[fuse-devel] mount context

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

Dear fuse developers,

I hereby propose the attached patch in order to allow for mountpoint labeling [1] of fuse-based
filesystems (first and foremost I do have sshfs in mind, which cannot support extended
attributes natively due to missing features in the sftp subsystem that ships with openssh [2]).

Note that essentially the same patch has been proposed [3] and accepted into ntfs3g [4] almost
two years ago. This is, as far as I can tell, due to the fact that ntfs3g seems to ship a customized
version of fuse as part of its package rather than directly collaborating with upstream fuse.

Let me elaborate some more on the details and alleged merits of my input:
According to article [5], mount can be used with an "-o context=" option in order to specify a
mountpoint-wide SELinux security context different from the default context provided by the
active SELinux policy.
This is useful in order to enable users to mount multiple sshfs targets under distinct contexts,
which is my main motivation for getting this patch mainlined.
I also know of at least one more use case that can benefit from this patch [6].

This is why I hope you will accept this rather simple fix without much hesitation.
Attached please also find some shell output that demonstrates how this patch works on an
SELinux enabled gentoo machine.
Note that as an improvement over the original ntfs3g patch, I decided to add support for
further similar options "rootcontext=", "defcontext=", and "fscontext=" as described in the
mount manpage [7].

If you have any questions regarding my submission, please let me know.
With kind regards,
Dalvik Khertel

[1] http://www.redhat.com/f/pdf/whitepapers/Filesystem_Labeling_SELinux.pdf
[2] https://bugzilla.mindrot.org/show_bug.cgi?id=1953
[3] https://bugzilla.redhat.com/show_bug.cgi?id=502946#c11
[4] http://www.tuxera.com/community/ntfs-3g-download/

[5] http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Security-Enhanced_
Linux/sect-Security-Enhanced_Linux-Working_with_SELinux-Mounting_File_Systems.html
[6] https://github.com/vmnetx/vmnetx/issues/7
[7] http://linux.die.net/man/8/mount