From 96da2fbc7fa7f9e27c645b98d8b12491be24a4c4 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Wed, 18 Nov 2015 09:01:30 +0100 Subject: fuse: forbid only access to security.selinux xattr if not mounted with 'selinux' Originally, all selinux.* xattrs were forbidden, causing for example Samba's acl_xattr module which uses security.NTACL to fail without the 'selinux' mount option, which is confusing at least. This change specializes the check to the security.selinux attribute, so other selinux.* attributes work with or without the option. > Change-Id: I9d3083123efbf403f20572cfb325a300ce2e90d9 > BUG: 1283103 > Signed-off-by: Michael Adam > Reviewed-on: http://review.gluster.org/12826 > Tested-by: Gluster Build System > Tested-by: NetBSD Build System > Reviewed-by: Rajesh Joseph > Reviewed-by: Raghavendra G (cherry picked from commit 4fefa3d7dbcdad1e71c74db11113ac1e74b01656) Change-Id: Ia1ab1ef70b0ce8085afc7f8b09accff2a5966161 BUG: 1283107 Signed-off-by: Michael Adam Reviewed-on: http://review.gluster.org/12953 Tested-by: NetBSD Build System Tested-by: Gluster Build System Reviewed-by: Raghavendra Talur --- xlators/mount/fuse/src/fuse-bridge.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'xlators/mount') diff --git a/xlators/mount/fuse/src/fuse-bridge.c b/xlators/mount/fuse/src/fuse-bridge.c index 6735ae464c6..6ea794a111d 100644 --- a/xlators/mount/fuse/src/fuse-bridge.c +++ b/xlators/mount/fuse/src/fuse-bridge.c @@ -3166,7 +3166,7 @@ fuse_setxattr (xlator_t *this, fuse_in_header_t *finh, void *msg) } if (!priv->selinux) { - if (strncmp (name, "security.", 9) == 0) { + if (strcmp (name, "security.selinux") == 0) { send_fuse_err (this, finh, EOPNOTSUPP); GF_FREE (finh); return; @@ -3496,7 +3496,7 @@ fuse_getxattr (xlator_t *this, fuse_in_header_t *finh, void *msg) } if (!priv->selinux) { - if (strncmp (name, "security.", 9) == 0) { + if (strcmp (name, "security.selinux") == 0) { op_errno = ENODATA; goto err; } -- cgit