1459971 – posix-acl: Whitelist virtual ACL xattrs

Bug 1459971 - posix-acl: Whitelist virtual ACL xattrs

Summary: posix-acl: Whitelist virtual ACL xattrs

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	GlusterFS
Classification:	Community
Component:	posix-acl
Sub Component:
Version:	mainline
Hardware:	All
OS:	All
Priority:	unspecified
Severity:	high
Target Milestone:	---
Assignee:	Soumya Koduri
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	1459972 1460647 1460649 1460650
TreeView+	depends on / blocked

Reported:	2017-06-08 17:21 UTC by Soumya Koduri
Modified:	2017-09-05 17:33 UTC (History)
CC List:	1 user (show)
Fixed In Version:	glusterfs-3.12.0
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Clones:	1459972 1460649 1460650 (view as bug list)
Environment:
Last Closed:	2017-09-05 17:33:35 UTC
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Soumya Koduri 2017-06-08 17:21:51 UTC

Description of problem:

Similar to system.posix_acl_* xattrs, all users should be able to read virtual acl xattrs too (glusterfs.posix-acl-*). 

Otherwise it shall result in EACCESS error when any non-root user is trying to ACL of any file created under gluster volume.

Version-Release number of selected component (if applicable):


How reproducible:
Always


Steps to Reproduce:
1. Start NFS-ganesha using a non-root user
2. Export a volume via NFS-Ganesha
3. Mount the volume using NFSv4
4. Try to read/get acl.


Actual results:
It results in "Permission denied" error.

Expected results:
All users should be able to read POSIX ACLs for any file.

Additional info:

Comment 1 Worker Ant 2017-06-08 17:28:48 UTC

REVIEW: https://review.gluster.org/17493 (posix-acl: Whitelist virtual ACL xattrs) posted (#1) for review on master by soumya k (skoduri)

Comment 2 Worker Ant 2017-06-09 11:10:05 UTC

COMMIT: https://review.gluster.org/17493 committed in master by Niels de Vos (ndevos) 
------
commit 68f2192df570b5ee615d440c2e0c88d49a75a34f
Author: Soumya Koduri <skoduri>
Date:   Thu Jun 8 22:19:17 2017 +0530

    posix-acl: Whitelist virtual ACL xattrs
    
    Similar to system.posix_acl_* xattrs, all users should get
    permission to be able to read glusterfs.posix.acl* xattrs too.
    
    Change-Id: I1fc2b67c8a12113910e4ec57cd114e4baefe0d38
    BUG: 1459971
    Signed-off-by: Soumya Koduri <skoduri>
    Reviewed-on: https://review.gluster.org/17493
    Smoke: Gluster Build System <jenkins.org>
    Reviewed-by: jiffin tony Thottan <jthottan>
    NetBSD-regression: NetBSD Build System <jenkins.org>
    CentOS-regression: Gluster Build System <jenkins.org>
    Reviewed-by: Raghavendra Talur <rtalur>
    Reviewed-by: Niels de Vos <ndevos>

Comment 3 Shyamsundar 2017-09-05 17:33:35 UTC

This bug is getting closed because a release has been made available that should address the reported issue. In case the problem is still not fixed with glusterfs-3.12.0, please open a new bug report.

glusterfs-3.12.0 has been announced on the Gluster mailinglists [1], packages for several distributions should become available in the near future. Keep an eye on the Gluster Users mailinglist [2] and the update infrastructure for your distribution.

[1] http://lists.gluster.org/pipermail/announce/2017-September/000082.html
[2] https://www.gluster.org/pipermail/gluster-users/

Note You need to log in before you can comment on or make changes to this bug.