summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPoornima G <pgurusid@redhat.com>2016-03-09 04:05:20 -0500
committerVijay Bellur <vbellur@redhat.com>2016-03-09 19:15:33 -0800
commit9e3a0791c0f1f336e55672b24721154bc862456b (patch)
tree7a1f032d1a8eac6ecafbe2a2391d52349620c4df
parent8fd5a8e7a3cbcc8e98ddb2ec161ef14cd5a671aa (diff)
fuse: Address the review comments in the backport
Backport @ http://review.gluster.org/#/c/13626/3 Fix a typo error, consolidate the selinux and capability check in getxattr and setxattr. Change-Id: I4303de3d4dd00853169b07577311e03cbb912ed7 BUG: 1316327 Signed-off-by: Poornima G <pgurusid@redhat.com> Reviewed-on: http://review.gluster.org/13653 NetBSD-regression: NetBSD Build System <jenkins@build.gluster.org> Tested-by: Vijay Bellur <vbellur@redhat.com> Smoke: Gluster Build System <jenkins@build.gluster.com> CentOS-regression: Gluster Build System <jenkins@build.gluster.com> Reviewed-by: Vijay Bellur <vbellur@redhat.com>
-rw-r--r--doc/mount.glusterfs.83
-rw-r--r--glusterfsd/src/glusterfsd.c4
-rw-r--r--xlators/mount/fuse/src/fuse-bridge.c36
-rw-r--r--xlators/mount/fuse/src/fuse-bridge.h1
-rw-r--r--xlators/mount/fuse/src/fuse-helpers.c26
5 files changed, 42 insertions, 28 deletions
diff --git a/doc/mount.glusterfs.8 b/doc/mount.glusterfs.8
index 8884b48..4cb7772 100644
--- a/doc/mount.glusterfs.8
+++ b/doc/mount.glusterfs.8
@@ -62,6 +62,9 @@ support 64-bit inodes
.TP
\fBmem\-accounting
Enable internal memory accounting
+.TP
+\fBcapability
+Enable file capability setting and retrival
.PP
.SS "Advanced options"
diff --git a/glusterfsd/src/glusterfsd.c b/glusterfsd/src/glusterfsd.c
index 5df33c2..ad18a4f 100644
--- a/glusterfsd/src/glusterfsd.c
+++ b/glusterfsd/src/glusterfsd.c
@@ -150,9 +150,9 @@ static struct argp_option gf_options[] = {
{"acl", ARGP_ACL_KEY, 0, 0,
"Mount the filesystem with POSIX ACL support"},
{"selinux", ARGP_SELINUX_KEY, 0, 0,
- "Enable SELinux label (extened attributes) support on inodes"},
+ "Enable SELinux label (extended attributes) support on inodes"},
{"capability", ARGP_CAPABILITY_KEY, 0, 0,
- "Enable Capability (extened attributes) support on inodes"},
+ "Enable Capability (extended attributes) support on inodes"},
{"print-netgroups", ARGP_PRINT_NETGROUPS, "NETGROUP-FILE", 0,
"Validate the netgroups file and print it out"},
diff --git a/xlators/mount/fuse/src/fuse-bridge.c b/xlators/mount/fuse/src/fuse-bridge.c
index d34e85f..c6c38f3 100644
--- a/xlators/mount/fuse/src/fuse-bridge.c
+++ b/xlators/mount/fuse/src/fuse-bridge.c
@@ -3236,20 +3236,11 @@ fuse_setxattr (xlator_t *this, fuse_in_header_t *finh, void *msg)
}
}
- if (!priv->selinux) {
- if (strcmp (name, "security.selinux") == 0) {
- send_fuse_err (this, finh, EOPNOTSUPP);
- GF_FREE (finh);
- return;
- }
- }
-
- if ((!priv->capability) && (!priv->selinux)) {
- if (strcmp (name, "security.capability") == 0) {
- send_fuse_err (this, finh, EOPNOTSUPP);
- GF_FREE (finh);
- return;
- }
+ ret = fuse_check_selinux_cap_xattr (priv, name);
+ if (ret) {
+ send_fuse_err (this, finh, EOPNOTSUPP);
+ GF_FREE (finh);
+ return;
}
/* Check if the command is for changing the log
@@ -3543,6 +3534,7 @@ fuse_getxattr (xlator_t *this, fuse_in_header_t *finh, void *msg)
int rv = 0;
int op_errno = EINVAL;
char *newkey = NULL;
+ int ret = 0;
priv = this->private;
GET_STATE (this, finh, state);
@@ -3574,18 +3566,10 @@ fuse_getxattr (xlator_t *this, fuse_in_header_t *finh, void *msg)
}
}
- if (!priv->selinux) {
- if (strcmp (name, "security.selinux") == 0) {
- op_errno = ENODATA;
- goto err;
- }
- }
-
- if ((!priv->capability) && (!priv->selinux)) {
- if (strcmp (name, "security.capability") == 0) {
- op_errno = ENODATA;
- goto err;
- }
+ ret = fuse_check_selinux_cap_xattr (priv, name);
+ if (ret) {
+ op_errno = ENODATA;
+ goto err;
}
fuse_resolve_inode_init (state, &state->resolve, finh->nodeid);
diff --git a/xlators/mount/fuse/src/fuse-bridge.h b/xlators/mount/fuse/src/fuse-bridge.h
index 4f031d0..40bd17b 100644
--- a/xlators/mount/fuse/src/fuse-bridge.h
+++ b/xlators/mount/fuse/src/fuse-bridge.h
@@ -424,4 +424,5 @@ int fuse_resolve_fd_init (fuse_state_t *state, fuse_resolve_t *resolve,
int fuse_ignore_xattr_set (fuse_private_t *priv, char *key);
void fuse_fop_resume (fuse_state_t *state);
int dump_history_fuse (circular_buffer_t *cb, void *data);
+int fuse_check_selinux_cap_xattr (fuse_private_t *priv, char *name);
#endif /* _GF_FUSE_BRIDGE_H_ */
diff --git a/xlators/mount/fuse/src/fuse-helpers.c b/xlators/mount/fuse/src/fuse-helpers.c
index 0f8abf0..3ccd46e 100644
--- a/xlators/mount/fuse/src/fuse-helpers.c
+++ b/xlators/mount/fuse/src/fuse-helpers.c
@@ -652,3 +652,29 @@ fuse_ignore_xattr_set (fuse_private_t *priv, char *key)
return ret;
}
+
+int
+fuse_check_selinux_cap_xattr (fuse_private_t *priv, char *name)
+{
+ int ret = -1;
+
+ if (strcmp (name, "security.selinux") &&
+ strcmp (name, "security.capability")) {
+ /* if xattr name is not of interest, no validations needed */
+ ret = 0;
+ goto out;
+ }
+
+ if ((strcmp (name, "security.selinux") == 0) &&
+ (priv->selinux)) {
+ ret = 0;
+ }
+
+ if ((strcmp (name, "security.capability") == 0) &&
+ ((priv->capability) || (priv->selinux))) {
+ ret = 0;
+ }
+
+out:
+ return ret;
+}