From 7967e3e5cfd330190c2bcc45d3a111a1d563a7a0 Mon Sep 17 00:00:00 2001 From: Vijay Bellur Date: Tue, 30 Apr 2013 00:20:33 +0530 Subject: cluster/afr: Avoid self-healing extended attribute used by SELinux. Since removexattr() fails to remove "security.selinux" in a system where SELinux is enforcing, xattr self-healing fails. As a consequence of this, user extended attributes are not being healed. Added a check in afr to prune SELinux xattr from the dictionary used for removing xattrs from the sink. Minor changes in tests and md-cache as well. Signed-off-by: Vijay Bellur Change-Id: I854bfc0098dde812ce2afe64b125ee40c04bdeb1 BUG: 957877 Reviewed-on: http://review.gluster.org/4905 Reviewed-by: Venky Shankar Tested-by: Gluster Build System Reviewed-by: Anand Avati --- libglusterfs/src/common-utils.h | 2 ++ tests/afr.rc | 15 ++++++++++++ tests/bugs/bug-874498.t | 22 +++++------------ tests/bugs/bug-957877.t | 31 ++++++++++++++++++++++++ xlators/cluster/afr/src/afr-self-heal-metadata.c | 8 ++++++ xlators/performance/md-cache/src/md-cache.c | 2 +- 6 files changed, 63 insertions(+), 17 deletions(-) create mode 100644 tests/afr.rc create mode 100644 tests/bugs/bug-957877.t diff --git a/libglusterfs/src/common-utils.h b/libglusterfs/src/common-utils.h index f20833598..e1193031c 100644 --- a/libglusterfs/src/common-utils.h +++ b/libglusterfs/src/common-utils.h @@ -65,6 +65,8 @@ void trap (void); #define GEOREP "geo-replication" #define GHADOOP "glusterfs-hadoop" +#define GF_SELINUX_XATTR_KEY "security.selinux" + #define WIPE(statp) do { typeof(*statp) z = {0,}; if (statp) *statp = z; } while (0) #define IS_EXT_FS(fs_name) \ diff --git a/tests/afr.rc b/tests/afr.rc new file mode 100644 index 000000000..60ea1b7f1 --- /dev/null +++ b/tests/afr.rc @@ -0,0 +1,15 @@ +#!/bin/bash + +#count the number of entries marked for self-heal +#in brick $1's index + +function count_sh_entries() +{ + val1=0 + for g in `ls $1/.glusterfs/indices/xattrop` + do + val1=$(( val1 + 1 )) + done + + echo $val1; +} diff --git a/tests/bugs/bug-874498.t b/tests/bugs/bug-874498.t index a4121777d..0b5991011 100644 --- a/tests/bugs/bug-874498.t +++ b/tests/bugs/bug-874498.t @@ -1,5 +1,7 @@ #!/bin/bash . $(dirname $0)/../include.rc +. $(dirname $0)/../afr.rc + cleanup; TEST glusterd @@ -13,11 +15,11 @@ TEST glusterfs --volfile-server=$H0 --volfile-id=$V0 $M0; B0_hiphenated=`echo $B0 | tr '/' '-'` kill -9 `cat /var/lib/glusterd/vols/$V0/run/$H0$B0_hiphenated-brick1.pid` ; - echo "GLUSTER FILE SYSTEM" > $M0/FILE1 echo "GLUSTER FILE SYSTEM" > $M0/FILE2 -FILEN=$B0"/brick2/.glusterfs/indices/xattrop/" +FILEN=$B0"/brick2" +XATTROP=$FILEN/.glusterfs/indices/xattrop function get_gfid() { @@ -34,7 +36,7 @@ GFID_FILE2=`get_gfid $B0/brick2/FILE2` count=0 -for i in `ls $FILEN` +for i in `ls $XATTROP` do if [ "$i" == "$GFID_ROOT" ] || [ "$i" == "$GFID_FILE1" ] || [ "$i" == "$GFID_FILE2" ] then @@ -45,25 +47,13 @@ done EXPECT "3" echo $count -function count_entries() -{ - val1=0 -##count the number of entries after self heal - for g in `ls $1` - do - val1=$(( val1 + 1 )) - done - - echo $val1; -} - TEST $CLI volume start $V0 force sleep 5 TEST $CLI volume heal $V0 ##Expected number of entries are 0 in the .glusterfs/indices/xattrop directory -EXPECT_WITHIN 60 '0' count_entries $FILEN; +EXPECT_WITHIN 60 '0' count_sh_entries $FILEN; TEST $CLI volume stop $V0; TEST $CLI volume delete $V0; diff --git a/tests/bugs/bug-957877.t b/tests/bugs/bug-957877.t new file mode 100644 index 000000000..23aefea25 --- /dev/null +++ b/tests/bugs/bug-957877.t @@ -0,0 +1,31 @@ +#!/bin/bash +. $(dirname $0)/../include.rc +. $(dirname $0)/../volume.rc +. $(dirname $0)/../afr.rc +cleanup; + +TEST glusterd +TEST pidof glusterd +TEST $CLI volume create $V0 replica 2 $H0:$B0/${V0}{0,1} +TEST $CLI volume start $V0; + +TEST glusterfs --volfile-server=$H0 --volfile-id=$V0 $M0; +kill_brick $V0 $H0 $B0/${V0}0 +TEST touch $M0/f1 +TEST setfattr -n "user.foo" -v "test" $M0/f1 + +BRICK=$B0"/${V0}1" + +TEST $CLI volume start $V0 force +sleep 5 +TEST $CLI volume heal $V0 + +# Wait for self-heal to complete +EXPECT_WITHIN 30 '0' count_sh_entries $BRICK; + +TEST getfattr -n "user.foo" $B0/${V0}0/f1; + +TEST $CLI volume stop $V0; +TEST $CLI volume delete $V0; + +cleanup; diff --git a/xlators/cluster/afr/src/afr-self-heal-metadata.c b/xlators/cluster/afr/src/afr-self-heal-metadata.c index c6a183b1a..cc85d9b9f 100644 --- a/xlators/cluster/afr/src/afr-self-heal-metadata.c +++ b/xlators/cluster/afr/src/afr-self-heal-metadata.c @@ -242,6 +242,12 @@ afr_sh_removexattr_cbk (call_frame_t *frame, void *cookie, xlator_t *this, return 0; } +inline void +afr_prune_special_keys (dict_t *xattr_dict) +{ + dict_del (xattr_dict, GF_SELINUX_XATTR_KEY); +} + inline void afr_prune_pending_keys (dict_t *xattr_dict, afr_private_t *priv) { @@ -272,6 +278,8 @@ afr_sh_getxattr_cbk (call_frame_t *frame, void *cookie, xlator_t *this, afr_prune_pending_keys (xattr, priv); + afr_prune_special_keys (xattr); + i = (long) cookie; /* send removexattr in bulk via xdata */ diff --git a/xlators/performance/md-cache/src/md-cache.c b/xlators/performance/md-cache/src/md-cache.c index 0c5ca87d2..ffb933118 100644 --- a/xlators/performance/md-cache/src/md-cache.c +++ b/xlators/performance/md-cache/src/md-cache.c @@ -52,7 +52,7 @@ static struct mdc_key { .check = 1, }, { - .name = "security.selinux", + .name = GF_SELINUX_XATTR_KEY, .load = 0, .check = 1, }, -- cgit