diff options
| -rw-r--r-- | xlators/mount/fuse/src/fuse-bridge.c | 5 | ||||
| -rw-r--r-- | xlators/mount/fuse/src/fuse-bridge.h | 1 | ||||
| -rw-r--r-- | xlators/mount/fuse/src/fuse-helpers.c | 28 |
3 files changed, 34 insertions, 0 deletions
diff --git a/xlators/mount/fuse/src/fuse-bridge.c b/xlators/mount/fuse/src/fuse-bridge.c index fa728604daf..6236fe7d362 100644 --- a/xlators/mount/fuse/src/fuse-bridge.c +++ b/xlators/mount/fuse/src/fuse-bridge.c @@ -2632,6 +2632,11 @@ fuse_setxattr (xlator_t *this, fuse_in_header_t *finh, void *msg) } #endif + if (fuse_ignore_xattr_set (priv, name)) { + (void) send_fuse_err (this, finh, 0); + return; + } + if (!priv->acl) { if ((strcmp (name, "system.posix_acl_access") == 0) || (strcmp (name, "system.posix_acl_default") == 0)) { diff --git a/xlators/mount/fuse/src/fuse-bridge.h b/xlators/mount/fuse/src/fuse-bridge.h index eb43e6686eb..c919cf2df4b 100644 --- a/xlators/mount/fuse/src/fuse-bridge.h +++ b/xlators/mount/fuse/src/fuse-bridge.h @@ -359,4 +359,5 @@ int fuse_resolve_entry_init (fuse_state_t *state, fuse_resolve_t *resolve, ino_t par, char *name); int fuse_resolve_fd_init (fuse_state_t *state, fuse_resolve_t *resolve, fd_t *fd); +int fuse_ignore_xattr_set (fuse_private_t *priv, char *key); #endif /* _GF_FUSE_BRIDGE_H_ */ diff --git a/xlators/mount/fuse/src/fuse-helpers.c b/xlators/mount/fuse/src/fuse-helpers.c index feec2399828..5fe24e17c1c 100644 --- a/xlators/mount/fuse/src/fuse-helpers.c +++ b/xlators/mount/fuse/src/fuse-helpers.c @@ -508,3 +508,31 @@ fuse_flip_xattr_ns (fuse_private_t *priv, char *okey, char **nkey) return ret; } + +int +fuse_ignore_xattr_set (fuse_private_t *priv, char *key) +{ + int ret = 0; + + /* don't mess with user namespace */ + if (fnmatch ("user.*", key, FNM_PERIOD) == 0) + goto out; + + if (priv->client_pid != GF_CLIENT_PID_GSYNCD) + goto out; + + /* trusted NS check */ + if (!((fnmatch (PRIV_XA_NS".glusterfs.*.xtime", key, FNM_PERIOD) == 0) + || (fnmatch (PRIV_XA_NS".glusterfs.volume-mark", + key, FNM_PERIOD) == 0) + || (fnmatch (PRIV_XA_NS".glusterfs.volume-mark.*", + key, FNM_PERIOD) == 0))) + ret = -1; + + out: + gf_log ("glusterfs-fuse", GF_LOG_DEBUG, "%s setxattr: key [%s], " + " client pid [%d]", (ret ? "disallowing" : "allowing"), key, + priv->client_pid); + + return ret; +} |