summaryrefslogtreecommitdiffstats
path: root/xlators/mount
diff options
context:
space:
mode:
authorAnand Avati <avati@gluster.com>2011-07-08 03:23:08 +0000
committerAnand Avati <avati@gluster.com>2011-07-08 02:25:59 -0700
commit54aaf46e5b6e95fe9df257728b76f67bdb5dd17c (patch)
treefc402c9a91ff17bbd8bc99a8f83ea2ccadeaa41e /xlators/mount
parent8af1177029b7103ba84bc59eb58d7c5c8635e6cd (diff)
fuse: introduce "noacl" option to disable ACL checks
Signed-off-by: Anand Avati <avati@gluster.com> BUG: 2815 (Server-enforced ACLs) URL: http://bugs.gluster.com/cgi-bin/bugzilla3/show_bug.cgi?id=2815
Diffstat (limited to 'xlators/mount')
-rw-r--r--xlators/mount/fuse/src/fuse-bridge.c56
-rw-r--r--xlators/mount/fuse/src/fuse-bridge.h6
2 files changed, 51 insertions, 11 deletions
diff --git a/xlators/mount/fuse/src/fuse-bridge.c b/xlators/mount/fuse/src/fuse-bridge.c
index 70078286fdd..7a78ef277a7 100644
--- a/xlators/mount/fuse/src/fuse-bridge.c
+++ b/xlators/mount/fuse/src/fuse-bridge.c
@@ -2329,11 +2329,14 @@ fuse_setxattr (xlator_t *this, fuse_in_header_t *finh, void *msg)
struct fuse_setxattr_in *fsi = msg;
char *name = (char *)(fsi + 1);
char *value = name + strlen (name) + 1;
+ struct fuse_private *priv = NULL;
fuse_state_t *state = NULL;
char *dict_value = NULL;
int32_t ret = -1;
+ priv = this->private;
+
#ifdef GF_DARWIN_HOST_OS
if (fsi->position) {
gf_log ("glusterfs-fuse", GF_LOG_WARNING,
@@ -2346,8 +2349,17 @@ fuse_setxattr (xlator_t *this, fuse_in_header_t *finh, void *msg)
}
#endif
-#ifdef DISABLE_POSIX_ACL
- if (!strncmp (name, "system.", 7)) {
+ if (!priv->acl) {
+ if ((strcmp (name, "system.posix_acl_access") == 0) ||
+ (strcmp (name, "system.posix_acl_default") == 0)) {
+ send_fuse_err (this, finh, EOPNOTSUPP);
+ GF_FREE (finh);
+ return;
+ }
+ }
+
+#ifdef DISABLE_SELINUX
+ if (!strncmp (name, "security.", 9)) {
send_fuse_err (this, finh, EOPNOTSUPP);
GF_FREE (finh);
return;
@@ -2540,6 +2552,9 @@ fuse_getxattr (xlator_t *this, fuse_in_header_t *finh, void *msg)
fuse_state_t *state = NULL;
int32_t ret = -1;
+ struct fuse_private *priv = NULL;
+
+ priv = this->private;
#ifdef GF_DARWIN_HOST_OS
if (fgxi->position) {
@@ -2561,8 +2576,17 @@ fuse_getxattr (xlator_t *this, fuse_in_header_t *finh, void *msg)
}
#endif
-#ifdef DISABLE_POSIX_ACL
- if (!strncmp (name, "system.", 7)) {
+ if (!priv->acl) {
+ if ((strcmp (name, "system.posix_acl_access") == 0) ||
+ (strcmp (name, "system.posix_acl_default") == 0)) {
+ send_fuse_err (this, finh, ENOTSUP);
+ GF_FREE (finh);
+ return;
+ }
+ }
+
+#ifdef DISABLE_SELINUX
+ if (!strncmp (name, "security.", 9)) {
send_fuse_err (this, finh, ENODATA);
GF_FREE (finh);
return;
@@ -3589,6 +3613,14 @@ init (xlator_t *this_xl)
GF_ASSERT (ret == 0);
}
+ priv->acl = 0;
+ ret = dict_get_str (options, "acl", &value_string);
+ if (ret == 0) {
+ ret = gf_string2boolean (value_string, &priv->acl);
+ GF_ASSERT (ret == 0);
+ }
+
+
priv->fuse_dump_fd = -1;
ret = dict_get_str (options, "dump-fuse", &value_string);
if (ret == 0) {
@@ -3638,10 +3670,18 @@ init (xlator_t *this_xl)
fsname = "glusterfs";
- priv->fd = gf_fuse_mount (priv->mount_point, fsname,
- "allow_other,default_permissions,"
- "max_read=131072",
- sync_mtab ? &ctx->mtab_pid : NULL);
+ if (priv->acl) {
+ priv->fd = gf_fuse_mount (priv->mount_point, fsname,
+ "allow_other,"
+ "max_read=131072",
+ sync_mtab ? &ctx->mtab_pid : NULL);
+ } else {
+ priv->fd = gf_fuse_mount (priv->mount_point, fsname,
+ "allow_other,default_permissions,"
+ "max_read=131072",
+ sync_mtab ? &ctx->mtab_pid : NULL);
+ }
+
if (priv->fd == -1)
goto cleanup_exit;
diff --git a/xlators/mount/fuse/src/fuse-bridge.h b/xlators/mount/fuse/src/fuse-bridge.h
index b1e7637c1a2..163bc888109 100644
--- a/xlators/mount/fuse/src/fuse-bridge.h
+++ b/xlators/mount/fuse/src/fuse-bridge.h
@@ -55,9 +55,6 @@
#include "list.h"
#include "dict.h"
-/* TODO: when supporting posix acl, remove this definition */
-#define DISABLE_POSIX_ACL
-
#if defined(GF_LINUX_HOST_OS) || defined(__NetBSD__)
#define FUSE_OP_HIGH (FUSE_POLL + 1)
#endif
@@ -68,6 +65,8 @@
#define MAX_FUSE_PROC_DELAY 1
+#define DISABLE_SELINUX 1
+
typedef struct fuse_in_header fuse_in_header_t;
typedef void (fuse_handler_t) (xlator_t *this, fuse_in_header_t *finh,
void *msg);
@@ -107,6 +106,7 @@ struct fuse_private {
pid_t client_pid;
gf_boolean_t client_pid_set;
+ gf_boolean_t acl;
};
typedef struct fuse_private fuse_private_t;