Bug 1459971

Summary: posix-acl: Whitelist virtual ACL xattrs
Product: [Community] GlusterFS Reporter: Soumya Koduri <skoduri>
Component: posix-aclAssignee: Soumya Koduri <skoduri>
Status: CLOSED CURRENTRELEASE QA Contact:
Severity: high Docs Contact:
Priority: unspecified    
Version: mainlineCC: bugs
Target Milestone: ---Keywords: Triaged
Target Release: ---   
Hardware: All   
OS: All   
Whiteboard:
Fixed In Version: glusterfs-3.12.0 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
: 1459972 1460649 1460650 (view as bug list) Environment:
Last Closed: 2017-09-05 17:33:35 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1459972, 1460647, 1460649, 1460650    

Description Soumya Koduri 2017-06-08 17:21:51 UTC 
Description of problem:

Similar to system.posix_acl_* xattrs, all users should be able to read virtual acl xattrs too (glusterfs.posix-acl-*). 

Otherwise it shall result in EACCESS error when any non-root user is trying to ACL of any file created under gluster volume.

Version-Release number of selected component (if applicable):


How reproducible:
Always


Steps to Reproduce:
1. Start NFS-ganesha using a non-root user
2. Export a volume via NFS-Ganesha
3. Mount the volume using NFSv4
4. Try to read/get acl.


Actual results:
It results in "Permission denied" error.

Expected results:
All users should be able to read POSIX ACLs for any file.

Additional info:
Comment 1 Worker Ant 2017-06-08 17:28:48 UTC 
REVIEW: https://review.gluster.org/17493 (posix-acl: Whitelist virtual ACL xattrs) posted (#1) for review on master by soumya k (skoduri)
Comment 2 Worker Ant 2017-06-09 11:10:05 UTC 
COMMIT: https://review.gluster.org/17493 committed in master by Niels de Vos (ndevos) 
------
commit 68f2192df570b5ee615d440c2e0c88d49a75a34f
Author: Soumya Koduri <skoduri>
Date:   Thu Jun 8 22:19:17 2017 +0530

    posix-acl: Whitelist virtual ACL xattrs
    
    Similar to system.posix_acl_* xattrs, all users should get
    permission to be able to read glusterfs.posix.acl* xattrs too.
    
    Change-Id: I1fc2b67c8a12113910e4ec57cd114e4baefe0d38
    BUG: 1459971
    Signed-off-by: Soumya Koduri <skoduri>
    Reviewed-on: https://review.gluster.org/17493
    Smoke: Gluster Build System <jenkins.org>
    Reviewed-by: jiffin tony Thottan <jthottan>
    NetBSD-regression: NetBSD Build System <jenkins.org>
    CentOS-regression: Gluster Build System <jenkins.org>
    Reviewed-by: Raghavendra Talur <rtalur>
    Reviewed-by: Niels de Vos <ndevos>
Comment 3 Shyamsundar 2017-09-05 17:33:35 UTC 
This bug is getting closed because a release has been made available that should address the reported issue. In case the problem is still not fixed with glusterfs-3.12.0, please open a new bug report.

glusterfs-3.12.0 has been announced on the Gluster mailinglists [1], packages for several distributions should become available in the near future. Keep an eye on the Gluster Users mailinglist [2] and the update infrastructure for your distribution.

[1] http://lists.gluster.org/pipermail/announce/2017-September/000082.html
[2] https://www.gluster.org/pipermail/gluster-users/