From 131955ff7c7e2f32ea152cdf8cba782fb836bbe8 Mon Sep 17 00:00:00 2001 From: Nikolaus Rath Date: Thu, 27 Oct 2016 13:51:59 -0700 Subject: Recommend when to use -o default_permissions automatically --- include/fuse.h | 12 ++++++------ include/fuse_lowlevel.h | 6 ++++++ 2 files changed, 12 insertions(+), 6 deletions(-) (limited to 'include') diff --git a/include/fuse.h b/include/fuse.h index 312818e..ff1475d 100644 --- a/include/fuse.h +++ b/include/fuse.h @@ -280,13 +280,13 @@ struct fuse_config { * init and destroy are special purpose methods, without which a full * featured filesystem can still be implemented. * - * Almost all operations take a path which can be of any length. - * - * Changed in fuse 2.8.0 (regardless of API version) - * Previously, paths were limited to a length of PATH_MAX. + * In general, all methods are expected to perform any necessary + * permission checking. However, a filesystem may delegate this task + * to the kernel by passing the `default_permissions` mount option to + * `fuse_new()`. In this case, methods will only be called if + * the kernel's permission check has succeeded. * - * See http://fuse.sourceforge.net/wiki/ for more information. There - * is also a snapshot of the relevant wiki pages in the doc/ folder. + * Almost all operations take a path which can be of any length. */ struct fuse_operations { /** Get file attributes. diff --git a/include/fuse_lowlevel.h b/include/fuse_lowlevel.h index f876975..503b682 100644 --- a/include/fuse_lowlevel.h +++ b/include/fuse_lowlevel.h @@ -154,6 +154,12 @@ struct fuse_forget_data { * after the call has returned, so if they are needed later, their * contents have to be copied. * + * In general, all methods are expected to perform any necessary + * permission checking. However, a filesystem may delegate this task + * to the kernel by passing the `default_permissions` mount option to + * `fuse_session_new()`. In this case, methods will only be called if + * the kernel's permission check has succeeded. + * * The filesystem sometimes needs to handle a return value of -ENOENT * from the reply function, which means, that the request was * interrupted, and the reply discarded. For example if -- cgit v1.2.3