFUSE_PRIVATE_CONFIG_H -Wno-sign-compare -D_FILE_OFFSET_BITS=64 -Wstrict-prototypes -Wmissing-declarations -Wwrite-strings -fno-strict-aliasing -fPIC -pthread -DFUSE_USE_VERSION=317 '-DFUSERMOUNT_DIR="/usr/local/bin"' -MD -MQ lib/libfuse3.so.3.19.0.p/fuse_service_stub.c.o -MF lib/libfuse3.so.3.19.0.p/fuse_service_stub.c.o.d -o lib/libfuse3.so.3.19.0.p/fuse_service_stub.c.o -c ../lib/fuse_service_stub.c
2026-03-04T13:17:20.6004021Z FAILED: [code=1] lib/libfuse3.so.3.19.0.p/fuse_service_stub.c.o 
2026-03-04T13:17:20.6008119Z cc -Ilib/libfuse3.so.3.19.0.p -Ilib -I../lib -Iinclude -I../include -I. -I.. -fdiagnostics-color=always -Wall -Winvalid-pch -Wextra -std=gnu11 -O2 -g -D_REENTRANT -DHAVE_LIBFUSE_PRIVATE_CONFIG_H -Wno-sign-compare -D_FILE_OFFSET_BITS=64 -Wstrict-prototypes -Wmissing-declarations -Wwrite-strings -fno-strict-aliasing -fPIC -pthread -DFUSE_USE_VERSION=317 '-DFUSERMOUNT_DIR="/usr/local/bin"' -MD -MQ lib/libfuse3.so.3.19.0.p/fuse_service_stub.c.o -MF lib/libfuse3.so.3.19.0.p/fuse_service_stub.c.o.d -o lib/libfuse3.so.3.19.0.p/fuse_service_stub.c.o -c ../lib/fuse_service_stub.c
2026-03-04T13:17:20.6012011Z In file included from ../lib/fuse_service_stub.c:21:
2026-03-04T13:17:20.6013206Z ../include/fuse_service_priv.h:12:2: error: unknown type name '__be32'
2026-03-04T13:17:20.6013899Z    12 |         __be32 pos;
2026-03-04T13:17:20.6014268Z       |         ^
2026-03-04T13:17:20.6014789Z ../include/fuse_service_priv.h:13:2: error: unknown type name '__be32'
2026-03-04T13:17:20.6015421Z    13 |         __be32 len;
2026-03-04T13:17:20.6015779Z       |         ^
2026-03-04T13:17:20.6016510Z ../include/fuse_service_priv.h:17:2: error: unknown type name '__be32'
2026-03-04T13:17:20.6017130Z    17 |         __be32 magic;
2026-03-04T13:17:20.6017506Z       |         ^
2026-03-04T13:17:20.6018004Z ../include/fuse_service_priv.h:18:2: error: unknown type name '__be32'
2026-03-04T13:17:20.6018615Z    18 |         __be32 argc;
2026-03-04T13:17:20.6018988Z       |         ^


Cheers,
Bernd

Re: [GIT PULL] libfuse: run fuse servers as a contained service

[Darrick J. Wong]

