From d8c7cdc7341a1e1119efc8502b9a5cf90210ddae Mon Sep 17 00:00:00 2001 From: Anand Avati Date: Fri, 1 Jul 2011 16:54:52 +0000 Subject: fuse: introduce "noacl" option to disable ACL checks Signed-off-by: Anand Avati BUG: 2815 (Server-enforced ACLs) URL: http://bugs.gluster.com/cgi-bin/bugzilla3/show_bug.cgi?id=2815 --- xlators/mount/fuse/src/fuse-bridge.c | 53 +++++++++++++++++++++++++++++++----- xlators/mount/fuse/src/fuse-bridge.h | 6 ++-- 2 files changed, 49 insertions(+), 10 deletions(-) (limited to 'xlators/mount') diff --git a/xlators/mount/fuse/src/fuse-bridge.c b/xlators/mount/fuse/src/fuse-bridge.c index ec10cc4d6f2..5a30b8b54c5 100644 --- a/xlators/mount/fuse/src/fuse-bridge.c +++ b/xlators/mount/fuse/src/fuse-bridge.c @@ -2329,11 +2329,14 @@ fuse_setxattr (xlator_t *this, fuse_in_header_t *finh, void *msg) struct fuse_setxattr_in *fsi = msg; char *name = (char *)(fsi + 1); char *value = name + strlen (name) + 1; + struct fuse_private *priv = NULL; fuse_state_t *state = NULL; char *dict_value = NULL; int32_t ret = -1; + priv = this->private; + #ifdef GF_DARWIN_HOST_OS if (fsi->position) { gf_log ("glusterfs-fuse", GF_LOG_WARNING, @@ -2346,8 +2349,17 @@ fuse_setxattr (xlator_t *this, fuse_in_header_t *finh, void *msg) } #endif -#ifdef DISABLE_POSIX_ACL - if (!strncmp (name, "system.", 7)) { + if (!priv->acl) { + if ((strcmp (name, "system.posix_acl_access") == 0) || + (strcmp (name, "system.posix_acl_default") == 0)) { + send_fuse_err (this, finh, EOPNOTSUPP); + GF_FREE (finh); + return; + } + } + +#ifdef DISABLE_SELINUX + if (!strncmp (name, "security.", 9)) { send_fuse_err (this, finh, EOPNOTSUPP); GF_FREE (finh); return; @@ -2540,6 +2552,9 @@ fuse_getxattr (xlator_t *this, fuse_in_header_t *finh, void *msg) fuse_state_t *state = NULL; int32_t ret = -1; + struct fuse_private *priv = NULL; + + priv = this->private; #ifdef GF_DARWIN_HOST_OS if (fgxi->position) { @@ -2561,8 +2576,17 @@ fuse_getxattr (xlator_t *this, fuse_in_header_t *finh, void *msg) } #endif -#ifdef DISABLE_POSIX_ACL - if (!strncmp (name, "system.", 7)) { + if (!priv->acl) { + if ((strcmp (name, "system.posix_acl_access") == 0) || + (strcmp (name, "system.posix_acl_default") == 0)) { + send_fuse_err (this, finh, ENOTSUP); + GF_FREE (finh); + return; + } + } + +#ifdef DISABLE_SELINUX + if (!strncmp (name, "security.", 9)) { send_fuse_err (this, finh, ENODATA); GF_FREE (finh); return; @@ -3583,6 +3607,14 @@ init (xlator_t *this_xl) GF_ASSERT (ret == 0); } + priv->acl = 0; + ret = dict_get_str (options, "acl", &value_string); + if (ret == 0) { + ret = gf_string2boolean (value_string, &priv->acl); + GF_ASSERT (ret == 0); + } + + priv->fuse_dump_fd = -1; ret = dict_get_str (options, "dump-fuse", &value_string); if (ret == 0) { @@ -3624,9 +3656,16 @@ init (xlator_t *this_xl) fsname = "glusterfs"; - priv->fd = gf_fuse_mount (priv->mount_point, fsname, - "allow_other,default_permissions," - "max_read=131072"); + if (priv->acl) { + priv->fd = gf_fuse_mount (priv->mount_point, fsname, + "allow_other," + "max_read=131072"); + } else { + priv->fd = gf_fuse_mount (priv->mount_point, fsname, + "allow_other,default_permissions," + "max_read=131072"); + } + if (priv->fd == -1) goto cleanup_exit; diff --git a/xlators/mount/fuse/src/fuse-bridge.h b/xlators/mount/fuse/src/fuse-bridge.h index 85acab77742..e138455757d 100644 --- a/xlators/mount/fuse/src/fuse-bridge.h +++ b/xlators/mount/fuse/src/fuse-bridge.h @@ -55,9 +55,6 @@ #include "list.h" #include "dict.h" -/* TODO: when supporting posix acl, remove this definition */ -#define DISABLE_POSIX_ACL - #ifdef GF_LINUX_HOST_OS #define FUSE_OP_HIGH (FUSE_POLL + 1) #endif @@ -68,6 +65,8 @@ #define MAX_FUSE_PROC_DELAY 1 +#define DISABLE_SELINUX 1 + typedef struct fuse_in_header fuse_in_header_t; typedef void (fuse_handler_t) (xlator_t *this, fuse_in_header_t *finh, void *msg); @@ -107,6 +106,7 @@ struct fuse_private { pid_t client_pid; gf_boolean_t client_pid_set; + gf_boolean_t acl; }; typedef struct fuse_private fuse_private_t; -- cgit