diff options
author | Jakob Unterwurzacher | 2020-02-29 19:58:08 +0100 |
---|---|---|
committer | Jakob Unterwurzacher | 2020-02-29 20:12:43 +0100 |
commit | ca9e912a28b901387e1dbb85f6c531119f2d5ef2 (patch) | |
tree | 67fe7a623652911b524c36741f8319297f568caa /internal | |
parent | 9ec042f2f62bc95154d6c8b3215a2e7853f8f5c6 (diff) |
fusefrontend: drop xattr user namespace restriction
We used to restrict setting xattrs to the "user."
namespace. I don't see a real reason for this
anymore, and it causes trouble for users who are using
acls.
Tests will be added in the next commit.
https://github.com/rfjakob/gocryptfs/issues/453
Diffstat (limited to 'internal')
-rw-r--r-- | internal/fusefrontend/xattr.go | 12 | ||||
-rw-r--r-- | internal/fusefrontend/xattr_darwin.go | 4 | ||||
-rw-r--r-- | internal/fusefrontend/xattr_linux.go | 10 | ||||
-rw-r--r-- | internal/fusefrontend/xattr_linux_unit_test.go | 13 |
4 files changed, 0 insertions, 39 deletions
diff --git a/internal/fusefrontend/xattr.go b/internal/fusefrontend/xattr.go index 20e8db7..96a0372 100644 --- a/internal/fusefrontend/xattr.go +++ b/internal/fusefrontend/xattr.go @@ -27,10 +27,6 @@ func (fs *FS) GetXAttr(relPath string, attr string, context *fuse.Context) ([]by if fs.isFiltered(relPath) { return nil, fuse.EPERM } - if disallowedXAttrName(attr) { - return nil, _EOPNOTSUPP - } - cAttr := fs.encryptXattrName(attr) cData, status := fs.getXAttr(relPath, cAttr, context) @@ -53,10 +49,6 @@ func (fs *FS) SetXAttr(relPath string, attr string, data []byte, flags int, cont if fs.isFiltered(relPath) { return fuse.EPERM } - if disallowedXAttrName(attr) { - return _EOPNOTSUPP - } - flags = filterXattrSetFlags(flags) cAttr := fs.encryptXattrName(attr) cData := fs.encryptXattrValue(data) @@ -70,10 +62,6 @@ func (fs *FS) RemoveXAttr(relPath string, attr string, context *fuse.Context) fu if fs.isFiltered(relPath) { return fuse.EPERM } - if disallowedXAttrName(attr) { - return _EOPNOTSUPP - } - cAttr := fs.encryptXattrName(attr) return fs.removeXAttr(relPath, cAttr, context) } diff --git a/internal/fusefrontend/xattr_darwin.go b/internal/fusefrontend/xattr_darwin.go index 741eb6c..b690cc0 100644 --- a/internal/fusefrontend/xattr_darwin.go +++ b/internal/fusefrontend/xattr_darwin.go @@ -13,10 +13,6 @@ import ( "github.com/rfjakob/gocryptfs/internal/syscallcompat" ) -func disallowedXAttrName(attr string) bool { - return false -} - // On Darwin it is needed to unset XATTR_NOSECURITY 0x0008 func filterXattrSetFlags(flags int) int { // See https://opensource.apple.com/source/xnu/xnu-1504.15.3/bsd/sys/xattr.h.auto.html diff --git a/internal/fusefrontend/xattr_linux.go b/internal/fusefrontend/xattr_linux.go index 3a64412..b43dfee 100644 --- a/internal/fusefrontend/xattr_linux.go +++ b/internal/fusefrontend/xattr_linux.go @@ -5,7 +5,6 @@ package fusefrontend import ( "fmt" - "strings" "syscall" "golang.org/x/sys/unix" @@ -15,15 +14,6 @@ import ( "github.com/rfjakob/gocryptfs/internal/syscallcompat" ) -// Only allow the "user" namespace, block "trusted" and "security", as -// these may be interpreted by the system, and we don't want to cause -// trouble with our encrypted garbage. -const xattrUserPrefix = "user." - -func disallowedXAttrName(attr string) bool { - return !strings.HasPrefix(attr, xattrUserPrefix) -} - func filterXattrSetFlags(flags int) int { return flags } diff --git a/internal/fusefrontend/xattr_linux_unit_test.go b/internal/fusefrontend/xattr_linux_unit_test.go deleted file mode 100644 index 5fea58b..0000000 --- a/internal/fusefrontend/xattr_linux_unit_test.go +++ /dev/null @@ -1,13 +0,0 @@ -// +build linux - -package fusefrontend - -import ( - "testing" -) - -func TestDisallowedLinuxAttributes(t *testing.T) { - if !disallowedXAttrName("xxxx") { - t.Fatalf("Names that don't start with 'user.' should fail") - } -} |