cmd/sharefs: containerise filesystem daemon

This replaces the forking daemonise libfuse function which prevents Go callbacks from calling into the runtime. This also enforces least privilege on the daemon process. Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-12-27 09:17:14 +09:00
parent 3d720ada92
commit 2f8ca83376
3 changed files with 189 additions and 55 deletions
--- a/nixos.nix
+++ b/nixos.nix
@@ -88,7 +88,6 @@ in
                "noatime"
                "auto_unmount"
                "allow_other"
-                "clone_fd"
                "setuid=$(id -u ${cfg.sharefs.user})"
                "setgid=$(id -g ${cfg.sharefs.group})"
                "source=${cfg.sharefs.source}"