summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJakob Unterwurzacher2020-02-29 19:58:08 +0100
committerJakob Unterwurzacher2020-02-29 20:12:43 +0100
commitca9e912a28b901387e1dbb85f6c531119f2d5ef2 (patch)
tree67fe7a623652911b524c36741f8319297f568caa
parent9ec042f2f62bc95154d6c8b3215a2e7853f8f5c6 (diff)
fusefrontend: drop xattr user namespace restriction
We used to restrict setting xattrs to the "user." namespace. I don't see a real reason for this anymore, and it causes trouble for users who are using acls. Tests will be added in the next commit. https://github.com/rfjakob/gocryptfs/issues/453
-rw-r--r--internal/fusefrontend/xattr.go12
-rw-r--r--internal/fusefrontend/xattr_darwin.go4
-rw-r--r--internal/fusefrontend/xattr_linux.go10
-rw-r--r--internal/fusefrontend/xattr_linux_unit_test.go13
4 files changed, 0 insertions, 39 deletions
diff --git a/internal/fusefrontend/xattr.go b/internal/fusefrontend/xattr.go
index 20e8db7..96a0372 100644
--- a/internal/fusefrontend/xattr.go
+++ b/internal/fusefrontend/xattr.go
@@ -27,10 +27,6 @@ func (fs *FS) GetXAttr(relPath string, attr string, context *fuse.Context) ([]by
if fs.isFiltered(relPath) {
return nil, fuse.EPERM
}
- if disallowedXAttrName(attr) {
- return nil, _EOPNOTSUPP
- }
-
cAttr := fs.encryptXattrName(attr)
cData, status := fs.getXAttr(relPath, cAttr, context)
@@ -53,10 +49,6 @@ func (fs *FS) SetXAttr(relPath string, attr string, data []byte, flags int, cont
if fs.isFiltered(relPath) {
return fuse.EPERM
}
- if disallowedXAttrName(attr) {
- return _EOPNOTSUPP
- }
-
flags = filterXattrSetFlags(flags)
cAttr := fs.encryptXattrName(attr)
cData := fs.encryptXattrValue(data)
@@ -70,10 +62,6 @@ func (fs *FS) RemoveXAttr(relPath string, attr string, context *fuse.Context) fu
if fs.isFiltered(relPath) {
return fuse.EPERM
}
- if disallowedXAttrName(attr) {
- return _EOPNOTSUPP
- }
-
cAttr := fs.encryptXattrName(attr)
return fs.removeXAttr(relPath, cAttr, context)
}
diff --git a/internal/fusefrontend/xattr_darwin.go b/internal/fusefrontend/xattr_darwin.go
index 741eb6c..b690cc0 100644
--- a/internal/fusefrontend/xattr_darwin.go
+++ b/internal/fusefrontend/xattr_darwin.go
@@ -13,10 +13,6 @@ import (
"github.com/rfjakob/gocryptfs/internal/syscallcompat"
)
-func disallowedXAttrName(attr string) bool {
- return false
-}
-
// On Darwin it is needed to unset XATTR_NOSECURITY 0x0008
func filterXattrSetFlags(flags int) int {
// See https://opensource.apple.com/source/xnu/xnu-1504.15.3/bsd/sys/xattr.h.auto.html
diff --git a/internal/fusefrontend/xattr_linux.go b/internal/fusefrontend/xattr_linux.go
index 3a64412..b43dfee 100644
--- a/internal/fusefrontend/xattr_linux.go
+++ b/internal/fusefrontend/xattr_linux.go
@@ -5,7 +5,6 @@ package fusefrontend
import (
"fmt"
- "strings"
"syscall"
"golang.org/x/sys/unix"
@@ -15,15 +14,6 @@ import (
"github.com/rfjakob/gocryptfs/internal/syscallcompat"
)
-// Only allow the "user" namespace, block "trusted" and "security", as
-// these may be interpreted by the system, and we don't want to cause
-// trouble with our encrypted garbage.
-const xattrUserPrefix = "user."
-
-func disallowedXAttrName(attr string) bool {
- return !strings.HasPrefix(attr, xattrUserPrefix)
-}
-
func filterXattrSetFlags(flags int) int {
return flags
}
diff --git a/internal/fusefrontend/xattr_linux_unit_test.go b/internal/fusefrontend/xattr_linux_unit_test.go
deleted file mode 100644
index 5fea58b..0000000
--- a/internal/fusefrontend/xattr_linux_unit_test.go
+++ /dev/null
@@ -1,13 +0,0 @@
-// +build linux
-
-package fusefrontend
-
-import (
- "testing"
-)
-
-func TestDisallowedLinuxAttributes(t *testing.T) {
- if !disallowedXAttrName("xxxx") {
- t.Fatalf("Names that don't start with 'user.' should fail")
- }
-}