On Wed, Mar 04, 2026 at 08:29:35PM +0100, Bernd Schubert wrote:
> 
> 
> On 3/4/26 19:06, Darrick J. Wong wrote:
> > On Wed, Mar 04, 2026 at 09:06:52AM -0800, Darrick J. Wong wrote:
> >> On Wed, Mar 04, 2026 at 02:36:03PM +0100, Bernd Schubert wrote:
> >>>
> >>>
> >>> On 3/4/26 01:11, Darrick J. Wong wrote:
> >>>> Hi Bernd,
> >>>>
> >>>> Please pull this branch with changes for libfuse.
> >>>>
> >>>> As usual, I did a test-merge with the main upstream branch as of a few
> >>>> minutes ago, and didn't see any conflicts.  Please let me know if you
> >>>> encounter any problems.
> >>>
> >>> Hi Darrick,
> >>>
> >>> quite some problems actually ;)
> >>>
> >>> https://github.com/libfuse/libfuse/pull/1444
> >>>
> >>> Basically everything fails.  Build test with
> >>
> >> Doh :(
> >>
> >>> ../../../home/runner/work/libfuse/libfuse/lib/fuse_service.c:24:10:
> >>> fatal error: 'systemd/sd-daemon.h' file not found
> >>>    24 | #include <systemd/sd-daemon.h>
> >>>
> >>>
> >>> Two issues here:
> >>> a) meson is not testing for sd-daemon.h?
> >>
> >> Hrm.  meson.build *should* have this clause to detect systemd:
> >>
> >> # Check for systemd support
> >> systemd_system_unit_dir = get_option('systemdsystemunitdir')
> >> if systemd_system_unit_dir == ''
> >>   systemd = dependency('systemd', required: false)
> >>   if systemd.found()
> >>      systemd_system_unit_dir = systemd.get_variable(pkgconfig: 'systemd_system_unit_dir')
> >>   endif
> >> endif
> >>
> >> if systemd_system_unit_dir == ''
> >>   warning('could not determine systemdsystemunitdir, systemd stuff will not be installed')
> >> else
> >>   private_cfg.set_quoted('SYSTEMD_SYSTEM_UNIT_DIR', systemd_system_unit_dir)
> >>   private_cfg.set('HAVE_SYSTEMD', true)
> >> endif
> >>
> >> # Check for libc SCM_RIGHTS support (aka Linux)
> >> code = '''
> >> #include <sys/socket.h>
> >> int main(void) {
> >>     int moo = SCM_RIGHTS;
> >>     return moo;
> >> }'''
> >> if cc.links(code, name: 'libc SCM_RIGHTS support')
> >>   private_cfg.set('HAVE_SCM_RIGHTS', true)
> >> endif
> >>
> >> if private_cfg.get('HAVE_SCM_RIGHTS', false) and private_cfg.get('HAVE_SYSTEMD', false)
> >>   private_cfg.set('HAVE_SERVICEMOUNT', true)
> >> endif
> >>
> >>
> >> But apparently it built fuse_service.c anyway?  I'll have to look deeper
> >> into what github ci did, since the pkgconfig fil... oh crikey.
> >>
> >> systemd-dev contains the systemd.pc file, so the systemd.get_variable
> >> call succeeds and returns a path, thereby enabling the build.  However,
> >> the header files are in libsystemd-dev, and neither package depends on
> >> the other.
> >>
> >> So I clearly need to test for the presence of sd-daemon.h in that first
> >> clause that determines if HAVE_SYSTEMD gets set.
> 
> Or link test for systemd

<nod> Hilariously we only need a single #define out of that header file:
SD_LISTEN_FDS_START

> >>
> >>> a.1) If not available needs to disable that service? Because I don't
> >>> think BSD has support for systemd.
> >>
> >> <nod>
> >>
> >>> b) .github/workflow/*.yml files need to be adjusted to add in the new
> >>> dependency.
> >>
> >> Oh, ok.  The 'apt install' lines should probably add in systemd-dev.
> >>
> >>> Please also have a look at checkpatch (which is a plain linux copy) and
> >>> the spelling test failures.
> >>
> >> Ok, will do.
> > 
> > ...and the immediate problem that I run into is that all the logs are
> > hidden behind a login wall so I cannot read them. :(
> > 
> > (It leaked enough about the spelling errors that I can fix those, and
> > I can run checkpatch locally, but I don't know what else went wrong with
> > the bsd build or the abi check.)
> > 
> 
> 
> BSD errors are actually a bit tricky, because it runs them in a VM, one has
> to look at "raw logs". I think ABI checks are failling as the normal build
> test because of the meson issue.
> BSD is this
> 
> 2026-03-04T13:17:20.5979965Z [14/82] cc -Ilib/libfuse3.so.3.19.0.p -Ilib -I../lib -Iinclude -I../include -I. -I.. -fdiagnostics-color=always -Wall -Winvalid-pch -Wextra -std=gnu11 -O2 -g -D_REENTRANT -DHAVE_LIBFUSE_PRIVATE_CONFIG_H -Wno-sign-compare -D_FILE_OFFSET_BITS=64 -Wstrict-prototypes -Wmissing-declarations -Wwrite-strings -fno-strict-aliasing -fPIC -pthread -DFUSE_USE_VERSION=317 '-DFUSERMOUNT_DIR="/usr/local/bin"' -MD -MQ lib/libfuse3.so.3.19.0.p/fuse_service_stub.c.o -MF lib/libfuse3.so.3.19.0.p/fuse_service_stub.c.o.d -o lib/libfuse3.so.3.19.0.p/fuse_service_stub.c.o -c ../lib/fuse_service_stub.c
> 2026-03-04T13:17:20.6004021Z FAILED: [code=1] lib/libfuse3.so.3.19.0.p/fuse_service_stub.c.o 
> 2026-03-04T13:17:20.6008119Z cc -Ilib/libfuse3.so.3.19.0.p -Ilib -I../lib -Iinclude -I../include -I. -I.. -fdiagnostics-color=always -Wall -Winvalid-pch -Wextra -std=gnu11 -O2 -g -D_REENTRANT -DHAVE_LIBFUSE_PRIVATE_CONFIG_H -Wno-sign-compare -D_FILE_OFFSET_BITS=64 -Wstrict-prototypes -Wmissing-declarations -Wwrite-strings -fno-strict-aliasing -fPIC -pthread -DFUSE_USE_VERSION=317 '-DFUSERMOUNT_DIR="/usr/local/bin"' -MD -MQ lib/libfuse3.so.3.19.0.p/fuse_service_stub.c.o -MF lib/libfuse3.so.3.19.0.p/fuse_service_stub.c.o.d -o lib/libfuse3.so.3.19.0.p/fuse_service_stub.c.o -c ../lib/fuse_service_stub.c
> 2026-03-04T13:17:20.6012011Z In file included from ../lib/fuse_service_stub.c:21:
> 2026-03-04T13:17:20.6013206Z ../include/fuse_service_priv.h:12:2: error: unknown type name '__be32'
> 2026-03-04T13:17:20.6013899Z    12 |         __be32 pos;
> 2026-03-04T13:17:20.6014268Z       |         ^
> 2026-03-04T13:17:20.6014789Z ../include/fuse_service_priv.h:13:2: error: unknown type name '__be32'
> 2026-03-04T13:17:20.6015421Z    13 |         __be32 len;
> 2026-03-04T13:17:20.6015779Z       |         ^
> 2026-03-04T13:17:20.6016510Z ../include/fuse_service_priv.h:17:2: error: unknown type name '__be32'
> 2026-03-04T13:17:20.6017130Z    17 |         __be32 magic;
> 2026-03-04T13:17:20.6017506Z       |         ^
> 2026-03-04T13:17:20.6018004Z ../include/fuse_service_priv.h:18:2: error: unknown type name '__be32'
> 2026-03-04T13:17:20.6018615Z    18 |         __be32 argc;
> 2026-03-04T13:17:20.6018988Z       |         ^

