Add support for FUSE_HANDLE_KILLPRIV

Fixes #116.

3 files changed, 31 insertions, 0 deletions

diff --git a/include/fuse.h b/include/fuse.h
index 60015ca..56539f1 100644
--- a/include/fuse.h
+++ b/include/fuse.h
@@ -351,6 +351,9 @@ struct fuse_operations {
 	 *
 	 * `fi` will always be NULL if the file is not currenly open, but
 	 * may also be NULL if the file is open.
+	 *
+	 * Unless FUSE_CAP_HANDLE_KILLPRIV is disabled, this method is
+	 * expected to reset the setuid and setgid bits.
 	 */
 	int (*chown) (const char *, uid_t, gid_t, struct fuse_file_info *fi);
 
@@ -358,6 +361,9 @@ struct fuse_operations {
 	 *
 	 * `fi` will always be NULL if the file is not currenly open, but
 	 * may also be NULL if the file is open.
+	 *
+	 * Unless FUSE_CAP_HANDLE_KILLPRIV is disabled, this method is
+	 * expected to reset the setuid and setgid bits.
 	 */
 	int (*truncate) (const char *, off_t, struct fuse_file_info *fi);
 
@@ -395,6 +401,9 @@ struct fuse_operations {
 	 * Write should return exactly the number of bytes requested
 	 * except on error.	 An exception to this is when the 'direct_io'
 	 * mount option is specified (see read operation).
+	 *
+	 * Unless FUSE_CAP_HANDLE_KILLPRIV is disabled, this method is
+	 * expected to reset the setuid and setgid bits.
 	 */
 	int (*write) (const char *, const char *, size_t, off_t,
 		      struct fuse_file_info *);
@@ -635,6 +644,9 @@ struct fuse_operations {
 	 * Similar to the write() method, but data is supplied in a
 	 * generic buffer.  Use fuse_buf_copy() to transfer data to
 	 * the destination.
+	 *
+	 * Unless FUSE_CAP_HANDLE_KILLPRIV is disabled, this method is
+	 * expected to reset the setuid and setgid bits.
 	 */
 	int (*write_buf) (const char *, struct fuse_bufvec *buf, off_t off,
 			  struct fuse_file_info *);
diff --git a/include/fuse_common.h b/include/fuse_common.h
index f336129..04b378f 100644
--- a/include/fuse_common.h
+++ b/include/fuse_common.h
@@ -268,6 +268,15 @@ struct fuse_file_info {
 #define FUSE_CAP_POSIX_ACL              (1 << 19)
 
 /**
+ * Indicates that the filesystem is responsible for unsetting
+ * setuid and setgid bits when a file is written, truncated, or
+ * its owner is changed.
+ *
+ * This feature is enabled by default when supported by the kernel.
+ */
+#define FUSE_CAP_HANDLE_KILLPRIV         (1 << 20)
+
+/**
  * Ioctl flags
  *
  * FUSE_IOCTL_COMPAT: 32bit compat ioctl on 64bit machine
diff --git a/include/fuse_lowlevel.h b/include/fuse_lowlevel.h
index dbf1a27..2cebb30 100644
--- a/include/fuse_lowlevel.h
+++ b/include/fuse_lowlevel.h
@@ -276,6 +276,10 @@ struct fuse_lowlevel_ops {
 	 * bitmask contain valid values.  Other members contain undefined
 	 * values.
 	 *
+	 * Unless FUSE_CAP_HANDLE_KILLPRIV is disabled, this method is
+	 * expected to reset the setuid and setgid bits if the file
+	 * size or owner is being changed.
+	 *
 	 * If the setattr was invoked from the ftruncate() system call
 	 * under Linux kernel versions 2.6.15 or later, the fi->fh will
 	 * contain the value set by the open method or will be undefined
@@ -509,6 +513,9 @@ struct fuse_lowlevel_ops {
 	 * of the write system call will reflect the return value of this
 	 * operation.
 	 *
+	 * Unless FUSE_CAP_HANDLE_KILLPRIV is disabled, this method is
+	 * expected to reset the setuid and setgid bits.
+	 *
 	 * fi->fh will contain the value set by the open method, or will
 	 * be undefined if the open method didn't set any value.
 	 *
@@ -1013,6 +1020,9 @@ struct fuse_lowlevel_ops {
 	 * bufv->off is correctly updated (reflecting the number of
 	 * bytes read from bufv->buf[0]).
 	 *
+	 * Unless FUSE_CAP_HANDLE_KILLPRIV is disabled, this method is
+	 * expected to reset the setuid and setgid bits.
+	 *
 	 * Valid replies:
 	 *   fuse_reply_write
 	 *   fuse_reply_err