diff options
| author | Susant Palai <spalai@redhat.com> | 2018-09-03 15:49:02 +0530 |
|---|---|---|
| committer | N Balachandran <nbalacha@redhat.com> | 2018-09-20 15:43:18 +0000 |
| commit | b139bc58eb504adf5ef81658896c9283ae21f390 (patch) | |
| tree | fc0fc8b80a7298694990e7ee45471c6dd09ef7b6 | |
| parent | 5e8fd8b465761e6ab09187abd56ce9930652866b (diff) | |
dht: Operate internal fops with negative pid
With root-squash on, all root credentials are converted to a
random uid, gid(65535). And ideally this does not carry the necessary
permission bits to carry out the operation. But posix-acl will allow
operations from this inode as long as its ctx has the ngroup information
and ngroup has the owner group information.
The problem we ran into recently was somehow posix-acl xlator did not
cache the ngroup info and some of the dht internal fops(layout setxattr)
failed with root-squash enabled.
DHT internal fops now use a negative pid to pretend that the operation
is from an internal client so posix-acl allows them to pass
Change-Id: I5bb8d068389bf4c94629d668a16015a95ccb53ab
fixes: bz#1624796
Signed-off-by: Susant Palai <spalai@redhat.com>
| -rw-r--r-- | libglusterfs/src/stack.h | 3 | ||||
| -rw-r--r-- | xlators/cluster/dht/src/dht-common.h | 1 |
2 files changed, 4 insertions, 0 deletions
diff --git a/libglusterfs/src/stack.h b/libglusterfs/src/stack.h index 8d58e4daab9..cda04dfdb29 100644 --- a/libglusterfs/src/stack.h +++ b/libglusterfs/src/stack.h @@ -232,8 +232,10 @@ STACK_RESET(call_stack_t *stack) local_type *__local = (frm)->local; \ __local->uid = frm->root->uid; \ __local->gid = frm->root->gid; \ + __local->pid = frm->root->pid; \ frm->root->uid = 0; \ frm->root->gid = 0; \ + frm->root->pid = GF_CLIENT_PID_NO_ROOT_SQUASH; \ } while (0); #define FRAME_SU_UNDO(frm, local_type) \ @@ -241,6 +243,7 @@ STACK_RESET(call_stack_t *stack) local_type *__local = (frm)->local; \ frm->root->uid = __local->uid; \ frm->root->gid = __local->gid; \ + frm->root->pid = __local->pid; \ } while (0); /* NOTE: make sure to keep this as an macro, mainly because, we need 'fn' diff --git a/xlators/cluster/dht/src/dht-common.h b/xlators/cluster/dht/src/dht-common.h index cc1e1f02912..7d813b1acc8 100644 --- a/xlators/cluster/dht/src/dht-common.h +++ b/xlators/cluster/dht/src/dht-common.h @@ -323,6 +323,7 @@ struct dht_local { uint32_t uid; uint32_t gid; + pid_t pid; /* needed by nufa */ int32_t flags; |