main/fuse: fix user mounting under grsec kernel

If the user is was not in readproc group, realpath() would fail
causing fusermount to fail. The privilege drop for realpath() is
unnecessary as the real access checks are done in other places.

2 files changed, 33 insertions, 1 deletions

diff --git a/main/fuse/APKBUILD b/main/fuse/APKBUILD
index 884ab5f5f1b..eadcabf2eab 100644
--- a/main/fuse/APKBUILD
+++ b/main/fuse/APKBUILD
@@ -1,7 +1,7 @@
 # Maintainer: Natanael Copa <ncopa@alpinelinux.org>
 pkgname=fuse
 pkgver=2.9.3
-pkgrel=1
+pkgrel=2
 pkgdesc="A library that makes it possible to implement a filesystem in a userspace program."
 url="http://fuse.sourceforge.net/"
 arch="all"
@@ -12,6 +12,7 @@ install=
 subpackages="$pkgname-dev"
 source="http://downloads.sourceforge.net/$pkgname/$pkgname-$pkgver.tar.gz
 	fix-includes.patch
+	fix-realpath.patch
 	fuse.initd"
 options="suid"
 
@@ -70,10 +71,13 @@ _EOF_
 
 md5sums="33cae22ca50311446400daf8a6255c6a  fuse-2.9.3.tar.gz
 c08ad52ccd6ff8cc7c8ebf73c5d588ea  fix-includes.patch
+790b837275346e77d5f88a4778062ab7  fix-realpath.patch
 5983726cfabf0830dffbbbf9a3abcddc  fuse.initd"
 sha256sums="0beb83eaf2c5e50730fc553406ef124d77bc02c64854631bdfc86bfd6437391c  fuse-2.9.3.tar.gz
 72cf0964e5713f363d9dc0f9881512cdbdd05a5866ac95f1ea9df6305a189459  fix-includes.patch
+9031e6df6e0b3e46c7e0117bba6e2eeb879de8d742dc54f592a16033d4dda89b  fix-realpath.patch
 22a22c914d2a4f0fb5fc8495f4b7efcd1819efde548c9033ca612c181cd29eda  fuse.initd"
 sha512sums="03f43f88694ec7e039ff3579a8e76349b5a5a05872c55901fc1d9ee53dbb6b1e69f6dd0005b620f3b5ead0b14da8eeb31d46b922d10f88f4e3f830aa47e8162c  fuse-2.9.3.tar.gz
 147edb099e9dc5dad806882393b9a59feac0d22105764c87f7674b5f8b5242517034ca20ce36c931c5dd6ab18864f5aa267d1e1cd0adb81518f479de3c392d80  fix-includes.patch
+5672ceb35acabb4bd97b6efc30614f22def62882fe198e2a8598a074d45b6b5337c082a5e09b5e399b6e5212dc1fbde9071c2a5051534c32091444c350b9c657  fix-realpath.patch
 3d2765114081c8f6720ed25d7b7da4f6da5fbbb5b35760bb0a760f0bf2482abacabec63c1488d4e8cbe4f78875574607e6e46508dfe22df0869f4d2e1e91e607  fuse.initd"
diff --git a/main/fuse/fix-realpath.patch b/main/fuse/fix-realpath.patch
new file mode 100644
index 00000000000..1199eb338df
--- /dev/null
+++ b/main/fuse/fix-realpath.patch
@@ -0,0 +1,28 @@
+--- fuse-2.9.3.orig/util/fusermount.c	2015-02-07 08:58:54.000000000 -0200
++++ fuse-2.9.3/util/fusermount.c	2015-02-09 09:15:16.737367957 -0200
+@@ -1255,19 +1255,16 @@
+ 
+ 	origmnt = argv[optind];
+ 
+-	drop_privs();
+ 	mnt = fuse_mnt_resolve_path(progname, origmnt);
+-	if (mnt != NULL) {
+-		res = chdir("/");
+-		if (res == -1) {
+-			fprintf(stderr, "%s: failed to chdir to '/'\n", progname);
+-			exit(1);
+-		}
+-	}
+-	restore_privs();
+ 	if (mnt == NULL)
+ 		exit(1);
+ 
++	res = chdir("/");
++	if (res == -1) {
++		fprintf(stderr, "%s: failed to chdir to '/'\n", progname);
++		exit(1);
++	}
++
+ 	umask(033);
+ 	if (unmount)
+ 		goto do_unmount;