diff options
| -rw-r--r-- | glusterfsd/src/glusterfsd.c | 15 | ||||
| -rw-r--r-- | glusterfsd/src/glusterfsd.h | 1 | ||||
| -rw-r--r-- | libglusterfs/src/glusterfs.h | 1 | ||||
| -rw-r--r-- | xlators/mount/fuse/src/fuse-bridge.c | 35 | ||||
| -rw-r--r-- | xlators/mount/fuse/src/fuse-bridge.h | 3 | ||||
| -rwxr-xr-x | xlators/mount/fuse/utils/mount.glusterfs.in | 5 |
6 files changed, 44 insertions, 16 deletions
diff --git a/glusterfsd/src/glusterfsd.c b/glusterfsd/src/glusterfsd.c index 903eac72ae6..ebd12bf0b99 100644 --- a/glusterfsd/src/glusterfsd.c +++ b/glusterfsd/src/glusterfsd.c @@ -152,6 +152,8 @@ static struct argp_option gf_options[] = { "Mount the filesystem in 'read-only' mode"}, {"acl", ARGP_ACL_KEY, 0, 0, "Mount the filesystem with POSIX ACL support"}, + {"selinux", ARGP_SELINUX_KEY, 0, 0, + "Enable SELinux label (extened attributes) support on inodes"}, {"worm", ARGP_WORM_KEY, 0, 0, "Mount the filesystem in 'worm' mode"}, {"mac-compat", ARGP_MAC_COMPAT_KEY, "BOOL", OPTION_ARG_OPTIONAL, @@ -348,6 +350,15 @@ create_fuse_mount (glusterfs_ctx_t *ctx) } } + if (cmd_args->selinux) { + ret = dict_set_static_ptr (master->options, "selinux", "on"); + if (ret < 0) { + gf_log ("glusterfsd", GF_LOG_ERROR, + "failed to set dict value for key selinux"); + goto err; + } + } + if (cmd_args->read_only) { ret = dict_set_static_ptr (master->options, "read-only", "on"); if (ret < 0) { @@ -564,6 +575,10 @@ parse_opts (int key, char *arg, struct argp_state *state) cmd_args->acl = 1; break; + case ARGP_SELINUX_KEY: + cmd_args->selinux = 1; + break; + case ARGP_WORM_KEY: cmd_args->worm = 1; break; diff --git a/glusterfsd/src/glusterfsd.h b/glusterfsd/src/glusterfsd.h index 21f1cbb6c24..8ec121954bb 100644 --- a/glusterfsd/src/glusterfsd.h +++ b/glusterfsd/src/glusterfsd.h @@ -86,6 +86,7 @@ enum argp_option_keys { ARGP_WORM_KEY = 155, ARGP_USER_MAP_ROOT_KEY = 156, ARGP_MEM_ACCOUNTING_KEY = 157, + ARGP_SELINUX_KEY = 158, }; struct _gfd_vol_top_priv_t { diff --git a/libglusterfs/src/glusterfs.h b/libglusterfs/src/glusterfs.h index 0917ac1b586..cdfb64dea84 100644 --- a/libglusterfs/src/glusterfs.h +++ b/libglusterfs/src/glusterfs.h @@ -288,6 +288,7 @@ struct _cmd_args { int debug_mode; int read_only; int acl; + int selinux; int worm; int mac_compat; struct list_head xlator_options; /* list of xlator_option_t */ diff --git a/xlators/mount/fuse/src/fuse-bridge.c b/xlators/mount/fuse/src/fuse-bridge.c index 5131d6c05ba..385666b0cf0 100644 --- a/xlators/mount/fuse/src/fuse-bridge.c +++ b/xlators/mount/fuse/src/fuse-bridge.c @@ -2642,13 +2642,13 @@ fuse_setxattr (xlator_t *this, fuse_in_header_t *finh, void *msg) } } -#ifdef DISABLE_SELINUX - if (!strncmp (name, "security.", 9)) { - send_fuse_err (this, finh, EOPNOTSUPP); - GF_FREE (finh); - return; - } -#endif + if (!priv->selinux) { + if (strncmp (name, "security.", 9) == 0) { + send_fuse_err (this, finh, EOPNOTSUPP); + GF_FREE (finh); + return; + } + } /* Check if the command is for changing the log level of process or specific xlator */ @@ -2914,13 +2914,13 @@ fuse_getxattr (xlator_t *this, fuse_in_header_t *finh, void *msg) } } -#ifdef DISABLE_SELINUX - if (!strncmp (name, "security.", 9)) { - send_fuse_err (this, finh, ENODATA); - GF_FREE (finh); - return; - } -#endif + if (!priv->selinux) { + if (strncmp (name, "security.", 9) == 0) { + send_fuse_err (this, finh, ENODATA); + GF_FREE (finh); + return; + } + } GET_STATE (this, finh, state); @@ -4484,6 +4484,13 @@ init (xlator_t *this_xl) if (priv->uid_map_root) priv->acl = 1; + priv->selinux = 0; + ret = dict_get_str (options, "selinux", &value_string); + if (ret == 0) { + ret = gf_string2boolean (value_string, &priv->selinux); + GF_ASSERT (ret == 0); + } + priv->read_only = 0; ret = dict_get_str (options, "read-only", &value_string); if (ret == 0) { diff --git a/xlators/mount/fuse/src/fuse-bridge.h b/xlators/mount/fuse/src/fuse-bridge.h index c13c2dc76fe..c6c8438a9ed 100644 --- a/xlators/mount/fuse/src/fuse-bridge.h +++ b/xlators/mount/fuse/src/fuse-bridge.h @@ -66,8 +66,6 @@ #define MAX_FUSE_PROC_DELAY 1 -//#define DISABLE_SELINUX 1 - typedef struct fuse_in_header fuse_in_header_t; typedef void (fuse_handler_t) (xlator_t *this, fuse_in_header_t *finh, void *msg); @@ -109,6 +107,7 @@ struct fuse_private { gf_boolean_t client_pid_set; unsigned uid_map_root; gf_boolean_t acl; + gf_boolean_t selinux; gf_boolean_t read_only; fdtable_t *fdtable; diff --git a/xlators/mount/fuse/utils/mount.glusterfs.in b/xlators/mount/fuse/utils/mount.glusterfs.in index c313e552fa1..c36ad6ff9ab 100755 --- a/xlators/mount/fuse/utils/mount.glusterfs.in +++ b/xlators/mount/fuse/utils/mount.glusterfs.in @@ -100,6 +100,10 @@ start_glusterfs () cmd_line=$(echo "$cmd_line --acl"); fi + if [ -n "$selinux" ]; then + cmd_line=$(echo "$cmd_line --selinux"); + fi + if [ -n "$worm" ]; then cmd_line=$(echo "$cmd_line --worm"); fi @@ -273,6 +277,7 @@ main () case "$pair" in "ro") read_only=1 ;; "acl") acl=1 ;; + "selinux") selinux=1 ;; "worm") worm=1 ;; # "mount -t glusterfs" sends this, but it's useless. "rw") ;; |