From 84a735558d2682446b2e45d97ff97e698ab2d256 Mon Sep 17 00:00:00 2001 From: Venky Shankar Date: Tue, 17 Jul 2012 22:54:21 +0530 Subject: FUSE: ignore setxattr for some keys from gsyncd aux mount Context ------- gsyncd/geo-rep plans to rely on Rsync to sync extended attributes. When this is in place, all xattrs *visible* on the mount point would be candidate for syncing. This set could include gluster internal xattrs too (as xome xlators do not filter out in their cbks). Syncing these xattrs to the slave could result in unexpected functioning of the slave mount. Soln. ----- For gsyncd auxillary mounts (identified by client_pid -1), we only allow xtime related xattrs to go through and silently ignore (w/o propagating error back to the client) the rest of them. This provides a future proof solution as we need not worry about what xattrs show up on the mounts. Also, 'user' namespace xattrs are always passed through even if it's from a gsyncd aux mount. Signed-off-by: Venky Shankar Change-Id: I6fac5e03d2b25fa4cdece4b2897fb202617b3c23 BUG: 841062 Reviewed-on: http://review.gluster.com/3687 Tested-by: Gluster Build System Reviewed-by: Vijay Bellur --- xlators/mount/fuse/src/fuse-bridge.c | 5 +++++ xlators/mount/fuse/src/fuse-bridge.h | 1 + xlators/mount/fuse/src/fuse-helpers.c | 28 ++++++++++++++++++++++++++++ 3 files changed, 34 insertions(+) (limited to 'xlators/mount/fuse') diff --git a/xlators/mount/fuse/src/fuse-bridge.c b/xlators/mount/fuse/src/fuse-bridge.c index bf86cf73e..b96d60173 100644 --- a/xlators/mount/fuse/src/fuse-bridge.c +++ b/xlators/mount/fuse/src/fuse-bridge.c @@ -2711,6 +2711,11 @@ fuse_setxattr (xlator_t *this, fuse_in_header_t *finh, void *msg) } #endif + if (fuse_ignore_xattr_set (priv, name)) { + (void) send_fuse_err (this, finh, 0); + return; + } + if (!priv->acl) { if ((strcmp (name, "system.posix_acl_access") == 0) || (strcmp (name, "system.posix_acl_default") == 0)) { diff --git a/xlators/mount/fuse/src/fuse-bridge.h b/xlators/mount/fuse/src/fuse-bridge.h index bc35eb061..5ffb285a2 100644 --- a/xlators/mount/fuse/src/fuse-bridge.h +++ b/xlators/mount/fuse/src/fuse-bridge.h @@ -363,4 +363,5 @@ int fuse_resolve_entry_init (fuse_state_t *state, fuse_resolve_t *resolve, ino_t par, char *name); int fuse_resolve_fd_init (fuse_state_t *state, fuse_resolve_t *resolve, fd_t *fd); +int fuse_ignore_xattr_set (fuse_private_t *priv, char *key); #endif /* _GF_FUSE_BRIDGE_H_ */ diff --git a/xlators/mount/fuse/src/fuse-helpers.c b/xlators/mount/fuse/src/fuse-helpers.c index 729c8fb2c..832f57e1c 100644 --- a/xlators/mount/fuse/src/fuse-helpers.c +++ b/xlators/mount/fuse/src/fuse-helpers.c @@ -545,3 +545,31 @@ fuse_flip_xattr_ns (fuse_private_t *priv, char *okey, char **nkey) return ret; } + +int +fuse_ignore_xattr_set (fuse_private_t *priv, char *key) +{ + int ret = 0; + + /* don't mess with user namespace */ + if (fnmatch ("user.*", key, FNM_PERIOD) == 0) + goto out; + + if (priv->client_pid != GF_CLIENT_PID_GSYNCD) + goto out; + + /* trusted NS check */ + if (!((fnmatch (PRIV_XA_NS".glusterfs.*.xtime", key, FNM_PERIOD) == 0) + || (fnmatch (PRIV_XA_NS".glusterfs.volume-mark", + key, FNM_PERIOD) == 0) + || (fnmatch (PRIV_XA_NS".glusterfs.volume-mark.*", + key, FNM_PERIOD) == 0))) + ret = -1; + + out: + gf_log ("glusterfs-fuse", GF_LOG_DEBUG, "%s setxattr: key [%s], " + " client pid [%d]", (ret ? "disallowing" : "allowing"), key, + priv->client_pid); + + return ret; +} -- cgit