Re: [fuse-devel] stat() of mountpoint

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

On Tue, 18 Nov 2008, Nikolaus Rath wrote:
> Here is an example of the problems that arise from this:
> 
> I regularly back up /home/* with storeBackup. Since there is a fuse
> mounted .gvfs in the home directories, root is not able to access it.
> Hence I have added an exclude rule for /home/*/.gvfs and expected
> everything to work fine. However, storeBackup apparently relies on the
> fact that it can stat() stuff returned by readdir(), so the
> excludeRule is only applied *afterwards*. Therefore storeBackup still
> tries to stat() the .gvfs, which gives a very unexpected error
> (permission denied rather than 'file not found' which is handled
> because it could happen if the file has been deleted after the
> readdir() call).
> 
> I would believe that similar problems arise with many other backup
> programs, because the assumption that one can stat() everything in a
> directorywith at worst getting a "file not found" seems very
> reasonable.
> 
> 
> Therefore I'd argue in favor of returning something useful. IMO root
> should at least be able to find out that the entry corresponds to a
> directory. So what about returning the properties of the original
> directory, before it became a mountpoint?

mkdir /tmp/a
chown foo /tmp/a
chmod 777 /tmp/a
mkdir /tmp/b
chown bar /tmp/b
chmod 444 /tmp/b
fusefs /tmp/a
mount --bind /tmp/a /tmp/b

now the same filesystem is mounted over both /tmp/a and /tmp/b.  What
should stat return?  (NB. the filesystem doesn't know which path it
was accessed through)

So no, this doesn't work.  We can return a zero permission for both:

d--------- 2 owner group 0 1970-01-01 a

This would work, but it's still an ugly hack, because it means that we
return different attributes depending on the user ID of the process
asking.

The nice solution is private namespaces, it _is_ possible to set them
up, but not trivial.  And unfortunately distros are not yet forced
into implementing this.  Maybe the pain with ~/.gvfs vs. backups will
do that ;)

Want to become early testers?  There's a pam module that does some of
this private namespace stuff, but last I looked it was hopelessly
buggy.

Miklos