Hrmm, well at least on BSD I see that it's building the service stub,
which means that it didn't actually try to build any of the real systemd
service stuff at all.  I think this is due to fuse_service_stub.c
including fuse_service_priv.h unnecessarily.

--D

> 
> 
> Cheers,
> Bernd
> 

Re: [GIT PULL] libfuse: run fuse servers as a contained service

[Darrick J. Wong]

On Wed, Mar 04, 2026 at 02:36:03PM +0100, Bernd Schubert wrote:
> 
> 
> On 3/4/26 01:11, Darrick J. Wong wrote:
> > Hi Bernd,
> > 
> > Please pull this branch with changes for libfuse.
> > 
> > As usual, I did a test-merge with the main upstream branch as of a few
> > minutes ago, and didn't see any conflicts.  Please let me know if you
> > encounter any problems.
> 
> Hi Darrick,
> 
> quite some problems actually ;)
> 
> https://github.com/libfuse/libfuse/pull/1444
> 
> Basically everything fails.  Build test with
> 
> ../../../home/runner/work/libfuse/libfuse/lib/fuse_service.c:24:10:
> fatal error: 'systemd/sd-daemon.h' file not found
>    24 | #include <systemd/sd-daemon.h>
> 
> 
> Two issues here:
> a) meson is not testing for sd-daemon.h?
> a.1) If not available needs to disable that service? Because I don't
> think BSD has support for systemd.
> 
> b) .github/workflow/*.yml files need to be adjusted to add in the new
> dependency.
> 
> 
> Please also have a look at checkpatch (which is a plain linux copy) and
> the spelling test failures.

I have a few questions after running checkpatch.pl (the one in the
libfuse repo):

1. What are the error return conventions for libfuse functions?

   The lowlevel library mostly seems to return 0 for succes or negative
   errno, but not all of them are like that, e.g. fuse_parse_cmdline*.

   The rest of libfuse mostly seems to return 0 for success or -1 for
   error, though it's unclear if they set errno to anything?

   This comes up because checkpatch complains about "return ENOTBLK",
   saying that it should be returning -ENOTBLK.  But I'm already sorta
   confused because libfuse and its examples use positive and negative
   errno inconsistently.

