LU-532 llite: trusted. xattr is invisible to non-root

[fs/lustre-release.git] / lustre / llite / xattr.c
diff --git a/lustre/llite/xattr.c b/lustre/llite/xattr.c

index 013a1b3..aaa7631 100644 (file)
--- a/lustre/llite/xattr.c
+++ b/lustre/llite/xattr.c
@@ -1,6 +1,4 @@
-/* -*- mode: c; c-basic-offset: 8; indent-tabs-mode: nil; -*-
- * vim:expandtab:shiftwidth=8:tabstop=8:
- *
+/*
   * GPL HEADER START
   *
   * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
@@ -28,6 +26,8 @@
  /*
   * Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved.
   * Use is subject to license terms.
+ *
+ * Copyright (c) 2011, 2012, Whamcloud, Inc.
   */
  /*
   * This file is part of Lustre, http://www.lustre.org/
@@ -38,6 +38,9 @@
  #include <linux/sched.h>
  #include <linux/mm.h>
  #include <linux/smp_lock.h>
+#ifdef HAVE_SELINUX_IS_ENABLED
+#include <linux/selinux.h>
+#endif
  
  #define DEBUG_SUBSYSTEM S_LLITE
  
@@ -93,6 +96,8 @@ int xattr_type_filter(struct ll_sb_info *sbi, int xattr_type)
             !(sbi->ll_flags & LL_SBI_ACL))
                  return -EOPNOTSUPP;
  
+        if (xattr_type == XATTR_SECURITY_T && !selinux_is_enabled())
+                return -EOPNOTSUPP;
          if (xattr_type == XATTR_USER_T && !(sbi->ll_flags & LL_SBI_USER_XATTR))
                  return -EOPNOTSUPP;
          if (xattr_type == XATTR_TRUSTED_T && !cfs_capable(CFS_CAP_SYS_ADMIN))
@@ -507,11 +512,31 @@ ssize_t ll_listxattr(struct dentry *dentry, char *buffer, size_t size)
          if (rc < 0)
                  GOTO(out, rc);
  
+       if (buffer != NULL) {
+               struct ll_sb_info *sbi = ll_i2sbi(inode);
+               char *xattr_name = buffer;
+               int xlen, rem = rc;
+
+               while (rem > 0) {
+                       xlen = strnlen(xattr_name, rem - 1) + 1;
+                       rem -= xlen;
+                       if (xattr_type_filter(sbi,
+                                       get_xattr_type(xattr_name)) == 0) {
+                               /* skip OK xattr type
+                                * leave it in buffer
+                                */
+                               xattr_name += xlen;
+                               continue;
+                       }
+                       /* move up remaining xattrs in buffer
+                        * removing the xattr that is not OK
+                        */
+                       memmove(xattr_name, xattr_name + xlen, rem);
+                       rc -= xlen;
+               }
+       }
          if (S_ISREG(inode->i_mode)) {
-                struct ll_inode_info *lli = ll_i2info(inode);
-                struct lov_stripe_md *lsm = NULL;
-                lsm = lli->lli_smd;
-                if (lsm == NULL)
+                if (ll_i2info(inode)->lli_smd == NULL)
                          rc2 = -1;
          } else if (S_ISDIR(inode->i_mode)) {
                  rc2 = ll_dir_getstripe(inode, &lmm, &lmmsize, &request);
@@ -524,14 +549,14 @@ ssize_t ll_listxattr(struct dentry *dentry, char *buffer, size_t size)
                  const size_t name_len   = sizeof("lov") - 1;
                  const size_t total_len  = prefix_len + name_len + 1;
  
-                if (buffer && (rc + total_len) <= size) {
-                        buffer += rc;
-                        memcpy(buffer,XATTR_LUSTRE_PREFIX, prefix_len);
-                        memcpy(buffer+prefix_len, "lov", name_len);
-                        buffer[prefix_len + name_len] = '\0';
-                }
-                rc2 = total_len;
-        }
+               if (buffer && (rc + total_len) <= size) {
+                       buffer += rc;
+                       memcpy(buffer, XATTR_LUSTRE_PREFIX, prefix_len);
+                       memcpy(buffer + prefix_len, "lov", name_len);
+                       buffer[prefix_len + name_len] = '\0';
+               }
+               rc2 = total_len;
+       }
  out:
          ptlrpc_req_finished(request);
          rc = rc + rc2;