Bug 1230327 - context of access control translator should be updated properly for GF_POSIX_ACL_*_KEY xattrs
Summary: context of access control translator should be updated properly for GF_POSIX_...
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: GlusterFS
Classification: Community
Component: access-control
Version: 3.7.2
Hardware: All
OS: All
high
high
Target Milestone: ---
Assignee: Jiffin
QA Contact:
URL:
Whiteboard:
Depends On: 1229860
Blocks: 1229567
TreeView+ depends on / blocked
 
Reported: 2015-06-10 16:28 UTC by Jiffin
Modified: 2015-07-30 09:47 UTC (History)
2 users (show)

Fixed In Version: glusterfs-3.7.3
Doc Type: Bug Fix
Doc Text:
Clone Of: 1229860
Environment:
Last Closed: 2015-07-30 09:47:06 UTC
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:


Attachments (Terms of Use)

Description Jiffin 2015-06-10 16:28:50 UTC
+++ This bug was initially created as a clone of Bug #1229860 +++

Description of problem:
An acl can be set using GF_POSIX_ACL_*_KEY xattr without notifying the access-control translator. So evenif an acl is set correctly at the backend, it might not work properly because access-control holds wrong acl information in its context about that file.

Version-Release number of selected component (if applicable):
mainline

How reproducible:
always

Actual results:


Expected results:


Additional info:
This issue identified in only nfs-ganesha acl conversion.

--- Additional comment from Anand Avati on 2015-06-09 16:17:47 EDT ---

REVIEW: http://review.gluster.org/11144 (access-control : validating context of access control translator) posted (#1) for review on master by jiffin tony Thottan (jthottan@redhat.com)

--- Additional comment from Jiffin on 2015-06-10 02:04:46 EDT ---

Comment 1 Anand Avati 2015-07-03 06:23:21 UTC
REVIEW: http://review.gluster.org/11519 (access-control : validating context of access control translator) posted (#1) for review on release-3.7 by jiffin tony Thottan (jthottan@redhat.com)

Comment 2 Anand Avati 2015-07-03 11:39:22 UTC
COMMIT: http://review.gluster.org/11519 committed in release-3.7 by Kaleb KEITHLEY (kkeithle@redhat.com) 
------
commit 4df4c2092478a9813b6bb4b4ee00ed8f4ca2fea0
Author: Jiffin Tony Thottan <jthottan@redhat.com>
Date:   Wed Jun 10 00:08:39 2015 +0530

    access-control : validating context of access control translator
    
    By introduction of new acl conversion from http://review.gluster.org/#/c/9627/,
    an acl can be set using GF_POSIX_ACL_*_KEY xattrs without notifying the
    access-control translator. So evenif an acl is set correctly at the backend, it
    might not work properly because access-control holds wrong acl information in
    its context about that file.
    
    Note : This is a simple workaround. The actual solution consists of three steps:
    1.) Use new acl api's for acl conversion.
    2.) Move the acl conversion part from access-control translator
    3.) Introduces standard acl structures and libaries in access-translator
    for caching, enforcing purposes.
    
    Backport of http://review.gluster.org/#/c/11144/
    
    >Change-Id: Iacb6b323810ebe82f7f171f20be16429463cbcf0
    >BUG: 1229860
    >Signed-off-by: Jiffin Tony Thottan <jthottan@redhat.com>
    >Reviewed-on: http://review.gluster.org/11144
    >Reviewed-by: Niels de Vos <ndevos@redhat.com>
    >Tested-by: Gluster Build System <jenkins@build.gluster.com>
    >Reviewed-by: Kaleb KEITHLEY <kkeithle@redhat.com>
    >cherry-picked from 81cb71e9317e380b1d414038223c72643b35e664
    
    Change-Id: I935f28704a2d401df8224f5042bf7b38177a8a0f
    BUG: 1230327
    Signed-off-by: Jiffin Tony Thottan <jthottan@redhat.com>
    Reviewed-on: http://review.gluster.org/11519
    Tested-by: Gluster Build System <jenkins@build.gluster.com>
    Reviewed-by: Kaleb KEITHLEY <kkeithle@redhat.com>

Comment 3 Kaushal 2015-07-30 09:47:06 UTC
This bug is getting closed because a release has been made available that should address the reported issue. In case the problem is still not fixed with glusterfs-3.7.3, please open a new bug report.

glusterfs-3.7.3 has been announced on the Gluster mailinglists [1], packages for several distributions should become available in the near future. Keep an eye on the Gluster Users mailinglist [2] and the update infrastructure for your distribution.

[1] http://thread.gmane.org/gmane.comp.file-systems.gluster.devel/12078
[2] http://thread.gmane.org/gmane.comp.file-systems.gluster.user


Note You need to log in before you can comment on or make changes to this bug.