diff options
author | Anand Avati <avati@gluster.com> | 2011-07-08 03:23:08 +0000 |
---|---|---|
committer | Anand Avati <avati@gluster.com> | 2011-07-08 02:25:59 -0700 |
commit | 54aaf46e5b6e95fe9df257728b76f67bdb5dd17c (patch) | |
tree | fc402c9a91ff17bbd8bc99a8f83ea2ccadeaa41e /xlators/mount | |
parent | 8af1177029b7103ba84bc59eb58d7c5c8635e6cd (diff) |
fuse: introduce "noacl" option to disable ACL checks
Signed-off-by: Anand Avati <avati@gluster.com>
BUG: 2815 (Server-enforced ACLs)
URL: http://bugs.gluster.com/cgi-bin/bugzilla3/show_bug.cgi?id=2815
Diffstat (limited to 'xlators/mount')
-rw-r--r-- | xlators/mount/fuse/src/fuse-bridge.c | 56 | ||||
-rw-r--r-- | xlators/mount/fuse/src/fuse-bridge.h | 6 |
2 files changed, 51 insertions, 11 deletions
diff --git a/xlators/mount/fuse/src/fuse-bridge.c b/xlators/mount/fuse/src/fuse-bridge.c index 70078286fdd..7a78ef277a7 100644 --- a/xlators/mount/fuse/src/fuse-bridge.c +++ b/xlators/mount/fuse/src/fuse-bridge.c @@ -2329,11 +2329,14 @@ fuse_setxattr (xlator_t *this, fuse_in_header_t *finh, void *msg) struct fuse_setxattr_in *fsi = msg; char *name = (char *)(fsi + 1); char *value = name + strlen (name) + 1; + struct fuse_private *priv = NULL; fuse_state_t *state = NULL; char *dict_value = NULL; int32_t ret = -1; + priv = this->private; + #ifdef GF_DARWIN_HOST_OS if (fsi->position) { gf_log ("glusterfs-fuse", GF_LOG_WARNING, @@ -2346,8 +2349,17 @@ fuse_setxattr (xlator_t *this, fuse_in_header_t *finh, void *msg) } #endif -#ifdef DISABLE_POSIX_ACL - if (!strncmp (name, "system.", 7)) { + if (!priv->acl) { + if ((strcmp (name, "system.posix_acl_access") == 0) || + (strcmp (name, "system.posix_acl_default") == 0)) { + send_fuse_err (this, finh, EOPNOTSUPP); + GF_FREE (finh); + return; + } + } + +#ifdef DISABLE_SELINUX + if (!strncmp (name, "security.", 9)) { send_fuse_err (this, finh, EOPNOTSUPP); GF_FREE (finh); return; @@ -2540,6 +2552,9 @@ fuse_getxattr (xlator_t *this, fuse_in_header_t *finh, void *msg) fuse_state_t *state = NULL; int32_t ret = -1; + struct fuse_private *priv = NULL; + + priv = this->private; #ifdef GF_DARWIN_HOST_OS if (fgxi->position) { @@ -2561,8 +2576,17 @@ fuse_getxattr (xlator_t *this, fuse_in_header_t *finh, void *msg) } #endif -#ifdef DISABLE_POSIX_ACL - if (!strncmp (name, "system.", 7)) { + if (!priv->acl) { + if ((strcmp (name, "system.posix_acl_access") == 0) || + (strcmp (name, "system.posix_acl_default") == 0)) { + send_fuse_err (this, finh, ENOTSUP); + GF_FREE (finh); + return; + } + } + +#ifdef DISABLE_SELINUX + if (!strncmp (name, "security.", 9)) { send_fuse_err (this, finh, ENODATA); GF_FREE (finh); return; @@ -3589,6 +3613,14 @@ init (xlator_t *this_xl) GF_ASSERT (ret == 0); } + priv->acl = 0; + ret = dict_get_str (options, "acl", &value_string); + if (ret == 0) { + ret = gf_string2boolean (value_string, &priv->acl); + GF_ASSERT (ret == 0); + } + + priv->fuse_dump_fd = -1; ret = dict_get_str (options, "dump-fuse", &value_string); if (ret == 0) { @@ -3638,10 +3670,18 @@ init (xlator_t *this_xl) fsname = "glusterfs"; - priv->fd = gf_fuse_mount (priv->mount_point, fsname, - "allow_other,default_permissions," - "max_read=131072", - sync_mtab ? &ctx->mtab_pid : NULL); + if (priv->acl) { + priv->fd = gf_fuse_mount (priv->mount_point, fsname, + "allow_other," + "max_read=131072", + sync_mtab ? &ctx->mtab_pid : NULL); + } else { + priv->fd = gf_fuse_mount (priv->mount_point, fsname, + "allow_other,default_permissions," + "max_read=131072", + sync_mtab ? &ctx->mtab_pid : NULL); + } + if (priv->fd == -1) goto cleanup_exit; diff --git a/xlators/mount/fuse/src/fuse-bridge.h b/xlators/mount/fuse/src/fuse-bridge.h index b1e7637c1a2..163bc888109 100644 --- a/xlators/mount/fuse/src/fuse-bridge.h +++ b/xlators/mount/fuse/src/fuse-bridge.h @@ -55,9 +55,6 @@ #include "list.h" #include "dict.h" -/* TODO: when supporting posix acl, remove this definition */ -#define DISABLE_POSIX_ACL - #if defined(GF_LINUX_HOST_OS) || defined(__NetBSD__) #define FUSE_OP_HIGH (FUSE_POLL + 1) #endif @@ -68,6 +65,8 @@ #define MAX_FUSE_PROC_DELAY 1 +#define DISABLE_SELINUX 1 + typedef struct fuse_in_header fuse_in_header_t; typedef void (fuse_handler_t) (xlator_t *this, fuse_in_header_t *finh, void *msg); @@ -107,6 +106,7 @@ struct fuse_private { pid_t client_pid; gf_boolean_t client_pid_set; + gf_boolean_t acl; }; typedef struct fuse_private fuse_private_t; |