Bug 1459971 - posix-acl: Whitelist virtual ACL xattrs
posix-acl: Whitelist virtual ACL xattrs
Product: GlusterFS
Classification: Community
Component: posix-acl (Show other bugs)
All All
unspecified Severity high
: ---
: ---
Assigned To: Soumya Koduri
: Triaged
Depends On:
Blocks: 1459972 1460647 1460649 1460650
  Show dependency treegraph
Reported: 2017-06-08 13:21 EDT by Soumya Koduri
Modified: 2017-09-05 13:33 EDT (History)
1 user (show)

See Also:
Fixed In Version: glusterfs-3.12.0
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
: 1459972 1460649 1460650 (view as bug list)
Last Closed: 2017-09-05 13:33:35 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Soumya Koduri 2017-06-08 13:21:51 EDT
Description of problem:

Similar to system.posix_acl_* xattrs, all users should be able to read virtual acl xattrs too (glusterfs.posix-acl-*). 

Otherwise it shall result in EACCESS error when any non-root user is trying to ACL of any file created under gluster volume.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. Start NFS-ganesha using a non-root user
2. Export a volume via NFS-Ganesha
3. Mount the volume using NFSv4
4. Try to read/get acl.

Actual results:
It results in "Permission denied" error.

Expected results:
All users should be able to read POSIX ACLs for any file.

Additional info:
Comment 1 Worker Ant 2017-06-08 13:28:48 EDT
REVIEW: https://review.gluster.org/17493 (posix-acl: Whitelist virtual ACL xattrs) posted (#1) for review on master by soumya k (skoduri@redhat.com)
Comment 2 Worker Ant 2017-06-09 07:10:05 EDT
COMMIT: https://review.gluster.org/17493 committed in master by Niels de Vos (ndevos@redhat.com) 
commit 68f2192df570b5ee615d440c2e0c88d49a75a34f
Author: Soumya Koduri <skoduri@redhat.com>
Date:   Thu Jun 8 22:19:17 2017 +0530

    posix-acl: Whitelist virtual ACL xattrs
    Similar to system.posix_acl_* xattrs, all users should get
    permission to be able to read glusterfs.posix.acl* xattrs too.
    Change-Id: I1fc2b67c8a12113910e4ec57cd114e4baefe0d38
    BUG: 1459971
    Signed-off-by: Soumya Koduri <skoduri@redhat.com>
    Reviewed-on: https://review.gluster.org/17493
    Smoke: Gluster Build System <jenkins@build.gluster.org>
    Reviewed-by: jiffin tony Thottan <jthottan@redhat.com>
    NetBSD-regression: NetBSD Build System <jenkins@build.gluster.org>
    CentOS-regression: Gluster Build System <jenkins@build.gluster.org>
    Reviewed-by: Raghavendra Talur <rtalur@redhat.com>
    Reviewed-by: Niels de Vos <ndevos@redhat.com>
Comment 3 Shyamsundar 2017-09-05 13:33:35 EDT
This bug is getting closed because a release has been made available that should address the reported issue. In case the problem is still not fixed with glusterfs-3.12.0, please open a new bug report.

glusterfs-3.12.0 has been announced on the Gluster mailinglists [1], packages for several distributions should become available in the near future. Keep an eye on the Gluster Users mailinglist [2] and the update infrastructure for your distribution.

[1] http://lists.gluster.org/pipermail/announce/2017-September/000082.html
[2] https://www.gluster.org/pipermail/gluster-users/

Note You need to log in before you can comment on or make changes to this bug.