summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--glusterfsd/src/glusterfsd.c15
-rw-r--r--glusterfsd/src/glusterfsd.h1
-rw-r--r--libglusterfs/src/glusterfs.h1
-rw-r--r--xlators/mount/fuse/src/fuse-bridge.c35
-rw-r--r--xlators/mount/fuse/src/fuse-bridge.h3
-rwxr-xr-xxlators/mount/fuse/utils/mount.glusterfs.in5
6 files changed, 44 insertions, 16 deletions
diff --git a/glusterfsd/src/glusterfsd.c b/glusterfsd/src/glusterfsd.c
index 903eac72ae6..ebd12bf0b99 100644
--- a/glusterfsd/src/glusterfsd.c
+++ b/glusterfsd/src/glusterfsd.c
@@ -152,6 +152,8 @@ static struct argp_option gf_options[] = {
"Mount the filesystem in 'read-only' mode"},
{"acl", ARGP_ACL_KEY, 0, 0,
"Mount the filesystem with POSIX ACL support"},
+ {"selinux", ARGP_SELINUX_KEY, 0, 0,
+ "Enable SELinux label (extened attributes) support on inodes"},
{"worm", ARGP_WORM_KEY, 0, 0,
"Mount the filesystem in 'worm' mode"},
{"mac-compat", ARGP_MAC_COMPAT_KEY, "BOOL", OPTION_ARG_OPTIONAL,
@@ -348,6 +350,15 @@ create_fuse_mount (glusterfs_ctx_t *ctx)
}
}
+ if (cmd_args->selinux) {
+ ret = dict_set_static_ptr (master->options, "selinux", "on");
+ if (ret < 0) {
+ gf_log ("glusterfsd", GF_LOG_ERROR,
+ "failed to set dict value for key selinux");
+ goto err;
+ }
+ }
+
if (cmd_args->read_only) {
ret = dict_set_static_ptr (master->options, "read-only", "on");
if (ret < 0) {
@@ -564,6 +575,10 @@ parse_opts (int key, char *arg, struct argp_state *state)
cmd_args->acl = 1;
break;
+ case ARGP_SELINUX_KEY:
+ cmd_args->selinux = 1;
+ break;
+
case ARGP_WORM_KEY:
cmd_args->worm = 1;
break;
diff --git a/glusterfsd/src/glusterfsd.h b/glusterfsd/src/glusterfsd.h
index 21f1cbb6c24..8ec121954bb 100644
--- a/glusterfsd/src/glusterfsd.h
+++ b/glusterfsd/src/glusterfsd.h
@@ -86,6 +86,7 @@ enum argp_option_keys {
ARGP_WORM_KEY = 155,
ARGP_USER_MAP_ROOT_KEY = 156,
ARGP_MEM_ACCOUNTING_KEY = 157,
+ ARGP_SELINUX_KEY = 158,
};
struct _gfd_vol_top_priv_t {
diff --git a/libglusterfs/src/glusterfs.h b/libglusterfs/src/glusterfs.h
index 0917ac1b586..cdfb64dea84 100644
--- a/libglusterfs/src/glusterfs.h
+++ b/libglusterfs/src/glusterfs.h
@@ -288,6 +288,7 @@ struct _cmd_args {
int debug_mode;
int read_only;
int acl;
+ int selinux;
int worm;
int mac_compat;
struct list_head xlator_options; /* list of xlator_option_t */
diff --git a/xlators/mount/fuse/src/fuse-bridge.c b/xlators/mount/fuse/src/fuse-bridge.c
index 5131d6c05ba..385666b0cf0 100644
--- a/xlators/mount/fuse/src/fuse-bridge.c
+++ b/xlators/mount/fuse/src/fuse-bridge.c
@@ -2642,13 +2642,13 @@ fuse_setxattr (xlator_t *this, fuse_in_header_t *finh, void *msg)
}
}
-#ifdef DISABLE_SELINUX
- if (!strncmp (name, "security.", 9)) {
- send_fuse_err (this, finh, EOPNOTSUPP);
- GF_FREE (finh);
- return;
- }
-#endif
+ if (!priv->selinux) {
+ if (strncmp (name, "security.", 9) == 0) {
+ send_fuse_err (this, finh, EOPNOTSUPP);
+ GF_FREE (finh);
+ return;
+ }
+ }
/* Check if the command is for changing the log
level of process or specific xlator */
@@ -2914,13 +2914,13 @@ fuse_getxattr (xlator_t *this, fuse_in_header_t *finh, void *msg)
}
}
-#ifdef DISABLE_SELINUX
- if (!strncmp (name, "security.", 9)) {
- send_fuse_err (this, finh, ENODATA);
- GF_FREE (finh);
- return;
- }
-#endif
+ if (!priv->selinux) {
+ if (strncmp (name, "security.", 9) == 0) {
+ send_fuse_err (this, finh, ENODATA);
+ GF_FREE (finh);
+ return;
+ }
+ }
GET_STATE (this, finh, state);
@@ -4484,6 +4484,13 @@ init (xlator_t *this_xl)
if (priv->uid_map_root)
priv->acl = 1;
+ priv->selinux = 0;
+ ret = dict_get_str (options, "selinux", &value_string);
+ if (ret == 0) {
+ ret = gf_string2boolean (value_string, &priv->selinux);
+ GF_ASSERT (ret == 0);
+ }
+
priv->read_only = 0;
ret = dict_get_str (options, "read-only", &value_string);
if (ret == 0) {
diff --git a/xlators/mount/fuse/src/fuse-bridge.h b/xlators/mount/fuse/src/fuse-bridge.h
index c13c2dc76fe..c6c8438a9ed 100644
--- a/xlators/mount/fuse/src/fuse-bridge.h
+++ b/xlators/mount/fuse/src/fuse-bridge.h
@@ -66,8 +66,6 @@
#define MAX_FUSE_PROC_DELAY 1
-//#define DISABLE_SELINUX 1
-
typedef struct fuse_in_header fuse_in_header_t;
typedef void (fuse_handler_t) (xlator_t *this, fuse_in_header_t *finh,
void *msg);
@@ -109,6 +107,7 @@ struct fuse_private {
gf_boolean_t client_pid_set;
unsigned uid_map_root;
gf_boolean_t acl;
+ gf_boolean_t selinux;
gf_boolean_t read_only;
fdtable_t *fdtable;
diff --git a/xlators/mount/fuse/utils/mount.glusterfs.in b/xlators/mount/fuse/utils/mount.glusterfs.in
index c313e552fa1..c36ad6ff9ab 100755
--- a/xlators/mount/fuse/utils/mount.glusterfs.in
+++ b/xlators/mount/fuse/utils/mount.glusterfs.in
@@ -100,6 +100,10 @@ start_glusterfs ()
cmd_line=$(echo "$cmd_line --acl");
fi
+ if [ -n "$selinux" ]; then
+ cmd_line=$(echo "$cmd_line --selinux");
+ fi
+
if [ -n "$worm" ]; then
cmd_line=$(echo "$cmd_line --worm");
fi
@@ -273,6 +277,7 @@ main ()
case "$pair" in
"ro") read_only=1 ;;
"acl") acl=1 ;;
+ "selinux") selinux=1 ;;
"worm") worm=1 ;;
# "mount -t glusterfs" sends this, but it's useless.
"rw") ;;