diff options
author | Anand Avati <avati@redhat.com> | 2012-05-29 22:01:42 -0700 |
---|---|---|
committer | Anand Avati <avati@redhat.com> | 2012-05-29 22:58:07 -0700 |
commit | f69785a9e3f9ad55e81f1fe8212485b7e4dc11fe (patch) | |
tree | 7c0ccc27d3f9ebbd13322260837cf24ccc0792a7 /xlators/mount/fuse/src/fuse-bridge.c | |
parent | 647f561f6ad16174da700ea6b70f01b6e0ae6d96 (diff) |
fuse: make SELinux support configurable
Make support for SELinux labels (extended attributes) configurable
and disabled by default as it can cause significant performance
penalty when enabled (it need not be enabled unless specially crafted
policies are set -- which is not by default)
Change-Id: I97bc4b1c26cf055fd520e9bf2d49e52b14fe7515
BUG: 811217
Signed-off-by: Anand Avati <avati@redhat.com>
Reviewed-on: http://review.gluster.com/3485
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Diffstat (limited to 'xlators/mount/fuse/src/fuse-bridge.c')
-rw-r--r-- | xlators/mount/fuse/src/fuse-bridge.c | 35 |
1 files changed, 21 insertions, 14 deletions
diff --git a/xlators/mount/fuse/src/fuse-bridge.c b/xlators/mount/fuse/src/fuse-bridge.c index 42190083a27..fa728604daf 100644 --- a/xlators/mount/fuse/src/fuse-bridge.c +++ b/xlators/mount/fuse/src/fuse-bridge.c @@ -2641,13 +2641,13 @@ fuse_setxattr (xlator_t *this, fuse_in_header_t *finh, void *msg) } } -#ifdef DISABLE_SELINUX - if (!strncmp (name, "security.", 9)) { - send_fuse_err (this, finh, EOPNOTSUPP); - GF_FREE (finh); - return; - } -#endif + if (!priv->selinux) { + if (strncmp (name, "security.", 9) == 0) { + send_fuse_err (this, finh, EOPNOTSUPP); + GF_FREE (finh); + return; + } + } /* Check if the command is for changing the log level of process or specific xlator */ @@ -2913,13 +2913,13 @@ fuse_getxattr (xlator_t *this, fuse_in_header_t *finh, void *msg) } } -#ifdef DISABLE_SELINUX - if (!strncmp (name, "security.", 9)) { - send_fuse_err (this, finh, ENODATA); - GF_FREE (finh); - return; - } -#endif + if (!priv->selinux) { + if (strncmp (name, "security.", 9) == 0) { + send_fuse_err (this, finh, ENODATA); + GF_FREE (finh); + return; + } + } GET_STATE (this, finh, state); @@ -4496,6 +4496,13 @@ init (xlator_t *this_xl) if (priv->uid_map_root) priv->acl = 1; + priv->selinux = 0; + ret = dict_get_str (options, "selinux", &value_string); + if (ret == 0) { + ret = gf_string2boolean (value_string, &priv->selinux); + GF_ASSERT (ret == 0); + } + priv->read_only = 0; ret = dict_get_str (options, "read-only", &value_string); if (ret == 0) { |