summaryrefslogtreecommitdiffstats
path: root/xlators/mount/fuse/src/fuse-bridge.c
diff options
context:
space:
mode:
authorMichael Adam <obnox@samba.org>2015-11-18 09:01:30 +0100
committerRaghavendra G <rgowdapp@redhat.com>2015-12-10 21:34:48 -0800
commit4fefa3d7dbcdad1e71c74db11113ac1e74b01656 (patch)
tree9232c094982d88932910687bf7ae0f5b59e0d6ab /xlators/mount/fuse/src/fuse-bridge.c
parent3a01c1b36724ad4c9148540b56a26b3c1799c583 (diff)
fuse: forbid only access to security.selinux xattr if not mounted with 'selinux'
Originally, all selinux.* xattrs were forbidden, causing for example Samba's acl_xattr module which uses security.NTACL to fail without the 'selinux' mount option, which is confusing at least. This change specializes the check to the security.selinux attribute, so other selinux.* attributes work with or without the option. Change-Id: I9d3083123efbf403f20572cfb325a300ce2e90d9 BUG: 1283103 Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-on: http://review.gluster.org/12826 Tested-by: Gluster Build System <jenkins@build.gluster.com> Tested-by: NetBSD Build System <jenkins@build.gluster.org> Reviewed-by: Rajesh Joseph <rjoseph@redhat.com> Reviewed-by: Raghavendra G <rgowdapp@redhat.com>
Diffstat (limited to 'xlators/mount/fuse/src/fuse-bridge.c')
-rw-r--r--xlators/mount/fuse/src/fuse-bridge.c4
1 files changed, 2 insertions, 2 deletions
diff --git a/xlators/mount/fuse/src/fuse-bridge.c b/xlators/mount/fuse/src/fuse-bridge.c
index dc4b934e97b..fcc77c51be9 100644
--- a/xlators/mount/fuse/src/fuse-bridge.c
+++ b/xlators/mount/fuse/src/fuse-bridge.c
@@ -3169,7 +3169,7 @@ fuse_setxattr (xlator_t *this, fuse_in_header_t *finh, void *msg)
}
if (!priv->selinux) {
- if (strncmp (name, "security.", 9) == 0) {
+ if (strcmp (name, "security.selinux") == 0) {
send_fuse_err (this, finh, EOPNOTSUPP);
GF_FREE (finh);
return;
@@ -3499,7 +3499,7 @@ fuse_getxattr (xlator_t *this, fuse_in_header_t *finh, void *msg)
}
if (!priv->selinux) {
- if (strncmp (name, "security.", 9) == 0) {
+ if (strcmp (name, "security.selinux") == 0) {
op_errno = ENODATA;
goto err;
}