feat(tvix/castore/fs): make allow_other configurable

Also add a cli argument to the `tvix-store` binary. Change-Id: Id07d7fedb60d6060543b195f3a810a46137f9ad5 Reviewed-on: https://cl.tvl.fyi/c/depot/+/10945 Tested-by: BuildkiteCI Autosubmit: flokli <flokli@flokli.de> Reviewed-by: tazjin <tazjin@tvl.su>
2024-02-17 13:18:10 +07:00 · 2024-02-17 13:18:10 +07:00 · 34a1ff291a
commit 34a1ff291a
parent 58f474041e
3 changed files with 16 additions and 4 deletions
--- a/tvix/castore/src/fs/fuse.rs
+++ b/tvix/castore/src/fs/fuse.rs
@ -53,7 +53,12 @@ pub struct FuseDaemon {

 impl FuseDaemon {
    #[instrument(skip(fs, mountpoint), fields(mountpoint=?mountpoint), err)]
-    pub fn new<FS, P>(fs: FS, mountpoint: P, threads: usize) -> Result<Self, io::Error>
+    pub fn new<FS, P>(
+        fs: FS,
+        mountpoint: P,
+        threads: usize,
+        allow_other: bool,
+    ) -> Result<Self, io::Error>
    where
        FS: FileSystem + Sync + Send + 'static,
        P: AsRef<Path> + std::fmt::Debug,
@ -64,7 +69,7 @@ impl FuseDaemon {
            .map_err(|e| io::Error::new(io::ErrorKind::Other, e.to_string()))?;

        #[cfg(target_os = "linux")]
-        session.set_allow_other(false);
+        session.set_allow_other(allow_other);
        session
            .mount()
            .map_err(|e| io::Error::new(io::ErrorKind::Other, e.to_string()))?;
--- a/tvix/castore/src/fs/tests.rs
+++ b/tvix/castore/src/fs/tests.rs
@ -51,7 +51,7 @@ where
        Arc::new(root_nodes),
        list_root,
    );
-    FuseDaemon::new(Arc::new(fs), mountpoint.as_ref(), 4)
+    FuseDaemon::new(Arc::new(fs), mountpoint.as_ref(), 4, false)
 }

 async fn populate_blob_a(
--- a/tvix/store/src/bin/tvix-store.rs
+++ b/tvix/store/src/bin/tvix-store.rs
@ -111,6 +111,12 @@ enum Commands {
        #[arg(long, env, default_value_t = default_threads())]
        threads: usize,

+        #[arg(long, env, default_value_t = false)]
+        /// Whether to configure the mountpoint with allow_other.
+        /// Requires /etc/fuse.conf to contain the `user_allow_other`
+        /// option, configured via `programs.fuse.userAllowOther` on NixOS.
+        allow_other: bool,
+
        /// Whether to list elements at the root of the mount point.
        /// This is useful if your PathInfoService doesn't provide an
        /// (exhaustive) listing.
@ -334,6 +340,7 @@ async fn main() -> Result<(), Box<dyn std::error::Error>> {
            path_info_service_addr,
            list_root,
            threads,
+            allow_other,
        } => {
            let (blob_service, directory_service, path_info_service) =
                tvix_store::utils::construct_services(
@ -352,7 +359,7 @@ async fn main() -> Result<(), Box<dyn std::error::Error>> {
                );
                info!(mount_path=?dest, "mounting");

-                FuseDaemon::new(fs, &dest, threads)
+                FuseDaemon::new(fs, &dest, threads, allow_other)
            })
            .await??;