summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAnand Avati <avati@gluster.com>2011-07-01 16:54:52 +0000
committerAnand Avati <avati@gluster.com>2011-07-01 15:58:21 -0700
commitd8c7cdc7341a1e1119efc8502b9a5cf90210ddae (patch)
tree55d6d433837fbd1327dc73b06c70603dfa60e004
parent4722d0000a5c6e87728958d7a50416440bc5c064 (diff)
fuse: introduce "noacl" option to disable ACL checks
Signed-off-by: Anand Avati <avati@gluster.com> BUG: 2815 (Server-enforced ACLs) URL: http://bugs.gluster.com/cgi-bin/bugzilla3/show_bug.cgi?id=2815
-rw-r--r--xlators/mount/fuse/src/fuse-bridge.c53
-rw-r--r--xlators/mount/fuse/src/fuse-bridge.h6
2 files changed, 49 insertions, 10 deletions
diff --git a/xlators/mount/fuse/src/fuse-bridge.c b/xlators/mount/fuse/src/fuse-bridge.c
index ec10cc4d6..5a30b8b54 100644
--- a/xlators/mount/fuse/src/fuse-bridge.c
+++ b/xlators/mount/fuse/src/fuse-bridge.c
@@ -2329,11 +2329,14 @@ fuse_setxattr (xlator_t *this, fuse_in_header_t *finh, void *msg)
struct fuse_setxattr_in *fsi = msg;
char *name = (char *)(fsi + 1);
char *value = name + strlen (name) + 1;
+ struct fuse_private *priv = NULL;
fuse_state_t *state = NULL;
char *dict_value = NULL;
int32_t ret = -1;
+ priv = this->private;
+
#ifdef GF_DARWIN_HOST_OS
if (fsi->position) {
gf_log ("glusterfs-fuse", GF_LOG_WARNING,
@@ -2346,8 +2349,17 @@ fuse_setxattr (xlator_t *this, fuse_in_header_t *finh, void *msg)
}
#endif
-#ifdef DISABLE_POSIX_ACL
- if (!strncmp (name, "system.", 7)) {
+ if (!priv->acl) {
+ if ((strcmp (name, "system.posix_acl_access") == 0) ||
+ (strcmp (name, "system.posix_acl_default") == 0)) {
+ send_fuse_err (this, finh, EOPNOTSUPP);
+ GF_FREE (finh);
+ return;
+ }
+ }
+
+#ifdef DISABLE_SELINUX
+ if (!strncmp (name, "security.", 9)) {
send_fuse_err (this, finh, EOPNOTSUPP);
GF_FREE (finh);
return;
@@ -2540,6 +2552,9 @@ fuse_getxattr (xlator_t *this, fuse_in_header_t *finh, void *msg)
fuse_state_t *state = NULL;
int32_t ret = -1;
+ struct fuse_private *priv = NULL;
+
+ priv = this->private;
#ifdef GF_DARWIN_HOST_OS
if (fgxi->position) {
@@ -2561,8 +2576,17 @@ fuse_getxattr (xlator_t *this, fuse_in_header_t *finh, void *msg)
}
#endif
-#ifdef DISABLE_POSIX_ACL
- if (!strncmp (name, "system.", 7)) {
+ if (!priv->acl) {
+ if ((strcmp (name, "system.posix_acl_access") == 0) ||
+ (strcmp (name, "system.posix_acl_default") == 0)) {
+ send_fuse_err (this, finh, ENOTSUP);
+ GF_FREE (finh);
+ return;
+ }
+ }
+
+#ifdef DISABLE_SELINUX
+ if (!strncmp (name, "security.", 9)) {
send_fuse_err (this, finh, ENODATA);
GF_FREE (finh);
return;
@@ -3583,6 +3607,14 @@ init (xlator_t *this_xl)
GF_ASSERT (ret == 0);
}
+ priv->acl = 0;
+ ret = dict_get_str (options, "acl", &value_string);
+ if (ret == 0) {
+ ret = gf_string2boolean (value_string, &priv->acl);
+ GF_ASSERT (ret == 0);
+ }
+
+
priv->fuse_dump_fd = -1;
ret = dict_get_str (options, "dump-fuse", &value_string);
if (ret == 0) {
@@ -3624,9 +3656,16 @@ init (xlator_t *this_xl)
fsname = "glusterfs";
- priv->fd = gf_fuse_mount (priv->mount_point, fsname,
- "allow_other,default_permissions,"
- "max_read=131072");
+ if (priv->acl) {
+ priv->fd = gf_fuse_mount (priv->mount_point, fsname,
+ "allow_other,"
+ "max_read=131072");
+ } else {
+ priv->fd = gf_fuse_mount (priv->mount_point, fsname,
+ "allow_other,default_permissions,"
+ "max_read=131072");
+ }
+
if (priv->fd == -1)
goto cleanup_exit;
diff --git a/xlators/mount/fuse/src/fuse-bridge.h b/xlators/mount/fuse/src/fuse-bridge.h
index 85acab777..e13845575 100644
--- a/xlators/mount/fuse/src/fuse-bridge.h
+++ b/xlators/mount/fuse/src/fuse-bridge.h
@@ -55,9 +55,6 @@
#include "list.h"
#include "dict.h"
-/* TODO: when supporting posix acl, remove this definition */
-#define DISABLE_POSIX_ACL
-
#ifdef GF_LINUX_HOST_OS
#define FUSE_OP_HIGH (FUSE_POLL + 1)
#endif
@@ -68,6 +65,8 @@
#define MAX_FUSE_PROC_DELAY 1
+#define DISABLE_SELINUX 1
+
typedef struct fuse_in_header fuse_in_header_t;
typedef void (fuse_handler_t) (xlator_t *this, fuse_in_header_t *finh,
void *msg);
@@ -107,6 +106,7 @@ struct fuse_private {
pid_t client_pid;
gf_boolean_t client_pid_set;
+ gf_boolean_t acl;
};
typedef struct fuse_private fuse_private_t;