Bug 1460650 - posix-acl: Whitelist virtual ACL xattrs
posix-acl: Whitelist virtual ACL xattrs
Status: CLOSED CURRENTRELEASE
Product: GlusterFS
Classification: Community
Component: posix-acl (Show other bugs)
3.8
All All
unspecified Severity high
: ---
: ---
Assigned To: Soumya Koduri
: Triaged
Depends On: glusterfs-3.8.13 1459971
Blocks: 1459972 1460647 1460649
  Show dependency treegraph
 
Reported: 2017-06-12 06:35 EDT by Soumya Koduri
Modified: 2017-06-29 05:54 EDT (History)
1 user (show)

See Also:
Fixed In Version: glusterfs-3.8.13
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: 1459971
Environment:
Last Closed: 2017-06-29 05:54:50 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Soumya Koduri 2017-06-12 06:35:50 EDT
+++ This bug was initially created as a clone of Bug #1459971 +++

Description of problem:

Similar to system.posix_acl_* xattrs, all users should be able to read virtual acl xattrs too (glusterfs.posix-acl-*). 

Otherwise it shall result in EACCESS error when any non-root user is trying to ACL of any file created under gluster volume.

Version-Release number of selected component (if applicable):


How reproducible:
Always


Steps to Reproduce:
1. Start NFS-ganesha using a non-root user
2. Export a volume via NFS-Ganesha
3. Mount the volume using NFSv4
4. Try to read/get acl.


Actual results:
It results in "Permission denied" error.

Expected results:
All users should be able to read POSIX ACLs for any file.

Additional info:

--- Additional comment from Worker Ant on 2017-06-08 13:28:48 EDT ---

REVIEW: https://review.gluster.org/17493 (posix-acl: Whitelist virtual ACL xattrs) posted (#1) for review on master by soumya k (skoduri@redhat.com)

--- Additional comment from Worker Ant on 2017-06-09 07:10:05 EDT ---

COMMIT: https://review.gluster.org/17493 committed in master by Niels de Vos (ndevos@redhat.com) 
------
commit 68f2192df570b5ee615d440c2e0c88d49a75a34f
Author: Soumya Koduri <skoduri@redhat.com>
Date:   Thu Jun 8 22:19:17 2017 +0530

    posix-acl: Whitelist virtual ACL xattrs
    
    Similar to system.posix_acl_* xattrs, all users should get
    permission to be able to read glusterfs.posix.acl* xattrs too.
    
    Change-Id: I1fc2b67c8a12113910e4ec57cd114e4baefe0d38
    BUG: 1459971
    Signed-off-by: Soumya Koduri <skoduri@redhat.com>
    Reviewed-on: https://review.gluster.org/17493
    Smoke: Gluster Build System <jenkins@build.gluster.org>
    Reviewed-by: jiffin tony Thottan <jthottan@redhat.com>
    NetBSD-regression: NetBSD Build System <jenkins@build.gluster.org>
    CentOS-regression: Gluster Build System <jenkins@build.gluster.org>
    Reviewed-by: Raghavendra Talur <rtalur@redhat.com>
    Reviewed-by: Niels de Vos <ndevos@redhat.com>
Comment 1 Worker Ant 2017-06-12 06:46:36 EDT
REVIEW: https://review.gluster.org/17514 (posix-acl: Whitelist virtual ACL xattrs) posted (#1) for review on release-3.8 by soumya k (skoduri@redhat.com)
Comment 2 Worker Ant 2017-06-19 00:54:05 EDT
COMMIT: https://review.gluster.org/17514 committed in release-3.8 by jiffin tony Thottan (jthottan@redhat.com) 
------
commit 5a48cf93a0383d79b6525268cee93158dbee8132
Author: Soumya Koduri <skoduri@redhat.com>
Date:   Thu Jun 8 22:19:17 2017 +0530

    posix-acl: Whitelist virtual ACL xattrs
    
    Similar to system.posix_acl_* xattrs, all users should get
    permission to be able to read glusterfs.posix.acl* xattrs too.
    
    This is backport of below mainline patch -
    https://review.gluster.org/17493
    
    >BUG: 1459971
    >Signed-off-by: Soumya Koduri <skoduri@redhat.com>
    >Reviewed-on: https://review.gluster.org/17493
    >Smoke: Gluster Build System <jenkins@build.gluster.org>
    >Reviewed-by: jiffin tony Thottan <jthottan@redhat.com>
    >NetBSD-regression: NetBSD Build System <jenkins@build.gluster.org>
    >CentOS-regression: Gluster Build System <jenkins@build.gluster.org>
    >Reviewed-by: Raghavendra Talur <rtalur@redhat.com>
    >Reviewed-by: Niels de Vos <ndevos@redhat.com>
    >(cherry picked from commit 68f2192df570b5ee615d440c2e0c88d49a75a34f)
    
    BUG: 1460650
    Change-Id: I1fc2b67c8a12113910e4ec57cd114e4baefe0d38
    Signed-off-by: Soumya Koduri <skoduri@redhat.com>
    Reviewed-on: https://review.gluster.org/17514
    Smoke: Gluster Build System <jenkins@build.gluster.org>
    CentOS-regression: Gluster Build System <jenkins@build.gluster.org>
    NetBSD-regression: NetBSD Build System <jenkins@build.gluster.org>
    Reviewed-by: jiffin tony Thottan <jthottan@redhat.com>
Comment 3 Niels de Vos 2017-06-29 05:54:50 EDT
This bug is getting closed because a release has been made available that should address the reported issue. In case the problem is still not fixed with glusterfs-3.8.13, please open a new bug report.

glusterfs-3.8.13 has been announced on the Gluster mailinglists [1], packages for several distributions should become available in the near future. Keep an eye on the Gluster Users mailinglist [2] and the update infrastructure for your distribution.

[1] https://lists.gluster.org/pipermail/announce/2017-June/000075.html
[2] https://www.gluster.org/pipermail/gluster-users/

Note You need to log in before you can comment on or make changes to this bug.