andy/glusterfs
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

fuse: introduce "noacl" option to disable ACL checks

Browse Source 
Signed-off-by: Anand Avati <avati@gluster.com>

BUG: 2815 (Server-enforced ACLs)
URL: http://bugs.gluster.com/cgi-bin/bugzilla3/show_bug.cgi?id=2815
This commit is contained in:
Anand Avati 2011-07-08 03:23:08 +00:00
parent 8af1177029
commit 54aaf46e5b
2 changed files with 51 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

56
xlators/mount/fuse/src/fuse-bridge.c
View File

@ -2329,11 +2329,14 @@ fuse_setxattr (xlator_t *this, fuse_in_header_t *finh, void *msg)
struct fuse_setxattr_in *fsi = msg;
char *name = (char *)(fsi + 1);
char *value = name + strlen (name) + 1;
struct fuse_private *priv = NULL;
fuse_state_t *state = NULL;
char *dict_value = NULL;
int32_t ret = -1;
priv = this->private;
#ifdef GF_DARWIN_HOST_OS
if (fsi->position) {
gf_log ("glusterfs-fuse", GF_LOG_WARNING,
@ -2346,8 +2349,17 @@ fuse_setxattr (xlator_t *this, fuse_in_header_t *finh, void *msg)
}
#endif
#ifdef DISABLE_POSIX_ACL
if (!strncmp (name, "system.", 7)) {
if (!priv->acl) {
if ((strcmp (name, "system.posix_acl_access") == 0) ||
(strcmp (name, "system.posix_acl_default") == 0)) {
send_fuse_err (this, finh, EOPNOTSUPP);
GF_FREE (finh);
return;
}
}
#ifdef DISABLE_SELINUX
if (!strncmp (name, "security.", 9)) {
send_fuse_err (this, finh, EOPNOTSUPP);
GF_FREE (finh);
return;
@ -2540,6 +2552,9 @@ fuse_getxattr (xlator_t *this, fuse_in_header_t *finh, void *msg)
fuse_state_t *state = NULL;
int32_t ret = -1;
struct fuse_private *priv = NULL;
priv = this->private;
#ifdef GF_DARWIN_HOST_OS
if (fgxi->position) {
@ -2561,8 +2576,17 @@ fuse_getxattr (xlator_t *this, fuse_in_header_t *finh, void *msg)
}
#endif
#ifdef DISABLE_POSIX_ACL
if (!strncmp (name, "system.", 7)) {
if (!priv->acl) {
if ((strcmp (name, "system.posix_acl_access") == 0) ||
(strcmp (name, "system.posix_acl_default") == 0)) {
send_fuse_err (this, finh, ENOTSUP);
GF_FREE (finh);
return;
}
}
#ifdef DISABLE_SELINUX
if (!strncmp (name, "security.", 9)) {
send_fuse_err (this, finh, ENODATA);
GF_FREE (finh);
return;
@ -3589,6 +3613,14 @@ init (xlator_t *this_xl)
GF_ASSERT (ret == 0);
}
priv->acl = 0;
ret = dict_get_str (options, "acl", &value_string);
if (ret == 0) {
ret = gf_string2boolean (value_string, &priv->acl);
GF_ASSERT (ret == 0);
}
priv->fuse_dump_fd = -1;
ret = dict_get_str (options, "dump-fuse", &value_string);
if (ret == 0) {
@ -3638,10 +3670,18 @@ init (xlator_t *this_xl)
fsname = "glusterfs";
priv->fd = gf_fuse_mount (priv->mount_point, fsname,
"allow_other,default_permissions,"
"max_read=131072",
sync_mtab ? &ctx->mtab_pid : NULL);
if (priv->acl) {
priv->fd = gf_fuse_mount (priv->mount_point, fsname,
"allow_other,"
"max_read=131072",
sync_mtab ? &ctx->mtab_pid : NULL);
} else {
priv->fd = gf_fuse_mount (priv->mount_point, fsname,
"allow_other,default_permissions,"
"max_read=131072",
sync_mtab ? &ctx->mtab_pid : NULL);
}
if (priv->fd == -1)
goto cleanup_exit;

6
xlators/mount/fuse/src/fuse-bridge.h
View File

@ -55,9 +55,6 @@
#include "list.h"
#include "dict.h"
/* TODO: when supporting posix acl, remove this definition */
#define DISABLE_POSIX_ACL
#if defined(GF_LINUX_HOST_OS) || defined(__NetBSD__)
#define FUSE_OP_HIGH (FUSE_POLL + 1)
#endif
@ -68,6 +65,8 @@
#define MAX_FUSE_PROC_DELAY 1
#define DISABLE_SELINUX 1
typedef struct fuse_in_header fuse_in_header_t;
typedef void (fuse_handler_t) (xlator_t *this, fuse_in_header_t *finh,
void *msg);
@ -107,6 +106,7 @@ struct fuse_private {
pid_t client_pid;
gf_boolean_t client_pid_set;
gf_boolean_t acl;
};
typedef struct fuse_private fuse_private_t;