diff options
| author | Venky Shankar <vshankar@redhat.com> | 2012-07-17 22:54:21 +0530 |
|---|---|---|
| committer | Vijay Bellur <vbellur@redhat.com> | 2012-07-19 02:23:57 -0700 |
| commit | 84a735558d2682446b2e45d97ff97e698ab2d256 (patch) | |
| tree | 90733b6d292a81b3340e758187f1055d67472a4d /xlators/mount/fuse/src/fuse-helpers.c | |
| parent | 20fedc3232e876917f963b28a4f4b3bf469b2e6f (diff) | |
FUSE: ignore setxattr for some keys from gsyncd aux mount
Context
-------
gsyncd/geo-rep plans to rely on Rsync to sync extended attributes.
When this is in place, all xattrs *visible* on the mount point would
be candidate for syncing. This set could include gluster internal
xattrs too (as xome xlators do not filter out in their cbks). Syncing
these xattrs to the slave could result in unexpected functioning of
the slave mount.
Soln.
-----
For gsyncd auxillary mounts (identified by client_pid -1), we only
allow xtime related xattrs to go through and silently ignore (w/o
propagating error back to the client) the rest of them. This provides
a future proof solution as we need not worry about what xattrs show
up on the mounts. Also, 'user' namespace xattrs are always passed
through even if it's from a gsyncd aux mount.
Signed-off-by: Venky Shankar <vshankar@redhat.com>
Change-Id: I6fac5e03d2b25fa4cdece4b2897fb202617b3c23
BUG: 841062
Reviewed-on: http://review.gluster.com/3687
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Vijay Bellur <vbellur@redhat.com>
Diffstat (limited to 'xlators/mount/fuse/src/fuse-helpers.c')
| -rw-r--r-- | xlators/mount/fuse/src/fuse-helpers.c | 28 |
1 files changed, 28 insertions, 0 deletions
diff --git a/xlators/mount/fuse/src/fuse-helpers.c b/xlators/mount/fuse/src/fuse-helpers.c index 729c8fb2cd4..832f57e1cdb 100644 --- a/xlators/mount/fuse/src/fuse-helpers.c +++ b/xlators/mount/fuse/src/fuse-helpers.c @@ -545,3 +545,31 @@ fuse_flip_xattr_ns (fuse_private_t *priv, char *okey, char **nkey) return ret; } + +int +fuse_ignore_xattr_set (fuse_private_t *priv, char *key) +{ + int ret = 0; + + /* don't mess with user namespace */ + if (fnmatch ("user.*", key, FNM_PERIOD) == 0) + goto out; + + if (priv->client_pid != GF_CLIENT_PID_GSYNCD) + goto out; + + /* trusted NS check */ + if (!((fnmatch (PRIV_XA_NS".glusterfs.*.xtime", key, FNM_PERIOD) == 0) + || (fnmatch (PRIV_XA_NS".glusterfs.volume-mark", + key, FNM_PERIOD) == 0) + || (fnmatch (PRIV_XA_NS".glusterfs.volume-mark.*", + key, FNM_PERIOD) == 0))) + ret = -1; + + out: + gf_log ("glusterfs-fuse", GF_LOG_DEBUG, "%s setxattr: key [%s], " + " client pid [%d]", (ret ? "disallowing" : "allowing"), key, + priv->client_pid); + + return ret; +} |