aboutsummaryrefslogtreecommitdiff
path: root/internal
diff options
context:
space:
mode:
authorJakob Unterwurzacher2018-06-12 21:07:00 +0200
committerJakob Unterwurzacher2018-06-12 23:05:53 +0200
commitbfa50517e9b0b3afe98084cc9ba105caba45b540 (patch)
tree7abb65c768b7c380283a7ac0ff16c2badb0d4832 /internal
parentbde7ba57b06eb46f8901454e12524a74a8c3b6e8 (diff)
xattr: return EOPNOTSUPP instead of ENODATA in GetXattr
Reading system.posix_acl_access and system.posix_acl_default should return EOPNOTSUPP to inform user-space that we do not support ACLs. xftestest essientially does chacl -l | grep "Operation not supported" to determine if the filesystem supports ACLs, and used to wrongly believe that gocryptfs does.
Diffstat (limited to 'internal')
-rw-r--r--internal/fusefrontend/xattr.go9
1 files changed, 4 insertions, 5 deletions
diff --git a/internal/fusefrontend/xattr.go b/internal/fusefrontend/xattr.go
index 9300fe8..2bbdf41 100644
--- a/internal/fusefrontend/xattr.go
+++ b/internal/fusefrontend/xattr.go
@@ -13,7 +13,10 @@ import (
"github.com/rfjakob/gocryptfs/internal/tlog"
)
+const _EOPNOTSUPP = fuse.Status(syscall.EOPNOTSUPP)
+
// xattr names are encrypted like file names, but with a fixed IV.
+// Padded with "_xx" for length 16.
var xattrNameIV = []byte("xattr_name_iv_xx")
// We store encrypted xattrs under this prefix plus the base64-encoded
@@ -27,9 +30,7 @@ func (fs *FS) GetXAttr(path string, attr string, context *fuse.Context) ([]byte,
return nil, fuse.EPERM
}
if disallowedXAttrName(attr) {
- // "ls -l" queries security.selinux, system.posix_acl_access, system.posix_acl_default
- // and throws error messages if it gets something else than ENODATA.
- return nil, fuse.ENODATA
+ return nil, _EOPNOTSUPP
}
cAttr := fs.encryptXattrName(attr)
cPath, err := fs.getBackingPath(path)
@@ -48,8 +49,6 @@ func (fs *FS) GetXAttr(path string, attr string, context *fuse.Context) ([]byte,
return data, fuse.OK
}
-const _EOPNOTSUPP = fuse.Status(syscall.EOPNOTSUPP)
-
// SetXAttr implements pathfs.Filesystem.
func (fs *FS) SetXAttr(path string, attr string, data []byte, flags int, context *fuse.Context) fuse.Status {
if fs.isFiltered(path) {