qemu/qapi
Max Reitz 8fc54f9428 export/fuse: Add allow-other option
Without the allow_other mount option, no user (not even root) but the
one who started qemu/the storage daemon can access the export.  Allow
users to configure the export such that such accesses are possible.

While allow_other is probably what users want, we cannot make it an
unconditional default, because passing it is only possible (for non-root
users) if the global fuse.conf configuration file allows it.  Thus, the
default is an 'auto' mode, in which we first try with allow_other, and
then fall back to without.

FuseExport.allow_other reports whether allow_other was actually used as
a mount option or not.  Currently, this information is not used, but a
future patch will let this field decide whether e.g. an export's UID and
GID can be changed through chmod.

One notable thing about 'auto' mode is that libfuse may print error
messages directly to stderr, and so may fusermount (which it executes).
Our export code cannot really filter or hide them.  Therefore, if 'auto'
fails its first attempt and has to fall back, fusermount will print an
error message that mounting with allow_other failed.

This behavior necessitates a change to iotest 308, namely we need to
filter out this error message (because if the first attempt at mounting
with allow_other succeeds, there will be no such message).

Furthermore, common.rc's _make_test_img should use allow-other=off for
FUSE exports, because iotests generally do not need to access images
from other users, so allow-other=on or allow-other=auto have no
advantage.  OTOH, allow-other=on will not work on systems where
user_allow_other is disabled, and with allow-other=auto, we get said
error message that we would need to filter out again.  Just disabling
allow-other is simplest.

Signed-off-by: Max Reitz <mreitz@redhat.com>
Message-Id: <20210625142317.271673-3-mreitz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2021-07-09 12:26:05 +02:00
..
acpi.json qapi: Extract ACPI commands to 'acpi.json' 2020-09-29 15:41:36 +02:00
audio.json sdlaudio: add -audiodev sdl,out.buffer-count option 2021-01-15 11:25:22 +01:00
authz.json qapi/qom: Add ObjectOptions for authz-* 2021-03-19 10:17:13 +01:00
block-core.json block/rbd: Add support for rbd image encryption 2021-07-09 12:26:05 +02:00
block-export.json export/fuse: Add allow-other option 2021-07-09 12:26:05 +02:00
block.json qapi: Normalize version references x.y.0 to just x.y 2020-12-10 17:16:44 +01:00
char.json ui/vdagent: add clipboard support 2021-05-21 09:42:44 +02:00
common.json qapi/qom: Add ObjectOptions for input-* 2021-03-19 10:17:14 +01:00
compat.json qapi: New -compat deprecated-input=crash 2021-03-19 16:05:11 +01:00
control.json monitor: remove 'query-events' QMP command 2021-03-18 09:22:55 +00:00
crypto.json qapi/qom: Add ObjectOptions for tls-*, deprecate 'loaded' 2021-03-19 10:17:13 +01:00
dump.json schemas: Add vim modeline 2020-08-03 08:28:08 +02:00
error.json schemas: Add vim modeline 2020-08-03 08:28:08 +02:00
introspect.json monitor: Drop query-qmp-schema 'gen': false hack 2021-03-19 16:05:09 +01:00
job.json migration: introduce snapshot-{save, load, delete} QMP commands 2021-02-08 11:19:52 +00:00
machine-target.json qapi: Normalize version references x.y.0 to just x.y 2020-12-10 17:16:44 +01:00
machine.json machine: pass QAPI struct to mc->smp_parse 2021-06-25 16:16:11 +02:00
meson.build Revert "hmp: Use QAPI NetdevInfo in hmp_info_network" 2021-04-08 17:33:59 +08:00
migration.json migration/dirtyrate: make sample page count configurable 2021-06-08 20:18:25 +01:00
misc-target.json target/i386/sev: add support to query the attestation report 2021-06-01 09:32:23 -04:00
misc.json qmp: remove deprecated "change" command 2021-01-23 15:55:07 -05:00
net.json netdev: add more commands to preconfig mode 2021-06-11 10:30:13 +08:00
opts-visitor.c qapi, qemu-options: make all parsing visitors parse boolean options the same 2020-11-04 12:00:40 -05:00
pci.json qapi: Normalize version references x.y.0 to just x.y 2020-12-10 17:16:44 +01:00
pragma.json block: Remove monitor command block_passwd 2021-03-23 22:31:56 +01:00
qapi-clone-visitor.c qapi: Make visitor functions taking Error ** return bool, not void 2020-07-10 15:18:08 +02:00
qapi-dealloc-visitor.c qapi: Make visitor functions taking Error ** return bool, not void 2020-07-10 15:18:08 +02:00
qapi-schema.json qemu-options: New -compat to set policy for deprecated interfaces 2021-03-19 15:43:33 +01:00
qapi-util.c qapi, qemu-options: make all parsing visitors parse boolean options the same 2020-11-04 12:00:40 -05:00
qapi-visit-core.c qapi: Implement deprecated-input=reject for QMP command arguments 2021-03-19 16:05:11 +01:00
qdev.json qapi: Normalize version references x.y.0 to just x.y 2020-12-10 17:16:44 +01:00
qmp-dispatch.c qapi: New -compat deprecated-input=crash 2021-03-19 16:05:11 +01:00
qmp-event.c Include qemu-common.h exactly where needed 2019-06-12 13:20:20 +02:00
qmp-registry.c qga: return a more explicit error on why a command is disabled 2021-03-16 20:21:47 -05:00
qobject-input-visitor.c qapi: New -compat deprecated-input=crash 2021-03-19 16:05:11 +01:00
qobject-output-visitor.c qapi: Implement deprecated-output=hide for QMP command results 2021-03-19 15:43:33 +01:00
qom.json hostmem: Wire up RAM_NORESERVE via "reserve" property 2021-06-15 20:27:38 +02:00
rdma.json schemas: Add vim modeline 2020-08-03 08:28:08 +02:00
replay.json replay: implement replay-seek command 2020-10-06 08:34:49 +02:00
rocker.json schemas: Add vim modeline 2020-08-03 08:28:08 +02:00
run-state.json runstate: cleanup reboot and panic actions 2021-01-21 13:00:41 +01:00
sockets.json sockets: Support multipath TCP 2021-06-08 19:36:22 +01:00
string-input-visitor.c qapi, qemu-options: make all parsing visitors parse boolean options the same 2020-11-04 12:00:40 -05:00
string-output-visitor.c string-output-visitor: Fix to use sufficient precision 2020-12-19 10:37:16 +01:00
tpm.json tpm: Return QMP error when TPM is disabled in build 2021-06-15 10:59:02 -04:00
trace-events docs: fix references to docs/devel/tracing.rst 2021-06-02 06:51:09 +02:00
trace.h trace: switch position of headers to what Meson requires 2020-08-21 06:18:24 -04:00
trace.json qapi: Add blank lines before bulleted lists 2020-02-15 11:41:50 +01:00
transaction.json block: Drop the sheepdog block driver 2021-05-12 17:42:23 +02:00
ui.json ui: Make the DisplayType enum entries conditional 2021-06-23 14:42:30 +02:00
yank.json Introduce yank feature 2021-01-13 10:21:17 +01:00