summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorVenky Shankar <vshankar@redhat.com>2012-07-17 22:54:21 +0530
committerVijay Bellur <vbellur@redhat.com>2012-07-19 02:23:57 -0700
commit84a735558d2682446b2e45d97ff97e698ab2d256 (patch)
tree90733b6d292a81b3340e758187f1055d67472a4d
parent20fedc3232e876917f963b28a4f4b3bf469b2e6f (diff)
FUSE: ignore setxattr for some keys from gsyncd aux mount
Context ------- gsyncd/geo-rep plans to rely on Rsync to sync extended attributes. When this is in place, all xattrs *visible* on the mount point would be candidate for syncing. This set could include gluster internal xattrs too (as xome xlators do not filter out in their cbks). Syncing these xattrs to the slave could result in unexpected functioning of the slave mount. Soln. ----- For gsyncd auxillary mounts (identified by client_pid -1), we only allow xtime related xattrs to go through and silently ignore (w/o propagating error back to the client) the rest of them. This provides a future proof solution as we need not worry about what xattrs show up on the mounts. Also, 'user' namespace xattrs are always passed through even if it's from a gsyncd aux mount. Signed-off-by: Venky Shankar <vshankar@redhat.com> Change-Id: I6fac5e03d2b25fa4cdece4b2897fb202617b3c23 BUG: 841062 Reviewed-on: http://review.gluster.com/3687 Tested-by: Gluster Build System <jenkins@build.gluster.com> Reviewed-by: Vijay Bellur <vbellur@redhat.com>
-rw-r--r--xlators/mount/fuse/src/fuse-bridge.c5
-rw-r--r--xlators/mount/fuse/src/fuse-bridge.h1
-rw-r--r--xlators/mount/fuse/src/fuse-helpers.c28
3 files changed, 34 insertions, 0 deletions
diff --git a/xlators/mount/fuse/src/fuse-bridge.c b/xlators/mount/fuse/src/fuse-bridge.c
index bf86cf73e63..b96d6017331 100644
--- a/xlators/mount/fuse/src/fuse-bridge.c
+++ b/xlators/mount/fuse/src/fuse-bridge.c
@@ -2711,6 +2711,11 @@ fuse_setxattr (xlator_t *this, fuse_in_header_t *finh, void *msg)
}
#endif
+ if (fuse_ignore_xattr_set (priv, name)) {
+ (void) send_fuse_err (this, finh, 0);
+ return;
+ }
+
if (!priv->acl) {
if ((strcmp (name, "system.posix_acl_access") == 0) ||
(strcmp (name, "system.posix_acl_default") == 0)) {
diff --git a/xlators/mount/fuse/src/fuse-bridge.h b/xlators/mount/fuse/src/fuse-bridge.h
index bc35eb0617d..5ffb285a28b 100644
--- a/xlators/mount/fuse/src/fuse-bridge.h
+++ b/xlators/mount/fuse/src/fuse-bridge.h
@@ -363,4 +363,5 @@ int fuse_resolve_entry_init (fuse_state_t *state, fuse_resolve_t *resolve,
ino_t par, char *name);
int fuse_resolve_fd_init (fuse_state_t *state, fuse_resolve_t *resolve,
fd_t *fd);
+int fuse_ignore_xattr_set (fuse_private_t *priv, char *key);
#endif /* _GF_FUSE_BRIDGE_H_ */
diff --git a/xlators/mount/fuse/src/fuse-helpers.c b/xlators/mount/fuse/src/fuse-helpers.c
index 729c8fb2cd4..832f57e1cdb 100644
--- a/xlators/mount/fuse/src/fuse-helpers.c
+++ b/xlators/mount/fuse/src/fuse-helpers.c
@@ -545,3 +545,31 @@ fuse_flip_xattr_ns (fuse_private_t *priv, char *okey, char **nkey)
return ret;
}
+
+int
+fuse_ignore_xattr_set (fuse_private_t *priv, char *key)
+{
+ int ret = 0;
+
+ /* don't mess with user namespace */
+ if (fnmatch ("user.*", key, FNM_PERIOD) == 0)
+ goto out;
+
+ if (priv->client_pid != GF_CLIENT_PID_GSYNCD)
+ goto out;
+
+ /* trusted NS check */
+ if (!((fnmatch (PRIV_XA_NS".glusterfs.*.xtime", key, FNM_PERIOD) == 0)
+ || (fnmatch (PRIV_XA_NS".glusterfs.volume-mark",
+ key, FNM_PERIOD) == 0)
+ || (fnmatch (PRIV_XA_NS".glusterfs.volume-mark.*",
+ key, FNM_PERIOD) == 0)))
+ ret = -1;
+
+ out:
+ gf_log ("glusterfs-fuse", GF_LOG_DEBUG, "%s setxattr: key [%s], "
+ " client pid [%d]", (ret ? "disallowing" : "allowing"), key,
+ priv->client_pid);
+
+ return ret;
+}