fuse: Address the review comments in the backport

Backport @ http://review.gluster.org/#/c/13626/3

Fix a typo error, consolidate the selinux and capability
check in getxattr and setxattr.

Change-Id: I4303de3d4dd00853169b07577311e03cbb912ed7
BUG: 1316327
Signed-off-by: Poornima G <pgurusid@redhat.com>
Reviewed-on: http://review.gluster.org/13653
NetBSD-regression: NetBSD Build System <jenkins@build.gluster.org>
Tested-by: Vijay Bellur <vbellur@redhat.com>
Smoke: Gluster Build System <jenkins@build.gluster.com>
CentOS-regression: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Vijay Bellur <vbellur@redhat.com>

5 files changed, 42 insertions, 28 deletions

diff --git a/doc/mount.glusterfs.8 b/doc/mount.glusterfs.8
index 8884b483a48..4cb7772971d 100644
--- a/doc/mount.glusterfs.8
+++ b/doc/mount.glusterfs.8
@@ -62,6 +62,9 @@ support 64-bit inodes
 .TP
 \fBmem\-accounting
 Enable internal memory accounting
+.TP
+\fBcapability
+Enable file capability setting and retrival
 
 .PP
 .SS "Advanced options"
diff --git a/glusterfsd/src/glusterfsd.c b/glusterfsd/src/glusterfsd.c
index 5df33c2476e..ad18a4ffda7 100644
--- a/glusterfsd/src/glusterfsd.c
+++ b/glusterfsd/src/glusterfsd.c
@@ -150,9 +150,9 @@ static struct argp_option gf_options[] = {
         {"acl", ARGP_ACL_KEY, 0, 0,
          "Mount the filesystem with POSIX ACL support"},
         {"selinux", ARGP_SELINUX_KEY, 0, 0,
-         "Enable SELinux label (extened attributes) support on inodes"},
+         "Enable SELinux label (extended attributes) support on inodes"},
         {"capability", ARGP_CAPABILITY_KEY, 0, 0,
-         "Enable Capability (extened attributes) support on inodes"},
+         "Enable Capability (extended attributes) support on inodes"},
 
         {"print-netgroups", ARGP_PRINT_NETGROUPS, "NETGROUP-FILE", 0,
          "Validate the netgroups file and print it out"},
diff --git a/xlators/mount/fuse/src/fuse-bridge.c b/xlators/mount/fuse/src/fuse-bridge.c
index d34e85fb2fd..c6c38f3145b 100644
--- a/xlators/mount/fuse/src/fuse-bridge.c
+++ b/xlators/mount/fuse/src/fuse-bridge.c
@@ -3236,20 +3236,11 @@ fuse_setxattr (xlator_t *this, fuse_in_header_t *finh, void *msg)
                 }
         }
 
-        if (!priv->selinux) {
-                if (strcmp (name, "security.selinux") == 0) {
-                        send_fuse_err (this, finh, EOPNOTSUPP);
-                        GF_FREE (finh);
-                        return;
-                }
-        }
-
-        if ((!priv->capability) && (!priv->selinux)) {
-                if (strcmp (name, "security.capability") == 0) {
-                        send_fuse_err (this, finh, EOPNOTSUPP);
-                        GF_FREE (finh);
-                        return;
-                }
+        ret = fuse_check_selinux_cap_xattr (priv, name);
+        if (ret) {
+                send_fuse_err (this, finh, EOPNOTSUPP);
+                GF_FREE (finh);
+                return;
         }
 
         /* Check if the command is for changing the log
@@ -3543,6 +3534,7 @@ fuse_getxattr (xlator_t *this, fuse_in_header_t *finh, void *msg)
         int                      rv       = 0;
         int                     op_errno  = EINVAL;
         char                    *newkey   = NULL;
+        int                      ret      = 0;
 
         priv = this->private;
         GET_STATE (this, finh, state);
@@ -3574,18 +3566,10 @@ fuse_getxattr (xlator_t *this, fuse_in_header_t *finh, void *msg)
                 }
         }
 
-        if (!priv->selinux) {
-                if (strcmp (name, "security.selinux") == 0) {
-                        op_errno = ENODATA;
-                        goto err;
-                }
-        }
-
-        if ((!priv->capability) && (!priv->selinux)) {
-                if (strcmp (name, "security.capability") == 0) {
-                        op_errno = ENODATA;
-                        goto err;
-                }
+        ret = fuse_check_selinux_cap_xattr (priv, name);
+        if (ret) {
+                op_errno = ENODATA;
+                goto err;
         }
 
         fuse_resolve_inode_init (state, &state->resolve, finh->nodeid);
diff --git a/xlators/mount/fuse/src/fuse-bridge.h b/xlators/mount/fuse/src/fuse-bridge.h
index 4f031d03581..40bd17ba6e6 100644
--- a/xlators/mount/fuse/src/fuse-bridge.h
+++ b/xlators/mount/fuse/src/fuse-bridge.h
@@ -424,4 +424,5 @@ int fuse_resolve_fd_init (fuse_state_t *state, fuse_resolve_t *resolve,
 int fuse_ignore_xattr_set (fuse_private_t *priv, char *key);
 void fuse_fop_resume (fuse_state_t *state);
 int dump_history_fuse (circular_buffer_t *cb, void *data);
+int fuse_check_selinux_cap_xattr (fuse_private_t *priv, char *name);
 #endif /* _GF_FUSE_BRIDGE_H_ */
diff --git a/xlators/mount/fuse/src/fuse-helpers.c b/xlators/mount/fuse/src/fuse-helpers.c
index 0f8abf03d32..3ccd46efaeb 100644
--- a/xlators/mount/fuse/src/fuse-helpers.c
+++ b/xlators/mount/fuse/src/fuse-helpers.c
@@ -652,3 +652,29 @@ fuse_ignore_xattr_set (fuse_private_t *priv, char *key)
 
         return ret;
 }
+
+int
+fuse_check_selinux_cap_xattr (fuse_private_t *priv, char *name)
+{
+        int ret = -1;
+
+        if (strcmp (name, "security.selinux") &&
+                        strcmp (name, "security.capability")) {
+                /* if xattr name is not of interest, no validations needed */
+                ret = 0;
+                goto out;
+        }
+
+        if ((strcmp (name, "security.selinux") == 0) &&
+            (priv->selinux)) {
+                ret = 0;
+        }
+
+        if ((strcmp (name, "security.capability") == 0) &&
+            ((priv->capability) || (priv->selinux))) {
+                ret = 0;
+        }
+
+out:
+        return ret;
+}