about summary refs log tree commit diff
path: root/tvix
diff options
context:
space:
mode:
authorFlorian Klink <flokli@flokli.de>2024-02-17T06·18+0700
committerclbot <clbot@tvl.fyi>2024-02-17T07·00+0000
commit34a1ff291a0444b3e56f96e6cc72899ab818a2f7 (patch)
tree69b4d43847ca33c8ae0717a058c358a5dd0b18ac /tvix
parent58f474041ec18551b8e77b25f8c92e9347784f76 (diff)
feat(tvix/castore/fs): make allow_other configurable r/7535
Also add a cli argument to the `tvix-store` binary.

Change-Id: Id07d7fedb60d6060543b195f3a810a46137f9ad5
Reviewed-on: https://cl.tvl.fyi/c/depot/+/10945
Tested-by: BuildkiteCI
Autosubmit: flokli <flokli@flokli.de>
Reviewed-by: tazjin <tazjin@tvl.su>
Diffstat (limited to 'tvix')
-rw-r--r--tvix/castore/src/fs/fuse.rs9
-rw-r--r--tvix/castore/src/fs/tests.rs2
-rw-r--r--tvix/store/src/bin/tvix-store.rs9
3 files changed, 16 insertions, 4 deletions
diff --git a/tvix/castore/src/fs/fuse.rs b/tvix/castore/src/fs/fuse.rs
index 1dce43915905..cd50618ff5bc 100644
--- a/tvix/castore/src/fs/fuse.rs
+++ b/tvix/castore/src/fs/fuse.rs
@@ -53,7 +53,12 @@ pub struct FuseDaemon {
 
 impl FuseDaemon {
     #[instrument(skip(fs, mountpoint), fields(mountpoint=?mountpoint), err)]
-    pub fn new<FS, P>(fs: FS, mountpoint: P, threads: usize) -> Result<Self, io::Error>
+    pub fn new<FS, P>(
+        fs: FS,
+        mountpoint: P,
+        threads: usize,
+        allow_other: bool,
+    ) -> Result<Self, io::Error>
     where
         FS: FileSystem + Sync + Send + 'static,
         P: AsRef<Path> + std::fmt::Debug,
@@ -64,7 +69,7 @@ impl FuseDaemon {
             .map_err(|e| io::Error::new(io::ErrorKind::Other, e.to_string()))?;
 
         #[cfg(target_os = "linux")]
-        session.set_allow_other(false);
+        session.set_allow_other(allow_other);
         session
             .mount()
             .map_err(|e| io::Error::new(io::ErrorKind::Other, e.to_string()))?;
diff --git a/tvix/castore/src/fs/tests.rs b/tvix/castore/src/fs/tests.rs
index 2f27c3c1c8e4..924454caa6dd 100644
--- a/tvix/castore/src/fs/tests.rs
+++ b/tvix/castore/src/fs/tests.rs
@@ -51,7 +51,7 @@ where
         Arc::new(root_nodes),
         list_root,
     );
-    FuseDaemon::new(Arc::new(fs), mountpoint.as_ref(), 4)
+    FuseDaemon::new(Arc::new(fs), mountpoint.as_ref(), 4, false)
 }
 
 async fn populate_blob_a(
diff --git a/tvix/store/src/bin/tvix-store.rs b/tvix/store/src/bin/tvix-store.rs
index ecee8d78f3b7..8f023696a4b7 100644
--- a/tvix/store/src/bin/tvix-store.rs
+++ b/tvix/store/src/bin/tvix-store.rs
@@ -111,6 +111,12 @@ enum Commands {
         #[arg(long, env, default_value_t = default_threads())]
         threads: usize,
 
+        #[arg(long, env, default_value_t = false)]
+        /// Whether to configure the mountpoint with allow_other.
+        /// Requires /etc/fuse.conf to contain the `user_allow_other`
+        /// option, configured via `programs.fuse.userAllowOther` on NixOS.
+        allow_other: bool,
+
         /// Whether to list elements at the root of the mount point.
         /// This is useful if your PathInfoService doesn't provide an
         /// (exhaustive) listing.
@@ -334,6 +340,7 @@ async fn main() -> Result<(), Box<dyn std::error::Error>> {
             path_info_service_addr,
             list_root,
             threads,
+            allow_other,
         } => {
             let (blob_service, directory_service, path_info_service) =
                 tvix_store::utils::construct_services(
@@ -352,7 +359,7 @@ async fn main() -> Result<(), Box<dyn std::error::Error>> {
                 );
                 info!(mount_path=?dest, "mounting");
 
-                FuseDaemon::new(fs, &dest, threads)
+                FuseDaemon::new(fs, &dest, threads, allow_other)
             })
             .await??;