From c3adf9729de82bba52405e9f20f235b6a009308f Mon Sep 17 00:00:00 2001 From: Jakob Unterwurzacher Date: Sun, 11 Nov 2018 18:27:37 +0100 Subject: fusefrontend: make ListXAttr symlink-safe on Linux Uses /proc/self/fd. --- internal/fusefrontend/xattr.go | 21 +++++++++------------ internal/fusefrontend/xattr_darwin.go | 14 ++++++++++++++ internal/fusefrontend/xattr_linux.go | 24 ++++++++++++++++++++++++ 3 files changed, 47 insertions(+), 12 deletions(-) diff --git a/internal/fusefrontend/xattr.go b/internal/fusefrontend/xattr.go index 8e88a62..816754c 100644 --- a/internal/fusefrontend/xattr.go +++ b/internal/fusefrontend/xattr.go @@ -82,21 +82,18 @@ func (fs *FS) RemoveXAttr(relPath string, attr string, context *fuse.Context) fu return fs.removeXAttr(relPath, cAttr, context) } -// ListXAttr - FUSE call. Lists extended attributes on the file at "path". +// ListXAttr - FUSE call. Lists extended attributes on the file at "relPath". // -// TODO: Make symlink-safe. Blocker: package xattr does not provide -// flistxattr(2). -func (fs *FS) ListXAttr(path string, context *fuse.Context) ([]string, fuse.Status) { - if fs.isFiltered(path) { +// This function is symlink-safe on Linux. +// Darwin does not have flistxattr(2) nor /proc/self/fd. How to implement this +// on Darwin in a symlink-safe way? +func (fs *FS) ListXAttr(relPath string, context *fuse.Context) ([]string, fuse.Status) { + if fs.isFiltered(relPath) { return nil, fuse.EPERM } - cPath, err := fs.getBackingPath(path) - if err != nil { - return nil, fuse.ToStatus(err) - } - cNames, err := xattr.LList(cPath) - if err != nil { - return nil, unpackXattrErr(err) + cNames, status := fs.listXAttr(relPath, context) + if !status.Ok() { + return nil, status } names := make([]string, 0, len(cNames)) for _, curName := range cNames { diff --git a/internal/fusefrontend/xattr_darwin.go b/internal/fusefrontend/xattr_darwin.go index f0b755f..ad81320 100644 --- a/internal/fusefrontend/xattr_darwin.go +++ b/internal/fusefrontend/xattr_darwin.go @@ -53,3 +53,17 @@ func (fs *FS) removeXAttr(relPath string, cAttr string, context *fuse.Context) f err = xattr.LRemove(cPath, cAttr) return unpackXattrErr(err) } + +// This function is NOT symlink-safe because Darwin lacks +// both flistxattr() and /proc/self/fd. +func (fs *FS) listXAttr(relPath string, context *fuse.Context) ([]string, fuse.Status) { + cPath, err := fs.getBackingPath(relPath) + if err != nil { + return nil, fuse.ToStatus(err) + } + cNames, err := xattr.LList(cPath) + if err != nil { + return nil, unpackXattrErr(err) + } + return cNames, fuse.OK +} diff --git a/internal/fusefrontend/xattr_linux.go b/internal/fusefrontend/xattr_linux.go index a17b12c..915713d 100644 --- a/internal/fusefrontend/xattr_linux.go +++ b/internal/fusefrontend/xattr_linux.go @@ -99,3 +99,27 @@ func (fs *FS) removeXAttr(relPath string, cAttr string, context *fuse.Context) f err := xattr.Remove(procFd(fd), cAttr) return unpackXattrErr(err) } + +// listXAttr - list encrypted xattr names on plaintext path "relPath". +// +// This function is symlink-safe on Linux by using /proc/self/fd. +func (fs *FS) listXAttr(relPath string, context *fuse.Context) ([]string, fuse.Status) { + file, fd, status := fs.getFileFd(relPath, context) + if !status.Ok() { + // If relPath is a symlink, getFileFd fails with ELOOP. As setXattr() + // also fails with ELOOP, there is no way to set xattrs on symlinks, + // and we can assume that the file does not have any. + if status == fuse.Status(syscall.ELOOP) { + return nil, fuse.OK + } + return nil, status + } + defer file.Release() + + cNames, err := xattr.List(procFd(fd)) + if err != nil { + status := unpackXattrErr(err) + return nil, status + } + return cNames, fuse.OK +} -- cgit v1.2.3