allow passing libfuse.dylib path via env variable#98
Conversation
We're using the commercial license, and need to be able to specify the path to the libfuse dylib within the application bundle to support end users who do not have a fuse implementation installed or do not have admin rights to install a fuse implementation.
|
Is there any existing environment variable (or other mechanism) that other FUSE-T apps use for this purpose? |
|
Some further thoughts to support this scenario: If we were willing to take a dependency on CoreFoundation we could try something like (untested, no error checking): char path[PATH_MAX];
bundle = CFBundleGetMainBundle();
allurl = CFBundleCopyPrivateFrameworksURL(bundle);
frmurl = CFURLCreateCopyAppendingPathComponent(0, allurl, CFSTR("fuse-t.framework/fuse-t"), 0);
CFURLGetFileSystemRepresentation(frmurl, 1, path, sizeof path);
CFRelease(frmurl);
CFRelease(allurl);If we wanted to avoid the dependency on CoreFoundation we could use |
|
I'm not familiar with any other fuse-t based applications. My perception is that they would require the user to install fuse-t via its pkg installer, install fuse-t as part of the app installation, or this is a use case that hasn't been attempted before. The fuse-t pkg installer requires admin privileges, because it installs to a system wide path owned by root. That admin requirement is something I need to avoid, so that non-privileged users can use it successfully. Fuse-t implements I'm also not familiar with the Is there a particular concern about the environment variable approach as opposed to something more sophisticated like using the CoreFoundation bundle APIs? (usability, security, discoverability, etc...) The environment variable approach seems the most flexible, and allows for other approaches like the |
|
I should start by saying that I am not intimately familiar with FUSE-T. For this reason some of my questions may show my confusion. I tried to educate myself by reading the source, but it seems that the project is not fully open-source.
This is very useful information. Thank you. Could we use the
In general I am not a big fan of environment variables:
This is a legitimate reason and we should try to support it. I agree that an environment variable may be the easiest fix here. Presumably you are also including the FUSE-T NFS server in your package and that server listens to TCP/UDP ports that are not restricted to root (normally NFS servers use privileged ports). Do I understand correctly? |
| return 0; | ||
|
|
||
| void *h; | ||
| void *h = NULL; |
There was a problem hiding this comment.
For consistency please use:
void *h = 0;| h = dlopen("/usr/local/lib/libfuse.2.dylib", RTLD_NOW); // MacFUSE/OSXFuse >= v4 | ||
| // runtime path for bundled dylib in e.g. Awesome.app/Contents/Frameworks/libfuse.dylib | ||
| const char *dylib_path = getenv("CGOFUSE_LIBFUSE_PATH"); | ||
| if(dylib_path) |
There was a problem hiding this comment.
For consistency please use:
if (0 != dylib_path)
Any confusion is totally reasonable in my opinion. As far as I can tell by reading source and communicating with the maintainer, fuse-t is open source except for the server binary that it mounts. The fuse-t.framework bundles its own fork of libfuse that does argument parsing and boots the file server as part of The framework does include an initializer that seems like it's intended to set the
This might work, but only if the fuse-t framework has been installed via its pkg installer, which requires admin privileges. The two things needed to make fuse-t work with
Heard on both points. In terms of security, I reasoned that we're not passing sensitive data, and if the goal was to alter the environment variable to point to a malicious dylib, at that point it's likely that the bad actor can just overwrite the dylib at the well known path anyway.
That's correct. The build phase of our app copies the libfuse-t.dylib and go-nfsv4 binary into its bundle at build time. When calling |
|
I have merged this in. Thank you for your contribution. |
|
Thanks for your work in maintaining the project. |
2 participants
I'd like to be able to specify the path to the libfuse dylib within the application bundle to support end users who do not have a fuse implementation installed or do not have admin rights to install a fuse implementation.
I was able to demonstrate that this approach works in a .app file on a system with no fuse implementation installed using fuse-t. The application sets the environment variable, and is then able to use a cgofuse implementation to mount a file system via fuse-t.
Please let me know if there are any style or naming issues that you'd like addressed.