TL;DR

Attempting to format a block device on my FUSE filesystem fails with EPERM at the open syscall. Permissions are set to 0o777, the necessary ioctls are stubbed but no logs are printed from within the FUSE handler.

Background

Hi everyone. I'm writing a program to create virtual disk images. One of my criteria is that it must be able to run with zero superuser access, meaning I can't mount loopback devices, change owners of files or even edit /etc/fuse.conf. For this reason, my approach ends up being fairly longwinded. Specifically, in order to format the various partitions on the disk, I would like to be able to use system tools because that gives me a far greater range of possible filesystems. This involves exposing the various partitions on the VDisk as block devices to the system. However all the possible methods I've found have required either nbds or loopback devices. Both of which require superuser access.

Implementing FUSE myself

However implementing block devices in FUSE is not only possible but supported. Unfortunately, I wasn't able to find much documentation on the matter and since I'm doing all this in Rust, the documentation world for this is even more scarce.

I've implemented the following FUSE methods:

• init
• lookup
• getattr
• open
• read
• write
• readdir
• ioctl
  • BLKGETSIZE
  • BLKFLSBUF
  • BLKSSZGET

I can list the contents of the filesystem and get directory/file information. I'm deliberately ignoring methods which create or modify resources as this is done through the build process.

The error

As mentioned, I get permission denied (EPERM) error. straceing the mkfs call shows that it's the open call to the block device that fails on the kernel side. Full strace result.

execve("/usr/sbin/mkfs.fat", ["mkfs.fat", "out/partitions/EFI"], 0x7ffd42f64ab8 /* 76 vars */) = 0    --- snip ---openat(AT_FDCWD, "out/partitions/EFI", O_RDWR|O_EXCL) = -1 EACCES (Permission denied)write(2, "mkfs.fat: unable to open out/par"..., 63mkfs.fat: unable to open out/partitions/EFI: Permission denied) = 63exit_group(1)                           = ?

For clarity, my directory structure looks like this:

out├── minimal.qcow2 [raw disk image] (shadows minimal.qcow2 [qcow2 file] with qemu-storage-daemon)├── partitions│  ├── EFI [Block device]│  └── System [Block device]└── qemu-monitor.sock [UNIX domain socket]

Of course there are logging functions tracing every method. I do see logs when listing out the partitions, but not when formatting.

As I mentioned, I've found very little documentation on what could actually be causing this error. Hence I'm grateful to all input regarding this error.

Cheers