Allow --allow-root and --allow-other with FUSE fd mount

Signed-off-by: Burak Varli <[email protected]>

doc/CONFIGURATION.md

@@ -304,16 +304,16 @@ Mountpoint supports mounting S3 buckets to a directory or a FUSE file descriptor
 
 For directory mount points, the passed path must be an existing directory.
 
-For FUSE file descriptors on Linux, you can specify an open FUSE file descriptor as a mount point with '/dev/fd/N' syntax.
+For FUSE file descriptors on Linux, you can specify an open FUSE file descriptor as a mount point with `/dev/fd/N` syntax.
 This is useful in container environments to achieve unprivileged mounts.
 In this case, it's callers responsibility to:
-1. Opening FUSE device (/dev/fuse) in read-write mode to obtain a file descriptor
-2. Performing 'mount' syscall with desired mount point, the file descriptor and mount options.
+1. Opening FUSE device (`/dev/fuse`) in read-write mode to obtain a file descriptor
+2. Performing `mount` syscall with desired mount point, the file descriptor and mount options.
    Mountpoint by default uses and recommends enabling `nodev`, `nosuid`, `default_permissions` and `noatime` mount options,
    see [Linux kernel documentation](https://man7.org/linux/man-pages/man8/mount.fuse3.8.html#OPTIONS) about more details on mount options.
-3. Spawning Mountpoint with the file descriptor using '/dev/fd/N' syntax as mount point
+3. Spawning Mountpoint with the file descriptor using `/dev/fd/N` syntax as mount point
 4. Closing the file descriptor in the parent process
-5. Performing 'unmount' syscall on the mount point once its desired and/or Mountpoint process terminates
+5. Performing `unmount` syscall on the mount point once its desired and/or Mountpoint process terminates
 
 See [mounthelper.go](https://github.com/awslabs/mountpoint-s3/tree/main/examples/fuse-fd-mount-point/mounthelper.go) as an example usage of this feature.
 

mountpoint-s3/src/cli.rs

@@ -557,16 +557,11 @@ impl CliArgs {
 
         #[cfg(target_os = "linux")]
         if matches!(mount_point, MountPoint::FileDescriptor(_)) {
-            let passed_mount_options = &[
-                (self.read_only, "--read-only"),
-                (self.auto_unmount, "--auto-unmount"),
-                (self.allow_root, "--allow-root"),
-                (self.allow_other, "--allow-other"),
-            ]
-            .iter()
-            .filter(|o| o.0)
-            .map(|o| o.1)
-            .collect::<Vec<_>>();
+            let passed_mount_options = &[(self.read_only, "--read-only"), (self.auto_unmount, "--auto-unmount")]
+                .iter()
+                .filter(|o| o.0)
+                .map(|o| o.1)
+                .collect::<Vec<_>>();
 
             if !passed_mount_options.is_empty() {
                 return Err(anyhow!(

mountpoint-s3/tests/fuse_tests/fork_test.rs

@@ -30,8 +30,6 @@ use crate::common::{creds::get_scoped_down_credentials, s3::get_non_test_region,
 
 const MOUNT_OPTION_READ_ONLY: &str = "--read-only";
 const MOUNT_OPTION_AUTO_UNMOUNT: &str = "--auto-unmount";
-const MOUNT_OPTION_ALLOW_ROOT: &str = "--allow-root";
-const MOUNT_OPTION_ALLOW_OTHER: &str = "--allow-other";
 
 const MAX_WAIT_DURATION: std::time::Duration = std::time::Duration::from_secs(10);
 
@@ -412,9 +410,7 @@ fn run_fail_on_non_fuse_fd() -> Result<(), Box<dyn std::error::Error>> {
 
 #[test_case(&[MOUNT_OPTION_READ_ONLY])]
 #[test_case(&[MOUNT_OPTION_AUTO_UNMOUNT])]
-#[test_case(&[MOUNT_OPTION_ALLOW_ROOT])]
-#[test_case(&[MOUNT_OPTION_ALLOW_OTHER])]
-#[test_case(&[MOUNT_OPTION_READ_ONLY, MOUNT_OPTION_ALLOW_OTHER])]
+#[test_case(&[MOUNT_OPTION_READ_ONLY, MOUNT_OPTION_AUTO_UNMOUNT])]
 fn run_fail_on_non_fuse_fd_if_mount_options_passed(mount_options: &[&str]) -> Result<(), Box<dyn std::error::Error>> {
     let (bucket, prefix) = get_test_bucket_and_prefix("run_fail_on_non_fuse_fd_if_mount_options_passed");
     let region = get_test_region();