diff --git a/src/Core/Unix/CoreUnix.cpp b/src/Core/Unix/CoreUnix.cpp index 2851fde1..e327a6aa 100644 --- a/src/Core/Unix/CoreUnix.cpp +++ b/src/Core/Unix/CoreUnix.cpp @@ -342,11 +342,10 @@ namespace VeraCrypt continue; shared_ptr mountedVol; - // Introduce a retry mechanism with a timeout for control file access - // This workaround is limited to FUSE-T mounted volume under macOS for - // which md.Device starts with "fuse-t:" + // Introduce a retry mechanism with a timeout for control file access. + // The list is already filtered to VeraCrypt auxiliary mounts; in + // FUSE-T builds, the mount table device name varies by backend. #ifdef VC_MACOSX_FUSET - bool isFuseT = wstring(mf.Device).find(L"fuse-t:") == 0; int controlFileRetries = 10; // 10 retries with 500ms sleep each, total 5 seconds while (!mountedVol && (controlFileRetries-- > 0)) #endif @@ -366,7 +365,7 @@ namespace VeraCrypt // serialization is not ready yet and we need to wait before retrying // this happens when FUSE-T is used under macOS and if it is the first time // the volume is mounted - if (isFuseT && string (e.what()).find ("VeraCrypt::Serializer::ValidateName") != string::npos) + if (string (e.what()).find ("VeraCrypt::Serializer::ValidateName") != string::npos) { Thread::Sleep(500); // Wait before retrying } diff --git a/src/Driver/Fuse/FuseService.cpp b/src/Driver/Fuse/FuseService.cpp index ca1835eb..61bbe2d5 100644 --- a/src/Driver/Fuse/FuseService.cpp +++ b/src/Driver/Fuse/FuseService.cpp @@ -533,6 +533,17 @@ namespace VeraCrypt args.push_back ("-o"); args.push_back ("nobrowse"); +#ifdef VC_MACOSX_FUSET + // Use FUSE-T's SMB backend for the auxiliary mount. The default NFS + // backend can be affected by macOS Network Volumes privacy state. + args.push_back ("-o"); + args.push_back ("backend=smb"); + args.push_back ("-o"); + args.push_back ("nonamedattr"); + args.push_back ("-o"); + args.push_back ("rwsize=262144"); +#endif + if (getuid() == 0 || geteuid() == 0) #endif {