diff options
| author | Michael Adam <obnox@samba.org> | 2015-11-18 09:01:30 +0100 |
|---|---|---|
| committer | Raghavendra Talur <rtalur@redhat.com> | 2015-12-16 11:18:43 -0800 |
| commit | 96da2fbc7fa7f9e27c645b98d8b12491be24a4c4 (patch) | |
| tree | d6987fbdd5e33edd62541c40a4a867cb38e5fbd5 | |
| parent | 5f6baf2cb061fd32a35bff2081b8ba966871e39d (diff) | |
fuse: forbid only access to security.selinux xattr if not mounted with 'selinux'
Originally, all selinux.* xattrs were forbidden, causing
for example Samba's acl_xattr module which uses security.NTACL
to fail without the 'selinux' mount option, which is confusing
at least. This change specializes the check to the security.selinux
attribute, so other selinux.* attributes work with or without the option.
> Change-Id: I9d3083123efbf403f20572cfb325a300ce2e90d9
> BUG: 1283103
> Signed-off-by: Michael Adam <obnox@samba.org>
> Reviewed-on: http://review.gluster.org/12826
> Tested-by: Gluster Build System <jenkins@build.gluster.com>
> Tested-by: NetBSD Build System <jenkins@build.gluster.org>
> Reviewed-by: Rajesh Joseph <rjoseph@redhat.com>
> Reviewed-by: Raghavendra G <rgowdapp@redhat.com>
(cherry picked from commit 4fefa3d7dbcdad1e71c74db11113ac1e74b01656)
Change-Id: Ia1ab1ef70b0ce8085afc7f8b09accff2a5966161
BUG: 1283107
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-on: http://review.gluster.org/12953
Tested-by: NetBSD Build System <jenkins@build.gluster.org>
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Raghavendra Talur <rtalur@redhat.com>
| -rw-r--r-- | xlators/mount/fuse/src/fuse-bridge.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/xlators/mount/fuse/src/fuse-bridge.c b/xlators/mount/fuse/src/fuse-bridge.c index 6735ae464c6..6ea794a111d 100644 --- a/xlators/mount/fuse/src/fuse-bridge.c +++ b/xlators/mount/fuse/src/fuse-bridge.c @@ -3166,7 +3166,7 @@ fuse_setxattr (xlator_t *this, fuse_in_header_t *finh, void *msg) } if (!priv->selinux) { - if (strncmp (name, "security.", 9) == 0) { + if (strcmp (name, "security.selinux") == 0) { send_fuse_err (this, finh, EOPNOTSUPP); GF_FREE (finh); return; @@ -3496,7 +3496,7 @@ fuse_getxattr (xlator_t *this, fuse_in_header_t *finh, void *msg) } if (!priv->selinux) { - if (strncmp (name, "security.", 9) == 0) { + if (strcmp (name, "security.selinux") == 0) { op_errno = ENODATA; goto err; } |