2. There's no strscpy, but the check is left on, and there are plenty of
   users in libfuse.

3. Comments at the top of files -- checkpatch complains that the
   non-first lines of a multiline C comment should start with " * "but
   not all of them do that.  Should I just do C comments the way
   checkpatch wants?  Or keep going with the existing code?

--D

> Thanks,
> Bernd
> 
> 

Re: [GIT PULL] libfuse: run fuse servers as a contained service

[Darrick J. Wong]

On Wed, Mar 04, 2026 at 03:23:53PM -0800, Darrick J. Wong wrote:
> On Wed, Mar 04, 2026 at 02:36:03PM +0100, Bernd Schubert wrote:
> > 
> > 
> > On 3/4/26 01:11, Darrick J. Wong wrote:
> > > Hi Bernd,
> > > 
> > > Please pull this branch with changes for libfuse.
> > > 
> > > As usual, I did a test-merge with the main upstream branch as of a few
> > > minutes ago, and didn't see any conflicts.  Please let me know if you
> > > encounter any problems.
> > 
> > Hi Darrick,
> > 
> > quite some problems actually ;)
> > 
> > https://github.com/libfuse/libfuse/pull/1444
> > 
> > Basically everything fails.  Build test with
> > 
> > ../../../home/runner/work/libfuse/libfuse/lib/fuse_service.c:24:10:
> > fatal error: 'systemd/sd-daemon.h' file not found
> >    24 | #include <systemd/sd-daemon.h>
> > 
> > 
> > Two issues here:
> > a) meson is not testing for sd-daemon.h?
> > a.1) If not available needs to disable that service? Because I don't
> > think BSD has support for systemd.
> > 
> > b) .github/workflow/*.yml files need to be adjusted to add in the new
> > dependency.
> > 
> > 
> > Please also have a look at checkpatch (which is a plain linux copy) and
> > the spelling test failures.
> 
> I have a few questions after running checkpatch.pl (the one in the
> libfuse repo):
> 
> 1. What are the error return conventions for libfuse functions?
> 
>    The lowlevel library mostly seems to return 0 for succes or negative
>    errno, but not all of them are like that, e.g. fuse_parse_cmdline*.
> 
>    The rest of libfuse mostly seems to return 0 for success or -1 for
>    error, though it's unclear if they set errno to anything?
> 
>    This comes up because checkpatch complains about "return ENOTBLK",
>    saying that it should be returning -ENOTBLK.  But I'm already sorta
>    confused because libfuse and its examples use positive and negative
>    errno inconsistently.

Hi Bernd,

Having spent a few days looking through lib/fuse*.c more carefully, I've
come to the conclusion that most lowlevel library functions return 0 or
negative errno on failure, and they often call fuse_log to complain
about whatever failed.  Oddly, fuse_reply_err takes positive errno and
ll servers are required to handle sign conversions correctly.  The high
level fuse library does this inversion.

If that sounds like a reasonable approach for fuse_service.c then I'll
convert it to log and return negative errno like the lowlevel library
does.  Right now it mostly sets errno and returns -1, and isn't
completely consistent about fuse_log().  util/mount_service.c will get
changed to fprintf to stderr and return negative errno on failure.

For *_service.c functions that pass around fds from files opened on the
other side of the service socket, a failure to open a file will result
in the negative errno being sent in place of an fd.

How does that sound?

--D

> 2. There's no strscpy, but the check is left on, and there are plenty of
>    users in libfuse.
> 
> 3. Comments at the top of files -- checkpatch complains that the
>    non-first lines of a multiline C comment should start with " * "but
>    not all of them do that.  Should I just do C comments the way
>    checkpatch wants?  Or keep going with the existing code?
> 
> --D
> 
> > Thanks,
> > Bernd
> > 
> > 
> 

Re: [GIT PULL] libfuse: run fuse servers as a contained service

[Bernd Schubert]

Hi Darrick,

really sorry for mys late reply. To my excuse I have the flu since
Thursday and until yesterday it got worse every day.


