diff options
author | Poornima G <pgurusid@redhat.com> | 2016-12-26 14:28:22 +0530 |
---|---|---|
committer | Raghavendra G <rgowdapp@redhat.com> | 2017-01-20 22:09:22 -0800 |
commit | ac629e574935a8aed6526936bc83b1c6d295ae67 (patch) | |
tree | 05980ef502ed3eefce5b420c1df551889c1fe556 /xlators/performance/md-cache | |
parent | 578e9b5b5b45245ed044bab066533411e2141db6 (diff) |
md-cache: Cache security.ima xattrs
From kernel version 3.X or greater, creating of a file
results in removexattr call on security.ima xattr. But
this xattr is not set on the file unless IMA feature
is active. With this patch, removxattr call returns
ENODATA if it is not found in the cache.
Change-Id: I8136096598a983aebc09901945eba1db1b2f93c9
Signed-off-by: Poornima G <pgurusid@redhat.com>
Reviewed-on: http://review.gluster.org/16296
Smoke: Gluster Build System <jenkins@build.gluster.org>
NetBSD-regression: NetBSD Build System <jenkins@build.gluster.org>
CentOS-regression: Gluster Build System <jenkins@build.gluster.org>
Reviewed-by: Raghavendra G <rgowdapp@redhat.com>
Diffstat (limited to 'xlators/performance/md-cache')
-rw-r--r-- | xlators/performance/md-cache/src/md-cache.c | 81 |
1 files changed, 79 insertions, 2 deletions
diff --git a/xlators/performance/md-cache/src/md-cache.c b/xlators/performance/md-cache/src/md-cache.c index 36cedc64d70..026b890cd85 100644 --- a/xlators/performance/md-cache/src/md-cache.c +++ b/xlators/performance/md-cache/src/md-cache.c @@ -49,6 +49,8 @@ struct mdc_conf { int timeout; gf_boolean_t cache_posix_acl; gf_boolean_t cache_selinux; + gf_boolean_t cache_capability; + gf_boolean_t cache_ima; gf_boolean_t force_readdirp; gf_boolean_t cache_swift_metadata; gf_boolean_t cache_samba_metadata; @@ -115,6 +117,11 @@ static struct mdc_key { .check = 1, }, { + .name = "security.ima", + .load = 0, + .check = 1, + }, + { .name = NULL, .load = 0, .check = 0, @@ -2226,6 +2233,10 @@ mdc_removexattr (call_frame_t *frame, xlator_t *this, loc_t *loc, const char *name, dict_t *xdata) { mdc_local_t *local = NULL; + int op_errno = ENODATA; + int ret = 0; + dict_t *xattr = NULL; + struct mdc_conf *conf = this->private; local = mdc_local_get (frame); @@ -2233,6 +2244,25 @@ mdc_removexattr (call_frame_t *frame, xlator_t *this, loc_t *loc, local->key = gf_strdup (name); + if (!is_mdc_key_satisfied (name)) + goto uncached; + + ret = mdc_inode_xatt_get (this, loc->inode, &xattr); + if (ret != 0) + goto uncached; + + if (!xattr || !dict_get (xattr, (char *)name)) { + ret = -1; + op_errno = ENODATA; + } + + INCREMENT_ATOMIC (conf->mdc_counter.lock, conf->mdc_counter.xattr_hit); + MDC_STACK_UNWIND (removexattr, frame, ret, op_errno, xdata); + + return 0; + +uncached: + INCREMENT_ATOMIC (conf->mdc_counter.lock, conf->mdc_counter.xattr_miss); STACK_WIND (frame, mdc_removexattr_cbk, FIRST_CHILD(this), FIRST_CHILD(this)->fops->removexattr, loc, name, xdata); @@ -2272,6 +2302,10 @@ mdc_fremovexattr (call_frame_t *frame, xlator_t *this, fd_t *fd, const char *name, dict_t *xdata) { mdc_local_t *local = NULL; + int op_errno = ENODATA; + int ret = 0; + dict_t *xattr = NULL; + struct mdc_conf *conf = this->private; local = mdc_local_get (frame); @@ -2279,6 +2313,24 @@ mdc_fremovexattr (call_frame_t *frame, xlator_t *this, fd_t *fd, local->key = gf_strdup (name); + if (!is_mdc_key_satisfied (name)) + goto uncached; + + ret = mdc_inode_xatt_get (this, fd->inode, &xattr); + if (ret != 0) + goto uncached; + + if (!xattr || !dict_get (xattr, (char *)name)) { + ret = -1; + op_errno = ENODATA; + } + + INCREMENT_ATOMIC (conf->mdc_counter.lock, conf->mdc_counter.xattr_hit); + MDC_STACK_UNWIND (fremovexattr, frame, ret, op_errno, xdata); + return 0; + +uncached: + INCREMENT_ATOMIC (conf->mdc_counter.lock, conf->mdc_counter.xattr_miss); STACK_WIND (frame, mdc_fremovexattr_cbk, FIRST_CHILD(this), FIRST_CHILD(this)->fops->fremovexattr, fd, name, xdata); @@ -2829,7 +2881,16 @@ reconfigure (xlator_t *this, dict_t *options) GF_OPTION_RECONF ("md-cache-timeout", timeout, options, int32, out); GF_OPTION_RECONF ("cache-selinux", conf->cache_selinux, options, bool, out); - mdc_key_load_set (mdc_keys, "security.", conf->cache_selinux); + mdc_key_load_set (mdc_keys, "security.selinux", conf->cache_selinux); + + GF_OPTION_RECONF ("cache-capability-xattrs", conf->cache_capability, + options, bool, out); + mdc_key_load_set (mdc_keys, "security.capability", + conf->cache_capability); + + GF_OPTION_RECONF ("cache-ima-xattrs", conf->cache_ima, options, bool, + out); + mdc_key_load_set (mdc_keys, "security.ima", conf->cache_ima); GF_OPTION_RECONF ("cache-posix-acl", conf->cache_posix_acl, options, bool, out); mdc_key_load_set (mdc_keys, "system.posix_acl_", conf->cache_posix_acl); @@ -2892,7 +2953,15 @@ init (xlator_t *this) GF_OPTION_INIT ("md-cache-timeout", timeout, int32, out); GF_OPTION_INIT ("cache-selinux", conf->cache_selinux, bool, out); - mdc_key_load_set (mdc_keys, "security.", conf->cache_selinux); + mdc_key_load_set (mdc_keys, "security.selinux", conf->cache_selinux); + + GF_OPTION_INIT ("cache-capability-xattrs", conf->cache_capability, + bool, out); + mdc_key_load_set (mdc_keys, "security.capability", + conf->cache_capability); + + GF_OPTION_INIT ("cache-ima-xattrs", conf->cache_ima, bool, out); + mdc_key_load_set (mdc_keys, "security.ima", conf->cache_ima); GF_OPTION_INIT ("cache-posix-acl", conf->cache_posix_acl, bool, out); mdc_key_load_set (mdc_keys, "system.posix_acl_", conf->cache_posix_acl); @@ -3039,6 +3108,14 @@ struct volume_options options[] = { .type = GF_OPTION_TYPE_BOOL, .default_value = "false", }, + { .key = {"cache-capability-xattrs"}, + .type = GF_OPTION_TYPE_BOOL, + .default_value = "true", + }, + { .key = {"cache-ima-xattrs"}, + .type = GF_OPTION_TYPE_BOOL, + .default_value = "true", + }, { .key = {"cache-swift-metadata"}, .type = GF_OPTION_TYPE_BOOL, .default_value = "true", |