guest/authfs/src/fusefs/mount.rs - android_packages_modules_Virtualization - Gitiles

 /*
  * Copyright (C) 2021 The Android Open Source Project
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
  *      http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */

 use fuse::mount::MountOption;
 use std::fs::OpenOptions;
 use std::num::NonZeroU8;
 use std::os::unix::io::AsRawFd;
 use std::path::Path;

 use super::AuthFs;

 /// Maximum bytes (excluding the FUSE header) `AuthFs` will receive from the kernel for write
 /// operations by another process.
 pub const MAX_WRITE_BYTES: u32 = 65536;

 /// Maximum bytes (excluding the FUSE header) `AuthFs` will receive from the kernel for read
 /// operations by another process.
 /// TODO(victorhsieh): This option is deprecated by FUSE. Figure out if we can remove this.
 const MAX_READ_BYTES: u32 = 65536;

 /// Mount and start the FUSE instance to handle messages. This requires CAP_SYS_ADMIN.
 pub fn mount_and_enter_message_loop(
     authfs: AuthFs,
     mountpoint: &Path,
     extra_options: &Option<String>,
     threads: Option<NonZeroU8>,
 ) -> Result<(), fuse::Error> {
     let dev_fuse = OpenOptions::new()
         .read(true)
         .write(true)
         .open("/dev/fuse")
         .expect("Failed to open /dev/fuse");

     let mut mount_options = vec![
         MountOption::FD(dev_fuse.as_raw_fd()),
         MountOption::RootMode(libc::S_IFDIR | libc::S_IXUSR | libc::S_IXGRP | libc::S_IXOTH),
         MountOption::AllowOther,
         MountOption::UserId(0),
         MountOption::GroupId(0),
         MountOption::MaxRead(MAX_READ_BYTES),
     ];
     if let Some(value) = extra_options {
         mount_options.push(MountOption::Extra(value));
     }

     fuse::mount(
         mountpoint,
         "authfs",
         libc::MS_NOSUID | libc::MS_NODEV | libc::MS_NOEXEC,
         &mount_options,
     )
     .expect("Failed to mount fuse");

     let mut config = fuse::FuseConfig::new();
     config.dev_fuse(dev_fuse).max_write(MAX_WRITE_BYTES).max_read(MAX_READ_BYTES);
     if let Some(num) = threads {
         config.num_threads(u8::from(num).into());
     }
     config.enter_message_loop(authfs)
 }
	/*
	* Copyright (C) 2021 The Android Open Source Project
	*
	* Licensed under the Apache License, Version 2.0 (the "License");
	* you may not use this file except in compliance with the License.
	* You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/

	use fuse::mount::MountOption;
	use std::fs::OpenOptions;
	use std::num::NonZeroU8;
	use std::os::unix::io::AsRawFd;
	use std::path::Path;

	use super::AuthFs;

	/// Maximum bytes (excluding the FUSE header) `AuthFs` will receive from the kernel for write
	/// operations by another process.
	pub const MAX_WRITE_BYTES: u32 = 65536;

	/// Maximum bytes (excluding the FUSE header) `AuthFs` will receive from the kernel for read
	/// operations by another process.
	/// TODO(victorhsieh): This option is deprecated by FUSE. Figure out if we can remove this.
	const MAX_READ_BYTES: u32 = 65536;

	/// Mount and start the FUSE instance to handle messages. This requires CAP_SYS_ADMIN.
	pub fn mount_and_enter_message_loop(
	authfs: AuthFs,
	mountpoint: &Path,
	extra_options: &Option<String>,
	threads: Option<NonZeroU8>,
	) -> Result<(), fuse::Error> {
	let dev_fuse = OpenOptions::new()
	.read(true)
	.write(true)
	.open("/dev/fuse")
	.expect("Failed to open /dev/fuse");

	let mut mount_options = vec![
	MountOption::FD(dev_fuse.as_raw_fd()),
	MountOption::RootMode(libc::S_IFDIR \| libc::S_IXUSR \| libc::S_IXGRP \| libc::S_IXOTH),
	MountOption::AllowOther,
	MountOption::UserId(0),
	MountOption::GroupId(0),
	MountOption::MaxRead(MAX_READ_BYTES),
	];
	if let Some(value) = extra_options {
	mount_options.push(MountOption::Extra(value));
	}

	fuse::mount(
	mountpoint,
	"authfs",
	libc::MS_NOSUID \| libc::MS_NODEV \| libc::MS_NOEXEC,
	&mount_options,
	)
	.expect("Failed to mount fuse");

	let mut config = fuse::FuseConfig::new();
	config.dev_fuse(dev_fuse).max_write(MAX_WRITE_BYTES).max_read(MAX_READ_BYTES);
	if let Some(num) = threads {
	config.num_threads(u8::from(num).into());
	}
	config.enter_message_loop(authfs)
	}