On 3/9/26 03:27, Darrick J. Wong wrote:
> On Wed, Mar 04, 2026 at 03:23:53PM -0800, Darrick J. Wong wrote:
>> On Wed, Mar 04, 2026 at 02:36:03PM +0100, Bernd Schubert wrote:
>>>
>>>
>>> On 3/4/26 01:11, Darrick J. Wong wrote:
>>>> Hi Bernd,
>>>>
>>>> Please pull this branch with changes for libfuse.
>>>>
>>>> As usual, I did a test-merge with the main upstream branch as of a few
>>>> minutes ago, and didn't see any conflicts.  Please let me know if you
>>>> encounter any problems.
>>>
>>> Hi Darrick,
>>>
>>> quite some problems actually ;)
>>>
>>> https://github.com/libfuse/libfuse/pull/1444
>>>
>>> Basically everything fails.  Build test with
>>>
>>> ../../../home/runner/work/libfuse/libfuse/lib/fuse_service.c:24:10:
>>> fatal error: 'systemd/sd-daemon.h' file not found
>>>    24 | #include <systemd/sd-daemon.h>
>>>
>>>
>>> Two issues here:
>>> a) meson is not testing for sd-daemon.h?
>>> a.1) If not available needs to disable that service? Because I don't
>>> think BSD has support for systemd.
>>>
>>> b) .github/workflow/*.yml files need to be adjusted to add in the new
>>> dependency.
>>>
>>>
>>> Please also have a look at checkpatch (which is a plain linux copy) and
>>> the spelling test failures.
>>
>> I have a few questions after running checkpatch.pl (the one in the
>> libfuse repo):
>>
>> 1. What are the error return conventions for libfuse functions?
>>
>>    The lowlevel library mostly seems to return 0 for succes or negative
>>    errno, but not all of them are like that, e.g. fuse_parse_cmdline*.
>>
>>    The rest of libfuse mostly seems to return 0 for success or -1 for
>>    error, though it's unclear if they set errno to anything?
>>
>>    This comes up because checkpatch complains about "return ENOTBLK",
>>    saying that it should be returning -ENOTBLK.  But I'm already sorta
>>    confused because libfuse and its examples use positive and negative
>>    errno inconsistently.
> 
> Hi Bernd,
> 
> Having spent a few days looking through lib/fuse*.c more carefully, I've
> come to the conclusion that most lowlevel library functions return 0 or
> negative errno on failure, and they often call fuse_log to complain
> about whatever failed.  Oddly, fuse_reply_err takes positive errno and
> ll servers are required to handle sign conversions correctly.  The high
> level fuse library does this inversion.

Yeah I know, confusing. But without breaking the API I don't think there
is much we can do about now.

> 
> If that sounds like a reasonable approach for fuse_service.c then I'll
> convert it to log and return negative errno like the lowlevel library
> does.  Right now it mostly sets errno and returns -1, and isn't
> completely consistent about fuse_log().  util/mount_service.c will get
> changed to fprintf to stderr and return negative errno on failure.


Sounds good to me. Obviously for expected errors you don't want to
create logs. Logging is another topic I need to address at some point,
so that one can set the actual level one wants to print.

> 
> For *_service.c functions that pass around fds from files opened on the
> other side of the service socket, a failure to open a file will result
> in the negative errno being sent in place of an fd.
> 
> How does that sound?
> 
> --D
> 
>> 2. There's no strscpy, but the check is left on, and there are plenty of
>>    users in libfuse.

Hrmm right, I had copied the script from linux to libfuse so that it
complains about wrong code style. So far it was mostly possible to
disable checks, in this specific case we probably need to modify
checkpatch. Pity, that will make it impossible to simply copy over newer
versions.

>>
>> 3. Comments at the top of files -- checkpatch complains that the
>>    non-first lines of a multiline C comment should start with " * "but
>>    not all of them do that.  Should I just do C comments the way
>>    checkpatch wants?  Or keep going with the existing code?

I guess here it is better to follow checkpatch and change to the style,
it expects.


Thanks,
Bernd

Re: [GIT PULL] libfuse: run fuse servers as a contained service

[Darrick J. Wong]

On Mon, Mar 09, 2026 at 06:34:32PM +0100, Bernd Schubert wrote:
> Hi Darrick,
> 
> really sorry for mys late reply. To my excuse I have the flu since
> Thursday and until yesterday it got worse every day.

Oh, no worries.  I hope you feel better soon, but take the time to rest
and get well!

