rosa/hakurei
6
3
Fork 2
Code Issues 12 Pull Requests 2 Actions 2 Packages Projects Releases 15 Wiki Activity

cmd/sharefs: group-accessible permission bits
All checks were successful
Test / Create distribution (push) Successful in 1m16s
Details
Test / Sandbox (push) Successful in 3m17s
Details
Test / Hakurei (push) Successful in 4m21s
Details
Test / ShareFS (push) Successful in 4m30s
Details
Test / Sandbox (race detector) (push) Successful in 5m43s
Details
Test / Hakurei (race detector) (push) Successful in 6m48s
Details
Test / Flake checks (push) Successful in 1m28s
Details

Browse Source 
This works around the race in vfs via supplementary group.

Signed-off-by: Ophestra <cat@gensokyo.uk>
This commit is contained in:
Ophestra
2026-04-08 16:14:47 +09:00
parent 351d6c5a35
commit b0ba165107
3 changed files with 31 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
cmd/sharefs/fuse-operations.h
View File

@@ -7,8 +7,8 @@
#endif #endif
#define SHAREFS_MEDIA_RW_ID (1 << 10) - 1 /* owning gid presented to userspace */ #define SHAREFS_MEDIA_RW_ID (1 << 10) - 1 /* owning gid presented to userspace */
#define SHAREFS_PERM_DIR 0700 /* permission bits for directories presented to userspace */ #define SHAREFS_PERM_DIR 0770 /* permission bits for directories presented to userspace */
#define SHAREFS_PERM_REG 0600 /* permission bits for regular files presented to userspace */ #define SHAREFS_PERM_REG 0660 /* permission bits for regular files presented to userspace */
#define SHAREFS_FORBIDDEN_FLAGS O_DIRECT /* these open flags are cleared unconditionally */ #define SHAREFS_FORBIDDEN_FLAGS O_DIRECT /* these open flags are cleared unconditionally */
/* sharefs_private is populated by sharefs_init and contains process-wide context */ /* sharefs_private is populated by sharefs_init and contains process-wide context */

5
test/interactive/configuration.nix
View File

@@ -8,7 +8,10 @@
description = "Alice Foobar"; description = "Alice Foobar";
password = "foobar"; password = "foobar";
uid = 1000; uid = 1000;
extraGroups = [ "wheel" ]; extraGroups = [
"wheel"
"sharefs"
];
}; };
untrusted = { untrusted = {
isNormalUser = true; isNormalUser = true;

44
test/interactive/raceattr.nix
View File

@@ -1,24 +1,30 @@
{ lib, pkgs, ... }: { lib, pkgs, ... }:
let
inherit (pkgs) buildGoModule;
in
{ {
environment.systemPackages = [ security.wrappers.raceattr =
(buildGoModule rec { let
name = "raceattr"; inherit (pkgs) buildGoModule;
pname = name; in
tags = [ "raceattr" ]; {
setuid = true;
owner = "root";
group = "root";
source = "${
(buildGoModule rec {
name = "raceattr";
pname = name;
tags = [ "raceattr" ];
src = builtins.path { src = builtins.path {
name = "${pname}-src"; name = "${pname}-src";
path = lib.cleanSource ../../cmd/sharefs/test; path = lib.cleanSource ../../cmd/sharefs/test;
filter = path: type: (type == "directory") || (type == "regular" && lib.hasSuffix ".go" path); filter = path: type: (type == "directory") || (type == "regular" && lib.hasSuffix ".go" path);
}; };
vendorHash = null; vendorHash = null;
preBuild = '' preBuild = ''
go mod init hakurei.app/raceattr >& /dev/null go mod init hakurei.app/raceattr >& /dev/null
''; '';
}) })
]; }/bin/raceattr";
};
} }