summaryrefslogtreecommitdiffstats
path: root/glusterfsd
diff options
context:
space:
mode:
authorPoornima G <pgurusid@redhat.com>2016-02-26 06:42:14 -0500
committerVijay Bellur <vbellur@redhat.com>2016-03-09 19:09:43 -0800
commita8a8feb25216db2fa426b09d778f61c0f89d514c (patch)
treeb8f2ef368c065194f236bb3042b9b269cc5d2584 /glusterfsd
parent73f415353b0d70a4e6e4a4cedc05cd9b8418625f (diff)
fuse: Add a new mount option capability
Originally all security.* xattrs were forbidden if selinux is disabled, which was causing Samba's acl_xattr module to not work, as it would store the NTACL in security.NTACL. To fix this http://review.gluster.org/#/c/12826/ was sent, which forbid only security.selinux. This opened up a getxattr call on security.capability before every write fop and others. Capabilities can be used without selinux, hence if selinux is disabled, security.capability cannot be forbidden. Hence adding a new mount option called capability. Only when "--capability" or "--selinux" mount option is used, security.capability is sent to the brick, else it is forbidden. Backport of : http://review.gluster.org/#/c/13540/ & http://review.gluster.org/#/c/13653/ BUG: 1309462 Change-Id: Ib8d4f32d9f1458f4d71a05785f92b526aa7033ff Signed-off-by: Poornima G <pgurusid@redhat.com> Reviewed-on: http://review.gluster.org/13626 Tested-by: Vijay Bellur <vbellur@redhat.com> Smoke: Gluster Build System <jenkins@build.gluster.com> CentOS-regression: Gluster Build System <jenkins@build.gluster.com> NetBSD-regression: NetBSD Build System <jenkins@build.gluster.org> Reviewed-by: Vijay Bellur <vbellur@redhat.com>
Diffstat (limited to 'glusterfsd')
-rw-r--r--glusterfsd/src/glusterfsd.c17
-rw-r--r--glusterfsd/src/glusterfsd.h1
2 files changed, 17 insertions, 1 deletions
diff --git a/glusterfsd/src/glusterfsd.c b/glusterfsd/src/glusterfsd.c
index e41064a..45dbc26 100644
--- a/glusterfsd/src/glusterfsd.c
+++ b/glusterfsd/src/glusterfsd.c
@@ -155,7 +155,9 @@ static struct argp_option gf_options[] = {
{"acl", ARGP_ACL_KEY, 0, 0,
"Mount the filesystem with POSIX ACL support"},
{"selinux", ARGP_SELINUX_KEY, 0, 0,
- "Enable SELinux label (extened attributes) support on inodes"},
+ "Enable SELinux label (extended attributes) support on inodes"},
+ {"capability", ARGP_CAPABILITY_KEY, 0, 0,
+ "Enable file capability setting and retrival"},
{"print-netgroups", ARGP_PRINT_NETGROUPS, "NETGROUP-FILE", 0,
"Validate the netgroups file and print it out"},
@@ -371,6 +373,15 @@ set_fuse_mount_options (glusterfs_ctx_t *ctx, dict_t *options)
}
}
+ if (cmd_args->capability) {
+ ret = dict_set_static_ptr (options, "capability", "on");
+ if (ret < 0) {
+ gf_msg ("glusterfsd", GF_LOG_ERROR, 0, glusterfsd_msg_4,
+ "capability");
+ goto err;
+ }
+ }
+
if (cmd_args->aux_gfid_mount) {
ret = dict_set_static_ptr (options, "virtual-gfid-access",
"on");
@@ -799,6 +810,10 @@ parse_opts (int key, char *arg, struct argp_state *state)
gf_remember_xlator_option ("*-md-cache.cache-selinux=true");
break;
+ case ARGP_CAPABILITY_KEY:
+ cmd_args->capability = 1;
+ break;
+
case ARGP_AUX_GFID_MOUNT_KEY:
cmd_args->aux_gfid_mount = 1;
break;
diff --git a/glusterfsd/src/glusterfsd.h b/glusterfsd/src/glusterfsd.h
index f5f0e62..bb7966e 100644
--- a/glusterfsd/src/glusterfsd.h
+++ b/glusterfsd/src/glusterfsd.h
@@ -96,6 +96,7 @@ enum argp_option_keys {
ARGP_SECURE_MGMT_KEY = 172,
ARGP_GLOBAL_TIMER_WHEEL = 173,
ARGP_RESOLVE_GIDS_KEY = 174,
+ ARGP_CAPABILITY_KEY = 175,
};
struct _gfd_vol_top_priv_t {