aboutsummaryrefslogtreecommitdiff
path: root/tools/virtiofsd
diff options
context:
space:
mode:
authorVivek Goyal <vgoyal@redhat.com>2021-09-22 15:02:01 -0400
committerDr. David Alan Gilbert <dgilbert@redhat.com>2021-10-25 18:48:23 +0100
commit5afc8df46cdf1a10fc44d43208cf449357009d2a (patch)
treeadbfdc1ac3e6da7cf9bdb05756578c43973e5490 /tools/virtiofsd
parentc5b2f559814104f4145f8bc310f4d33c7ead8f49 (diff)
virtiofsd: xattr mapping add a new type "unsupported"
Right now for xattr remapping, we support types of "prefix", "ok" or "bad". Type "bad" returns -EPERM on setxattr and hides xattr in listxattr. For getxattr, mapping code returns -EPERM but getxattr code converts it to -ENODATA. I need a new semantics where if an xattr is unsupported, then getxattr()/setxattr() return -ENOTSUP and listxattr() should hide the xattr. This is needed to simulate that security.selinux is not supported by virtiofs filesystem and in that case client falls back to some default label specified by policy. So add a new type "unsupported" which returns -ENOTSUP on getxattr() and setxattr() and hides xattrs in listxattr(). For example, one can use following mapping rule to not support security.selinux xattr and allow others. "-o xattrmap=/unsupported/all/security.selinux/security.selinux//ok/all///" Suggested-by: "Dr. David Alan Gilbert" <dgilbert@redhat.com> Signed-off-by: Vivek Goyal <vgoyal@redhat.com> Message-Id: <YUt9qbmgAfCFfg5t@redhat.com> Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com> Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Diffstat (limited to 'tools/virtiofsd')
-rw-r--r--tools/virtiofsd/passthrough_ll.c17
1 files changed, 14 insertions, 3 deletions
diff --git a/tools/virtiofsd/passthrough_ll.c b/tools/virtiofsd/passthrough_ll.c
index 38b2af8599..64b5b4fbb1 100644
--- a/tools/virtiofsd/passthrough_ll.c
+++ b/tools/virtiofsd/passthrough_ll.c
@@ -2465,6 +2465,11 @@ static void lo_flock(fuse_req_t req, fuse_ino_t ino, struct fuse_file_info *fi,
* Automatically reversed on read
*/
#define XATTR_MAP_FLAG_PREFIX (1 << 2)
+/*
+ * The attribute is unsupported;
+ * ENOTSUP on write, hidden on read.
+ */
+#define XATTR_MAP_FLAG_UNSUPPORTED (1 << 3)
/* scopes */
/* Apply rule to get/set/remove */
@@ -2636,6 +2641,8 @@ static void parse_xattrmap(struct lo_data *lo)
tmp_entry.flags |= XATTR_MAP_FLAG_OK;
} else if (strstart(map, "bad", &map)) {
tmp_entry.flags |= XATTR_MAP_FLAG_BAD;
+ } else if (strstart(map, "unsupported", &map)) {
+ tmp_entry.flags |= XATTR_MAP_FLAG_UNSUPPORTED;
} else if (strstart(map, "map", &map)) {
/*
* map is sugar that adds a number of rules, and must be
@@ -2646,8 +2653,8 @@ static void parse_xattrmap(struct lo_data *lo)
} else {
fuse_log(FUSE_LOG_ERR,
"%s: Unexpected type;"
- "Expecting 'prefix', 'ok', 'bad' or 'map' in rule %zu\n",
- __func__, lo->xattr_map_nentries);
+ "Expecting 'prefix', 'ok', 'bad', 'unsupported' or 'map'"
+ " in rule %zu\n", __func__, lo->xattr_map_nentries);
exit(1);
}
@@ -2749,6 +2756,9 @@ static int xattr_map_client(const struct lo_data *lo, const char *client_name,
if (cur_entry->flags & XATTR_MAP_FLAG_BAD) {
return -EPERM;
}
+ if (cur_entry->flags & XATTR_MAP_FLAG_UNSUPPORTED) {
+ return -ENOTSUP;
+ }
if (cur_entry->flags & XATTR_MAP_FLAG_OK) {
/* Unmodified name */
return 0;
@@ -2788,7 +2798,8 @@ static int xattr_map_server(const struct lo_data *lo, const char *server_name,
if ((cur_entry->flags & XATTR_MAP_FLAG_SERVER) &&
(strstart(server_name, cur_entry->prepend, &end))) {
- if (cur_entry->flags & XATTR_MAP_FLAG_BAD) {
+ if (cur_entry->flags & XATTR_MAP_FLAG_BAD ||
+ cur_entry->flags & XATTR_MAP_FLAG_UNSUPPORTED) {
return -ENODATA;
}
if (cur_entry->flags & XATTR_MAP_FLAG_OK) {