From ca9e912a28b901387e1dbb85f6c531119f2d5ef2 Mon Sep 17 00:00:00 2001 From: Jakob Unterwurzacher Date: Sat, 29 Feb 2020 19:58:08 +0100 Subject: fusefrontend: drop xattr user namespace restriction We used to restrict setting xattrs to the "user." namespace. I don't see a real reason for this anymore, and it causes trouble for users who are using acls. Tests will be added in the next commit. https://github.com/rfjakob/gocryptfs/issues/453 --- internal/fusefrontend/xattr.go | 12 ------------ internal/fusefrontend/xattr_darwin.go | 4 ---- internal/fusefrontend/xattr_linux.go | 10 ---------- internal/fusefrontend/xattr_linux_unit_test.go | 13 ------------- 4 files changed, 39 deletions(-) delete mode 100644 internal/fusefrontend/xattr_linux_unit_test.go diff --git a/internal/fusefrontend/xattr.go b/internal/fusefrontend/xattr.go index 20e8db7..96a0372 100644 --- a/internal/fusefrontend/xattr.go +++ b/internal/fusefrontend/xattr.go @@ -27,10 +27,6 @@ func (fs *FS) GetXAttr(relPath string, attr string, context *fuse.Context) ([]by if fs.isFiltered(relPath) { return nil, fuse.EPERM } - if disallowedXAttrName(attr) { - return nil, _EOPNOTSUPP - } - cAttr := fs.encryptXattrName(attr) cData, status := fs.getXAttr(relPath, cAttr, context) @@ -53,10 +49,6 @@ func (fs *FS) SetXAttr(relPath string, attr string, data []byte, flags int, cont if fs.isFiltered(relPath) { return fuse.EPERM } - if disallowedXAttrName(attr) { - return _EOPNOTSUPP - } - flags = filterXattrSetFlags(flags) cAttr := fs.encryptXattrName(attr) cData := fs.encryptXattrValue(data) @@ -70,10 +62,6 @@ func (fs *FS) RemoveXAttr(relPath string, attr string, context *fuse.Context) fu if fs.isFiltered(relPath) { return fuse.EPERM } - if disallowedXAttrName(attr) { - return _EOPNOTSUPP - } - cAttr := fs.encryptXattrName(attr) return fs.removeXAttr(relPath, cAttr, context) } diff --git a/internal/fusefrontend/xattr_darwin.go b/internal/fusefrontend/xattr_darwin.go index 741eb6c..b690cc0 100644 --- a/internal/fusefrontend/xattr_darwin.go +++ b/internal/fusefrontend/xattr_darwin.go @@ -13,10 +13,6 @@ import ( "github.com/rfjakob/gocryptfs/internal/syscallcompat" ) -func disallowedXAttrName(attr string) bool { - return false -} - // On Darwin it is needed to unset XATTR_NOSECURITY 0x0008 func filterXattrSetFlags(flags int) int { // See https://opensource.apple.com/source/xnu/xnu-1504.15.3/bsd/sys/xattr.h.auto.html diff --git a/internal/fusefrontend/xattr_linux.go b/internal/fusefrontend/xattr_linux.go index 3a64412..b43dfee 100644 --- a/internal/fusefrontend/xattr_linux.go +++ b/internal/fusefrontend/xattr_linux.go @@ -5,7 +5,6 @@ package fusefrontend import ( "fmt" - "strings" "syscall" "golang.org/x/sys/unix" @@ -15,15 +14,6 @@ import ( "github.com/rfjakob/gocryptfs/internal/syscallcompat" ) -// Only allow the "user" namespace, block "trusted" and "security", as -// these may be interpreted by the system, and we don't want to cause -// trouble with our encrypted garbage. -const xattrUserPrefix = "user." - -func disallowedXAttrName(attr string) bool { - return !strings.HasPrefix(attr, xattrUserPrefix) -} - func filterXattrSetFlags(flags int) int { return flags } diff --git a/internal/fusefrontend/xattr_linux_unit_test.go b/internal/fusefrontend/xattr_linux_unit_test.go deleted file mode 100644 index 5fea58b..0000000 --- a/internal/fusefrontend/xattr_linux_unit_test.go +++ /dev/null @@ -1,13 +0,0 @@ -// +build linux - -package fusefrontend - -import ( - "testing" -) - -func TestDisallowedLinuxAttributes(t *testing.T) { - if !disallowedXAttrName("xxxx") { - t.Fatalf("Names that don't start with 'user.' should fail") - } -} -- cgit v1.2.3