diff options
| author | Poornima G <pgurusid@redhat.com> | 2016-02-26 06:42:14 -0500 |
|---|---|---|
| committer | Vijay Bellur <vbellur@redhat.com> | 2016-03-09 19:09:43 -0800 |
| commit | a8a8feb25216db2fa426b09d778f61c0f89d514c (patch) | |
| tree | b8f2ef368c065194f236bb3042b9b269cc5d2584 /tests/bugs | |
| parent | 73f415353b0d70a4e6e4a4cedc05cd9b8418625f (diff) | |
fuse: Add a new mount option capability
Originally all security.* xattrs were forbidden if selinux is disabled,
which was causing Samba's acl_xattr module to not work, as it would
store the NTACL in security.NTACL. To fix this http://review.gluster.org/#/c/12826/
was sent, which forbid only security.selinux. This opened up a getxattr
call on security.capability before every write fop and others.
Capabilities can be used without selinux, hence if selinux is disabled,
security.capability cannot be forbidden. Hence adding a new mount
option called capability.
Only when "--capability" or "--selinux" mount option is used,
security.capability is sent to the brick, else it is forbidden.
Backport of : http://review.gluster.org/#/c/13540/ &
http://review.gluster.org/#/c/13653/
BUG: 1309462
Change-Id: Ib8d4f32d9f1458f4d71a05785f92b526aa7033ff
Signed-off-by: Poornima G <pgurusid@redhat.com>
Reviewed-on: http://review.gluster.org/13626
Tested-by: Vijay Bellur <vbellur@redhat.com>
Smoke: Gluster Build System <jenkins@build.gluster.com>
CentOS-regression: Gluster Build System <jenkins@build.gluster.com>
NetBSD-regression: NetBSD Build System <jenkins@build.gluster.org>
Reviewed-by: Vijay Bellur <vbellur@redhat.com>
Diffstat (limited to 'tests/bugs')
| -rw-r--r-- | tests/bugs/fuse/bug-1309462.t | 49 |
1 files changed, 49 insertions, 0 deletions
diff --git a/tests/bugs/fuse/bug-1309462.t b/tests/bugs/fuse/bug-1309462.t new file mode 100644 index 00000000000..f3b74bd2935 --- /dev/null +++ b/tests/bugs/fuse/bug-1309462.t @@ -0,0 +1,49 @@ +#!/bin/bash +# +# https://bugzilla.redhat.com/show_bug.cgi?id=1309462 +# Test the new fuse mount option --capability. +# Set/get xattr on security.capability should be sent +# down from fuse, only if --selinux or --capability option +# is used for mounting. + +. $(dirname $0)/../../include.rc + +cleanup; + +#Basic checks +TEST glusterd +TEST pidof glusterd + +#Create a distributed volume +TEST $CLI volume create $V0 $H0:$B0/${V0}{1..2}; +TEST $CLI volume start $V0 + +# Mount FUSE without selinux: +TEST glusterfs -s $H0 --volfile-id $V0 $M0 + +TESTFILE="$M0/testfile" +TEST touch ${TESTFILE} + +TEST ! setfattr -n security.capability -v value ${TESTFILE} +TEST ! getfattr -n security.capability ${TESTFILE} + +TEST umount $M0 + +# Mount FUSE with selinux: +TEST glusterfs -s $H0 --volfile-id $V0 --selinux $M0 + +TEST setfattr -n security.capability -v value ${TESTFILE} +TEST getfattr -n security.capability ${TESTFILE} +TEST setfattr -x security.capability ${TESTFILE} + +TEST umount $M0 + +# Mount FUSE with capability: +TEST glusterfs -s $H0 --volfile-id $V0 --capability $M0 + +TEST setfattr -n security.capability -v value ${TESTFILE} +TEST getfattr -n security.capability ${TESTFILE} +TEST setfattr -x security.capability ${TESTFILE} + +TEST umount $M0 + |