From 465a3f701395eb2db2620c0d2c5d9eb110dce171 Mon Sep 17 00:00:00 2001 From: Anand Avati Date: Wed, 10 Aug 2011 23:11:36 +0530 Subject: posix-acl: disable permission checks for fd based ops If write calls are coming in through an fd with O_RDWR or O_WRONLY flag then a permission check is unnecessary. However writes from NFS ideally need a "stateless" check in each call and this results in a permission failure due to the read-only mode (disregarding the FD's writeability). For now it is acceptable to disable write checks as almost always the NFS client would already be doing such basic access control. Also because the previous access-control translator (prior to posix ACL introduction) too was permitting writes and reads unconditionally. In fact the Linux KNFS server too assumes the NFS client would have done the permission check. Change-Id: I33e5de8911a87881f9341b8b92574780c2dfbeba BUG: 3388 Reviewed-on: http://review.gluster.com/207 Tested-by: Gluster Build System Reviewed-by: Anand Avati --- xlators/system/posix-acl/src/posix-acl.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/xlators/system/posix-acl/src/posix-acl.c b/xlators/system/posix-acl/src/posix-acl.c index 6526e6a6438..8648485cf79 100644 --- a/xlators/system/posix-acl/src/posix-acl.c +++ b/xlators/system/posix-acl/src/posix-acl.c @@ -1904,8 +1904,10 @@ fini (xlator_t *this) struct xlator_fops fops = { .lookup = posix_acl_lookup, .open = posix_acl_open, +#if FD_MODE_CHECK_IS_IMPLEMENTED .readv = posix_acl_readv, .writev = posix_acl_writev, +#endif .ftruncate = posix_acl_ftruncate, .access = posix_acl_access, .truncate = posix_acl_truncate, -- cgit