From bfa50517e9b0b3afe98084cc9ba105caba45b540 Mon Sep 17 00:00:00 2001 From: Jakob Unterwurzacher Date: Tue, 12 Jun 2018 21:07:00 +0200 Subject: xattr: return EOPNOTSUPP instead of ENODATA in GetXattr Reading system.posix_acl_access and system.posix_acl_default should return EOPNOTSUPP to inform user-space that we do not support ACLs. xftestest essientially does chacl -l | grep "Operation not supported" to determine if the filesystem supports ACLs, and used to wrongly believe that gocryptfs does. --- internal/fusefrontend/xattr.go | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/internal/fusefrontend/xattr.go b/internal/fusefrontend/xattr.go index 9300fe8..2bbdf41 100644 --- a/internal/fusefrontend/xattr.go +++ b/internal/fusefrontend/xattr.go @@ -13,7 +13,10 @@ import ( "github.com/rfjakob/gocryptfs/internal/tlog" ) +const _EOPNOTSUPP = fuse.Status(syscall.EOPNOTSUPP) + // xattr names are encrypted like file names, but with a fixed IV. +// Padded with "_xx" for length 16. var xattrNameIV = []byte("xattr_name_iv_xx") // We store encrypted xattrs under this prefix plus the base64-encoded @@ -27,9 +30,7 @@ func (fs *FS) GetXAttr(path string, attr string, context *fuse.Context) ([]byte, return nil, fuse.EPERM } if disallowedXAttrName(attr) { - // "ls -l" queries security.selinux, system.posix_acl_access, system.posix_acl_default - // and throws error messages if it gets something else than ENODATA. - return nil, fuse.ENODATA + return nil, _EOPNOTSUPP } cAttr := fs.encryptXattrName(attr) cPath, err := fs.getBackingPath(path) @@ -48,8 +49,6 @@ func (fs *FS) GetXAttr(path string, attr string, context *fuse.Context) ([]byte, return data, fuse.OK } -const _EOPNOTSUPP = fuse.Status(syscall.EOPNOTSUPP) - // SetXAttr implements pathfs.Filesystem. func (fs *FS) SetXAttr(path string, attr string, data []byte, flags int, context *fuse.Context) fuse.Status { if fs.isFiltered(path) { -- cgit v1.2.3