> On 3/9/26 03:27, Darrick J. Wong wrote:
> > On Wed, Mar 04, 2026 at 03:23:53PM -0800, Darrick J. Wong wrote:
> >> On Wed, Mar 04, 2026 at 02:36:03PM +0100, Bernd Schubert wrote:
> >>>
> >>>
> >>> On 3/4/26 01:11, Darrick J. Wong wrote:
> >>>> Hi Bernd,
> >>>>
> >>>> Please pull this branch with changes for libfuse.
> >>>>
> >>>> As usual, I did a test-merge with the main upstream branch as of a few
> >>>> minutes ago, and didn't see any conflicts.  Please let me know if you
> >>>> encounter any problems.
> >>>
> >>> Hi Darrick,
> >>>
> >>> quite some problems actually ;)
> >>>
> >>> https://github.com/libfuse/libfuse/pull/1444
> >>>
> >>> Basically everything fails.  Build test with
> >>>
> >>> ../../../home/runner/work/libfuse/libfuse/lib/fuse_service.c:24:10:
> >>> fatal error: 'systemd/sd-daemon.h' file not found
> >>>    24 | #include <systemd/sd-daemon.h>
> >>>
> >>>
> >>> Two issues here:
> >>> a) meson is not testing for sd-daemon.h?
> >>> a.1) If not available needs to disable that service? Because I don't
> >>> think BSD has support for systemd.
> >>>
> >>> b) .github/workflow/*.yml files need to be adjusted to add in the new
> >>> dependency.
> >>>
> >>>
> >>> Please also have a look at checkpatch (which is a plain linux copy) and
> >>> the spelling test failures.
> >>
> >> I have a few questions after running checkpatch.pl (the one in the
> >> libfuse repo):
> >>
> >> 1. What are the error return conventions for libfuse functions?
> >>
> >>    The lowlevel library mostly seems to return 0 for succes or negative
> >>    errno, but not all of them are like that, e.g. fuse_parse_cmdline*.
> >>
> >>    The rest of libfuse mostly seems to return 0 for success or -1 for
> >>    error, though it's unclear if they set errno to anything?
> >>
> >>    This comes up because checkpatch complains about "return ENOTBLK",
> >>    saying that it should be returning -ENOTBLK.  But I'm already sorta
> >>    confused because libfuse and its examples use positive and negative
> >>    errno inconsistently.
> > 
> > Hi Bernd,
> > 
> > Having spent a few days looking through lib/fuse*.c more carefully, I've
> > come to the conclusion that most lowlevel library functions return 0 or
> > negative errno on failure, and they often call fuse_log to complain
> > about whatever failed.  Oddly, fuse_reply_err takes positive errno and
> > ll servers are required to handle sign conversions correctly.  The high
> > level fuse library does this inversion.
> 
> Yeah I know, confusing. But without breaking the API I don't think there
> is much we can do about now.

<nod> I agree, the existing library api can't change unless someone
introduce a new name (e.g. fuse_session_custom_io_317)

> > If that sounds like a reasonable approach for fuse_service.c then I'll
> > convert it to log and return negative errno like the lowlevel library
> > does.  Right now it mostly sets errno and returns -1, and isn't
> > completely consistent about fuse_log().  util/mount_service.c will get
> > changed to fprintf to stderr and return negative errno on failure.
> 
> 
> Sounds good to me. Obviously for expected errors you don't want to

Ok good, will go do that this afternoon.

For logging ... I think what I'm going to do is log communication errors
between the mount helper and the fuse server, but pass errors from the
kernel api calls (e.g. ENOENT for an open()) straight to the fuse server
and let them figure out what they want to do.

Maybe I'll consider negative errno for comms failure and positive errno
for expected errors <shrug>.  Let's see how that goes.

> create logs. Logging is another topic I need to address at some point,
> so that one can set the actual level one wants to print.

Oh, I figured one simply overrode the logging function if they wanted
non-default parameters. ;)

> > For *_service.c functions that pass around fds from files opened on the
> > other side of the service socket, a failure to open a file will result
> > in the negative errno being sent in place of an fd.
> > 
> > How does that sound?
> > 
> > --D
> > 
> >> 2. There's no strscpy, but the check is left on, and there are plenty of
> >>    users in libfuse.
> 
> Hrmm right, I had copied the script from linux to libfuse so that it
> complains about wrong code style. So far it was mostly possible to
> disable checks, in this specific case we probably need to modify
> checkpatch. Pity, that will make it impossible to simply copy over newer
> versions.

Oh I was just extracting the checkpatch.pl command line from
.github/workflows/checkpatch.yml so I think you could just add "STRCPY"
to the --ignore value in that file.

> >>
> >> 3. Comments at the top of files -- checkpatch complains that the
> >>    non-first lines of a multiline C comment should start with " * "but
> >>    not all of them do that.  Should I just do C comments the way
> >>    checkpatch wants?  Or keep going with the existing code?
> 
> I guess here it is better to follow checkpatch and change to the style,
> it expects.

That is the nice thing about running checkpatch as a git hook -- it only
applies to new(ly changed) code. :)

Get well soon!

--D

> 
> 
> Thanks,
> Bernd
> 
>