diff options
| author | Poornima G <pgurusid@redhat.com> | 2016-02-26 06:42:14 -0500 |
|---|---|---|
| committer | Vijay Bellur <vbellur@redhat.com> | 2016-03-09 19:09:43 -0800 |
| commit | a8a8feb25216db2fa426b09d778f61c0f89d514c (patch) | |
| tree | b8f2ef368c065194f236bb3042b9b269cc5d2584 /glusterfsd | |
| parent | 73f415353b0d70a4e6e4a4cedc05cd9b8418625f (diff) | |
fuse: Add a new mount option capability
Originally all security.* xattrs were forbidden if selinux is disabled,
which was causing Samba's acl_xattr module to not work, as it would
store the NTACL in security.NTACL. To fix this http://review.gluster.org/#/c/12826/
was sent, which forbid only security.selinux. This opened up a getxattr
call on security.capability before every write fop and others.
Capabilities can be used without selinux, hence if selinux is disabled,
security.capability cannot be forbidden. Hence adding a new mount
option called capability.
Only when "--capability" or "--selinux" mount option is used,
security.capability is sent to the brick, else it is forbidden.
Backport of : http://review.gluster.org/#/c/13540/ &
http://review.gluster.org/#/c/13653/
BUG: 1309462
Change-Id: Ib8d4f32d9f1458f4d71a05785f92b526aa7033ff
Signed-off-by: Poornima G <pgurusid@redhat.com>
Reviewed-on: http://review.gluster.org/13626
Tested-by: Vijay Bellur <vbellur@redhat.com>
Smoke: Gluster Build System <jenkins@build.gluster.com>
CentOS-regression: Gluster Build System <jenkins@build.gluster.com>
NetBSD-regression: NetBSD Build System <jenkins@build.gluster.org>
Reviewed-by: Vijay Bellur <vbellur@redhat.com>
Diffstat (limited to 'glusterfsd')
| -rw-r--r-- | glusterfsd/src/glusterfsd.c | 17 | ||||
| -rw-r--r-- | glusterfsd/src/glusterfsd.h | 1 |
2 files changed, 17 insertions, 1 deletions
diff --git a/glusterfsd/src/glusterfsd.c b/glusterfsd/src/glusterfsd.c index e41064a1372..45dbc26801a 100644 --- a/glusterfsd/src/glusterfsd.c +++ b/glusterfsd/src/glusterfsd.c @@ -155,7 +155,9 @@ static struct argp_option gf_options[] = { {"acl", ARGP_ACL_KEY, 0, 0, "Mount the filesystem with POSIX ACL support"}, {"selinux", ARGP_SELINUX_KEY, 0, 0, - "Enable SELinux label (extened attributes) support on inodes"}, + "Enable SELinux label (extended attributes) support on inodes"}, + {"capability", ARGP_CAPABILITY_KEY, 0, 0, + "Enable file capability setting and retrival"}, {"print-netgroups", ARGP_PRINT_NETGROUPS, "NETGROUP-FILE", 0, "Validate the netgroups file and print it out"}, @@ -371,6 +373,15 @@ set_fuse_mount_options (glusterfs_ctx_t *ctx, dict_t *options) } } + if (cmd_args->capability) { + ret = dict_set_static_ptr (options, "capability", "on"); + if (ret < 0) { + gf_msg ("glusterfsd", GF_LOG_ERROR, 0, glusterfsd_msg_4, + "capability"); + goto err; + } + } + if (cmd_args->aux_gfid_mount) { ret = dict_set_static_ptr (options, "virtual-gfid-access", "on"); @@ -799,6 +810,10 @@ parse_opts (int key, char *arg, struct argp_state *state) gf_remember_xlator_option ("*-md-cache.cache-selinux=true"); break; + case ARGP_CAPABILITY_KEY: + cmd_args->capability = 1; + break; + case ARGP_AUX_GFID_MOUNT_KEY: cmd_args->aux_gfid_mount = 1; break; diff --git a/glusterfsd/src/glusterfsd.h b/glusterfsd/src/glusterfsd.h index f5f0e62c51f..bb7966ebd58 100644 --- a/glusterfsd/src/glusterfsd.h +++ b/glusterfsd/src/glusterfsd.h @@ -96,6 +96,7 @@ enum argp_option_keys { ARGP_SECURE_MGMT_KEY = 172, ARGP_GLOBAL_TIMER_WHEEL = 173, ARGP_RESOLVE_GIDS_KEY = 174, + ARGP_CAPABILITY_KEY = 175, }; struct _gfd_vol_top_priv_t { |