From d3ae87fa2b10269f9619f7a36fd4a01f35448fb6 Mon Sep 17 00:00:00 2001 From: Jakob Unterwurzacher Date: Sun, 11 Nov 2018 18:04:44 +0100 Subject: [PATCH] fusefrontend: make RemoveXAttr() symlink-safe Uses /proc/self/fd on Linux. --- internal/fusefrontend/xattr.go | 15 ++++++--------- internal/fusefrontend/xattr_darwin.go | 16 +++++++++++++++- internal/fusefrontend/xattr_linux.go | 15 +++++++++++++++ 3 files changed, 36 insertions(+), 10 deletions(-) diff --git a/internal/fusefrontend/xattr.go b/internal/fusefrontend/xattr.go index b511bcf..8e88a62 100644 --- a/internal/fusefrontend/xattr.go +++ b/internal/fusefrontend/xattr.go @@ -68,21 +68,18 @@ func (fs *FS) SetXAttr(relPath string, attr string, data []byte, flags int, cont // RemoveXAttr - FUSE call. // -// TODO: Make symlink-safe. Blocker: package xattr does not provide -// fremovexattr(2). -func (fs *FS) RemoveXAttr(path string, attr string, context *fuse.Context) fuse.Status { - if fs.isFiltered(path) { +// This function is symlink-safe on Linux. +// Darwin does not have fremovexattr(2) nor /proc/self/fd. How to implement this +// on Darwin in a symlink-safe way? +func (fs *FS) RemoveXAttr(relPath string, attr string, context *fuse.Context) fuse.Status { + if fs.isFiltered(relPath) { return fuse.EPERM } if disallowedXAttrName(attr) { return _EOPNOTSUPP } - cPath, err := fs.getBackingPath(path) - if err != nil { - return fuse.ToStatus(err) - } cAttr := fs.encryptXattrName(attr) - return unpackXattrErr(xattr.LRemove(cPath, cAttr)) + return fs.removeXAttr(relPath, cAttr, context) } // ListXAttr - FUSE call. Lists extended attributes on the file at "path". diff --git a/internal/fusefrontend/xattr_darwin.go b/internal/fusefrontend/xattr_darwin.go index e605f83..f0b755f 100644 --- a/internal/fusefrontend/xattr_darwin.go +++ b/internal/fusefrontend/xattr_darwin.go @@ -18,7 +18,8 @@ func filterXattrSetFlags(flags int) int { return flags &^ xattr.XATTR_NOSECURITY } -// This function is NOT symlink-safe because Darwin lacks fgetxattr(). +// This function is NOT symlink-safe because Darwin lacks +// both fgetxattr() and /proc/self/fd. func (fs *FS) getXattr(relPath string, cAttr string, context *fuse.Context) ([]byte, fuse.Status) { cPath, err := fs.getBackingPath(relPath) if err != nil { @@ -31,6 +32,8 @@ func (fs *FS) getXattr(relPath string, cAttr string, context *fuse.Context) ([]b return cData, fuse.OK } +// This function is NOT symlink-safe because Darwin lacks +// both fsetxattr() and /proc/self/fd. func (fs *FS) setXattr(relPath string, cAttr string, cData []byte, flags int, context *fuse.Context) fuse.Status { cPath, err := fs.getBackingPath(relPath) if err != nil { @@ -39,3 +42,14 @@ func (fs *FS) setXattr(relPath string, cAttr string, cData []byte, flags int, co err = xattr.LSetWithFlags(cPath, cAttr, cData, flags) return unpackXattrErr(err) } + +// This function is NOT symlink-safe because Darwin lacks +// both fremovexattr() and /proc/self/fd. +func (fs *FS) removeXAttr(relPath string, cAttr string, context *fuse.Context) fuse.Status { + cPath, err := fs.getBackingPath(relPath) + if err != nil { + return fuse.ToStatus(err) + } + err = xattr.LRemove(cPath, cAttr) + return unpackXattrErr(err) +} diff --git a/internal/fusefrontend/xattr_linux.go b/internal/fusefrontend/xattr_linux.go index 659657d..a17b12c 100644 --- a/internal/fusefrontend/xattr_linux.go +++ b/internal/fusefrontend/xattr_linux.go @@ -84,3 +84,18 @@ func (fs *FS) setXattr(relPath string, cAttr string, cData []byte, flags int, co err := xattr.SetWithFlags(procFd(fd), cAttr, cData, flags) return unpackXattrErr(err) } + +// removeXAttr - remove encrypted xattr name "cAttr" from +// plaintext path "relPath". +// +// This function is symlink-safe on Linux by using /proc/self/fd. +func (fs *FS) removeXAttr(relPath string, cAttr string, context *fuse.Context) fuse.Status { + file, fd, status := fs.getFileFd(relPath, context) + if !status.Ok() { + return status + } + defer file.Release() + + err := xattr.Remove(procFd(fd), cAttr) + return unpackXattrErr(err) +}