Re: [PATCH 1/2] fuse: allow FUSE_SYNCFS for privileged userspace servers

Next message: Neeraj Sanjay Kale: "PATCH] Bluetooth: btnxpuart: Fix out-of-bounds firmware read in nxp_recv_fw_req_v3()"
Previous message: Jon Hunter: "Re: [PATCH v4 0/3] iommu/arm-smmu-v3: Tegra264 invalidation workaround"
In reply to: Jimmy Zuber: "[PATCH 1/2] fuse: allow FUSE_SYNCFS for privileged userspace servers"
Next in thread: Jimmy Zuber: "Re: [PATCH 1/2] fuse: allow FUSE_SYNCFS for privileged userspace servers"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Miklos Szeredi

Date: Wed Jun 17 2026 - 04:22:51 EST

On Tue, 16 Jun 2026 at 17:20, Jimmy Zuber <jamz@xxxxxxxxxx> wrote:

> +/*
> + * A server can stall syncfs()/sync(), so only honor FUSE_HAS_SYNCFS for
> + * mounts owned by the initial user namespace, i.e. set up with host
> + * privilege (like virtiofs and fuseblk).
> + */
> +static bool fuse_syncfs_enable(struct fuse_conn *fc, u64 flags)
> +{
> + return (flags & FUSE_HAS_SYNCFS) && fc->user_ns == &init_user_ns;
> +}

Sounds really easy to trick: start the server in the initial user ns,
then clone the mounter with a new user/mount namespace. The
init_user_ns test will pass happily, since the server is running in
the initial namespace.

Thanks,
Miklos