3 files changed, 27 insertions, 16 deletions

diff --git a/xlators/mount/fuse/src/fuse-bridge.c b/xlators/mount/fuse/src/fuse-bridge.c
index 5131d6c05ba..385666b0cf0 100644
--- a/xlators/mount/fuse/src/fuse-bridge.c
+++ b/xlators/mount/fuse/src/fuse-bridge.c
@@ -2642,13 +2642,13 @@ fuse_setxattr (xlator_t *this, fuse_in_header_t *finh, void *msg)
                 }
         }
 
-#ifdef DISABLE_SELINUX
-        if (!strncmp (name, "security.", 9)) {
-                send_fuse_err (this, finh, EOPNOTSUPP);
-                GF_FREE (finh);
-                return;
-        }
-#endif
+	if (!priv->selinux) {
+		if (strncmp (name, "security.", 9) == 0) {
+			send_fuse_err (this, finh, EOPNOTSUPP);
+			GF_FREE (finh);
+			return;
+		}
+	}
 
         /* Check if the command is for changing the log
            level of process or specific xlator */
@@ -2914,13 +2914,13 @@ fuse_getxattr (xlator_t *this, fuse_in_header_t *finh, void *msg)
                 }
         }
 
-#ifdef DISABLE_SELINUX
-        if (!strncmp (name, "security.", 9)) {
-                send_fuse_err (this, finh, ENODATA);
-                GF_FREE (finh);
-                return;
-        }
-#endif
+	if (!priv->selinux) {
+		if (strncmp (name, "security.", 9) == 0) {
+			send_fuse_err (this, finh, ENODATA);
+			GF_FREE (finh);
+			return;
+		}
+	}
 
         GET_STATE (this, finh, state);
 
@@ -4484,6 +4484,13 @@ init (xlator_t *this_xl)
         if (priv->uid_map_root)
                 priv->acl = 1;
 
+        priv->selinux = 0;
+        ret = dict_get_str (options, "selinux", &value_string);
+        if (ret == 0) {
+                ret = gf_string2boolean (value_string, &priv->selinux);
+                GF_ASSERT (ret == 0);
+        }
+
         priv->read_only = 0;
         ret = dict_get_str (options, "read-only", &value_string);
         if (ret == 0) {
diff --git a/xlators/mount/fuse/src/fuse-bridge.h b/xlators/mount/fuse/src/fuse-bridge.h
index c13c2dc76fe..c6c8438a9ed 100644
--- a/xlators/mount/fuse/src/fuse-bridge.h
+++ b/xlators/mount/fuse/src/fuse-bridge.h
@@ -66,8 +66,6 @@
 
 #define MAX_FUSE_PROC_DELAY 1
 
-//#define DISABLE_SELINUX 1
-
 typedef struct fuse_in_header fuse_in_header_t;
 typedef void (fuse_handler_t) (xlator_t *this, fuse_in_header_t *finh,
                                void *msg);
@@ -109,6 +107,7 @@ struct fuse_private {
         gf_boolean_t         client_pid_set;
         unsigned             uid_map_root;
         gf_boolean_t         acl;
+        gf_boolean_t         selinux;
         gf_boolean_t         read_only;
         fdtable_t           *fdtable;
 
diff --git a/xlators/mount/fuse/utils/mount.glusterfs.in b/xlators/mount/fuse/utils/mount.glusterfs.in
index c313e552fa1..c36ad6ff9ab 100755
--- a/xlators/mount/fuse/utils/mount.glusterfs.in
+++ b/xlators/mount/fuse/utils/mount.glusterfs.in
@@ -100,6 +100,10 @@ start_glusterfs ()
 	cmd_line=$(echo "$cmd_line --acl");
     fi
 
+    if [ -n "$selinux" ]; then
+	cmd_line=$(echo "$cmd_line --selinux");
+    fi
+
     if [ -n "$worm" ]; then
         cmd_line=$(echo "$cmd_line --worm");
     fi
@@ -273,6 +277,7 @@ main ()
                 case "$pair" in
                     "ro")       read_only=1 ;;
                     "acl")      acl=1 ;;
+                    "selinux")  selinux=1 ;;
                     "worm")     worm=1 ;;
                     # "mount -t glusterfs" sends this, but it's useless.
                     "rw")       ;;