From 4fefa3d7dbcdad1e71c74db11113ac1e74b01656 Mon Sep 17 00:00:00 2001
From: Michael Adam <obnox@samba.org>
Date: Wed, 18 Nov 2015 09:01:30 +0100
Subject: fuse: forbid only access to security.selinux xattr if not mounted
 with 'selinux'

Originally, all selinux.* xattrs were forbidden, causing
for example Samba's acl_xattr module which uses security.NTACL
to fail without the 'selinux' mount option, which is confusing
at least. This change specializes the check to the security.selinux
attribute, so other selinux.* attributes work with or without the option.

Change-Id: I9d3083123efbf403f20572cfb325a300ce2e90d9
BUG: 1283103
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-on: http://review.gluster.org/12826
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Tested-by: NetBSD Build System <jenkins@build.gluster.org>
Reviewed-by: Rajesh Joseph <rjoseph@redhat.com>
Reviewed-by: Raghavendra G <rgowdapp@redhat.com>
---
 xlators/mount/fuse/src/fuse-bridge.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'xlators')

diff --git a/xlators/mount/fuse/src/fuse-bridge.c b/xlators/mount/fuse/src/fuse-bridge.c
index dc4b934e97b..fcc77c51be9 100644
--- a/xlators/mount/fuse/src/fuse-bridge.c
+++ b/xlators/mount/fuse/src/fuse-bridge.c
@@ -3169,7 +3169,7 @@ fuse_setxattr (xlator_t *this, fuse_in_header_t *finh, void *msg)
         }
 
         if (!priv->selinux) {
-                if (strncmp (name, "security.", 9) == 0) {
+                if (strcmp (name, "security.selinux") == 0) {
                         send_fuse_err (this, finh, EOPNOTSUPP);
                         GF_FREE (finh);
                         return;
@@ -3499,7 +3499,7 @@ fuse_getxattr (xlator_t *this, fuse_in_header_t *finh, void *msg)
         }
 
         if (!priv->selinux) {
-                if (strncmp (name, "security.", 9) == 0) {
+                if (strcmp (name, "security.selinux") == 0) {
                         op_errno = ENODATA;
                         goto err;
                 }
-- 
cgit