fusefrontend: drop xattr user namespace restriction

We used to restrict setting xattrs to the "user." namespace. I don't see a real reason for this anymore, and it causes trouble for users who are using acls. Tests will be added in the next commit. https://github.com/rfjakob/gocryptfs/issues/453
2020-02-29 19:58:08 +01:00 · 2020-02-29 19:58:08 +01:00 · ca9e912a28
parent 9ec042f2f6
commit ca9e912a28
4 changed files with 0 additions and 39 deletions
--- a/internal/fusefrontend/xattr.go
+++ b/internal/fusefrontend/xattr.go
@ -27,10 +27,6 @@ func (fs *FS) GetXAttr(relPath string, attr string, context *fuse.Context) ([]by
 	if fs.isFiltered(relPath) {
 		return nil, fuse.EPERM
 	}
-	if disallowedXAttrName(attr) {
-		return nil, _EOPNOTSUPP
-	}
-
 	cAttr := fs.encryptXattrName(attr)

 	cData, status := fs.getXAttr(relPath, cAttr, context)
@ -53,10 +49,6 @@ func (fs *FS) SetXAttr(relPath string, attr string, data []byte, flags int, cont
 	if fs.isFiltered(relPath) {
 		return fuse.EPERM
 	}
-	if disallowedXAttrName(attr) {
-		return _EOPNOTSUPP
-	}
-
 	flags = filterXattrSetFlags(flags)
 	cAttr := fs.encryptXattrName(attr)
 	cData := fs.encryptXattrValue(data)
@ -70,10 +62,6 @@ func (fs *FS) RemoveXAttr(relPath string, attr string, context *fuse.Context) fu
 	if fs.isFiltered(relPath) {
 		return fuse.EPERM
 	}
-	if disallowedXAttrName(attr) {
-		return _EOPNOTSUPP
-	}
-
 	cAttr := fs.encryptXattrName(attr)
 	return fs.removeXAttr(relPath, cAttr, context)
 }
--- a/internal/fusefrontend/xattr_darwin.go
+++ b/internal/fusefrontend/xattr_darwin.go
@ -13,10 +13,6 @@ import (
 	"github.com/rfjakob/gocryptfs/internal/syscallcompat"
 )

-func disallowedXAttrName(attr string) bool {
-	return false
-}
-
 // On Darwin it is needed to unset XATTR_NOSECURITY 0x0008
 func filterXattrSetFlags(flags int) int {
 	// See https://opensource.apple.com/source/xnu/xnu-1504.15.3/bsd/sys/xattr.h.auto.html
--- a/internal/fusefrontend/xattr_linux.go
+++ b/internal/fusefrontend/xattr_linux.go
@ -5,7 +5,6 @@ package fusefrontend

 import (
 	"fmt"
-	"strings"
 	"syscall"

 	"golang.org/x/sys/unix"
@ -15,15 +14,6 @@ import (
 	"github.com/rfjakob/gocryptfs/internal/syscallcompat"
 )

-// Only allow the "user" namespace, block "trusted" and "security", as
-// these may be interpreted by the system, and we don't want to cause
-// trouble with our encrypted garbage.
-const xattrUserPrefix = "user."
-
-func disallowedXAttrName(attr string) bool {
-	return !strings.HasPrefix(attr, xattrUserPrefix)
-}
-
 func filterXattrSetFlags(flags int) int {
 	return flags
 }
--- a/internal/fusefrontend/xattr_linux_unit_test.go
+++ b/internal/fusefrontend/xattr_linux_unit_test.go
@ -1,13 +0,0 @@
-// +build linux
-
-package fusefrontend
-
-import (
-	"testing"
-)
-
-func TestDisallowedLinuxAttributes(t *testing.T) {
-	if !disallowedXAttrName("xxxx") {
-		t.Fatalf("Names that don't start with 'user.' should fail")
-	}
-}