fusefrontend: drop xattr user namespace restriction

We used to restrict setting xattrs to the "user."
namespace. I don't see a real reason for this
anymore, and it causes trouble for users who are using
acls.

Tests will be added in the next commit.

https://github.com/rfjakob/gocryptfs/issues/453
This commit is contained in:
Jakob Unterwurzacher 2020-02-29 19:58:08 +01:00
parent 9ec042f2f6
commit ca9e912a28
4 changed files with 0 additions and 39 deletions

View File

@ -27,10 +27,6 @@ func (fs *FS) GetXAttr(relPath string, attr string, context *fuse.Context) ([]by
if fs.isFiltered(relPath) {
return nil, fuse.EPERM
}
if disallowedXAttrName(attr) {
return nil, _EOPNOTSUPP
}
cAttr := fs.encryptXattrName(attr)
cData, status := fs.getXAttr(relPath, cAttr, context)
@ -53,10 +49,6 @@ func (fs *FS) SetXAttr(relPath string, attr string, data []byte, flags int, cont
if fs.isFiltered(relPath) {
return fuse.EPERM
}
if disallowedXAttrName(attr) {
return _EOPNOTSUPP
}
flags = filterXattrSetFlags(flags)
cAttr := fs.encryptXattrName(attr)
cData := fs.encryptXattrValue(data)
@ -70,10 +62,6 @@ func (fs *FS) RemoveXAttr(relPath string, attr string, context *fuse.Context) fu
if fs.isFiltered(relPath) {
return fuse.EPERM
}
if disallowedXAttrName(attr) {
return _EOPNOTSUPP
}
cAttr := fs.encryptXattrName(attr)
return fs.removeXAttr(relPath, cAttr, context)
}

View File

@ -13,10 +13,6 @@ import (
"github.com/rfjakob/gocryptfs/internal/syscallcompat"
)
func disallowedXAttrName(attr string) bool {
return false
}
// On Darwin it is needed to unset XATTR_NOSECURITY 0x0008
func filterXattrSetFlags(flags int) int {
// See https://opensource.apple.com/source/xnu/xnu-1504.15.3/bsd/sys/xattr.h.auto.html

View File

@ -5,7 +5,6 @@ package fusefrontend
import (
"fmt"
"strings"
"syscall"
"golang.org/x/sys/unix"
@ -15,15 +14,6 @@ import (
"github.com/rfjakob/gocryptfs/internal/syscallcompat"
)
// Only allow the "user" namespace, block "trusted" and "security", as
// these may be interpreted by the system, and we don't want to cause
// trouble with our encrypted garbage.
const xattrUserPrefix = "user."
func disallowedXAttrName(attr string) bool {
return !strings.HasPrefix(attr, xattrUserPrefix)
}
func filterXattrSetFlags(flags int) int {
return flags
}

View File

@ -1,13 +0,0 @@
// +build linux
package fusefrontend
import (
"testing"
)
func TestDisallowedLinuxAttributes(t *testing.T) {
if !disallowedXAttrName("xxxx") {
t.Fatalf("Names that don't start with 'user.' should fail")
}
}