[PATCH] vfs module for VxFS
Jeremy Allison
jra at samba.org
Tue Sep 9 14:05:30 MDT 2014
On Fri, Sep 05, 2014 at 02:27:14AM -0700, Abhidnya Joshi wrote:
> Hi Andrew, Jeremy,
>
> I understand from the discussion that, we can have generic xattr renaming module which anyone can use.
> This will also take care of securing these xattrs via samba_private_attr_name().
>
> Please let me know what should be the next step for handling this.
OK, I've been thinking about this a little, and I think
the best way to fix this is to filter your private
xattr name inside the get/set/list/remove functions
provided inside your new VFS module.
Currently you already hook:
.getxattr_fn = vxfs_get_xattr,
.fgetxattr_fn = vxfs_fget_xattr,
.removexattr_fn = vxfs_remove_xattr,
.fremovexattr_fn = vxfs_fremove_xattr,
.setxattr_fn = vxfs_set_xattr,
.fsetxattr_fn = vxfs_fset_xattr,
so we ony need to additionally hook
listxattr_fn and flistxattr_fn and
add code to all the xattr VFS functions
to filter out the XATTR_USER_NTACL
name to prevent it from being accessed
or changed by the calling code and we're
good.
That way we don't need to add any extra
local.h escapes into the main Samba code,
everything can be taken care of inside
the VFS module itself.
Cheers,
Jeremy.
More information about the samba-technical
mailing list