Merge pull request #153 from giuseppe/drop-security-capability-handling

rhatdan · web-flow · commit fe47dba1845e · 2019-11-29T07:24:15.000-05:00
main: drop special handling for security.capability
diff --git a/fuse-overlayfs.h b/fuse-overlayfs.h
@@ -57,7 +57,6 @@ struct ovl_node
   unsigned int hidden : 1;
   unsigned int whiteout : 1;
   unsigned int loaded : 1;
-  unsigned int no_security_capability : 1;
 };
 
 struct ovl_mapping
diff --git a/main.c b/main.c
@@ -2253,7 +2253,6 @@ ovl_getxattr (fuse_req_t req, fuse_ino_t ino, const char *name, size_t size)
   struct ovl_node *node;
   struct ovl_data *lo = ovl_data (req);
   cleanup_free char *buf = NULL;
-  bool is_security_capability = false;
   int ret;
 
   if (UNLIKELY (ovl_debug (req)))
@@ -2265,22 +2264,13 @@ ovl_getxattr (fuse_req_t req, fuse_ino_t ino, const char *name, size_t size)
       return;
     }
 
-  if (get_timeout (lo) > 0)
-    is_security_capability = has_prefix (name, "security.capability");
-
   node = do_lookup_file (lo, ino, NULL);
   if (node == NULL)
     {
       fuse_reply_err (req, ENOENT);
       return;
     }
 
-  if (is_security_capability && node->no_security_capability)
-    {
-      fuse_reply_err (req, ENODATA);
-      return;
-    }
-
   if (size > 0)
     {
       buf = malloc (size);
@@ -2300,9 +2290,6 @@ ovl_getxattr (fuse_req_t req, fuse_ino_t ino, const char *name, size_t size)
       ret = getxattr (path, name, buf, size);
     }
 
-  if (get_timeout (lo) > 0 && is_security_capability && ret < 0 && errno == ENODATA)
-    node->no_security_capability = 1;
-
   if (ret < 0)
     {
       fuse_reply_err (req, errno);
@@ -3002,7 +2989,6 @@ ovl_setxattr (fuse_req_t req, fuse_ino_t ino, const char *name,
 {
   cleanup_lock int l = enter_big_lock ();
   struct ovl_data *lo = ovl_data (req);
-  bool is_security_capability = false;
   struct ovl_node *node;
   int ret;
 
@@ -3022,8 +3008,6 @@ ovl_setxattr (fuse_req_t req, fuse_ino_t ino, const char *name,
       return;
     }
 
-  is_security_capability = has_prefix (name, "security.capability");
-
   node = do_lookup_file (lo, ino, NULL);
   if (node == NULL)
     {
@@ -3052,7 +3036,6 @@ ovl_setxattr (fuse_req_t req, fuse_ino_t ino, const char *name,
       return;
     }
 
-  node->no_security_capability = 1;
   fuse_reply_err (req, 0);
 }
 
@@ -4543,7 +4526,6 @@ ovl_mkdir (fuse_req_t req, fuse_ino_t parent, const char *name, mode_t mode)
       node->last_layer = pnode->last_layer;
       if (get_timeout (lo) > 0)
         node->loaded = 1;
-      node->no_security_capability = 1;
     }
   else
     {

Original file line number	Diff line number	Diff line change
`@@ -2253,7 +2253,6 @@ ovl_getxattr (fuse_req_t req, fuse_ino_t ino, const char *name, size_t size)`
`2253`	`2253`	`struct ovl_node *node;`
`2254`	`2254`	`struct ovl_data *lo = ovl_data (req);`
`2255`	`2255`	`cleanup_free char *buf = NULL;`
`2256`		`- bool is_security_capability = false;`
`2257`	`2256`	`int ret;`
`2258`	`2257`
`2259`	`2258`	`if (UNLIKELY (ovl_debug (req)))`
`@@ -2265,22 +2264,13 @@ ovl_getxattr (fuse_req_t req, fuse_ino_t ino, const char *name, size_t size)`
`2265`	`2264`	`return;`
`2266`	`2265`	`}`
`2267`	`2266`
`2268`		`- if (get_timeout (lo) > 0)`
`2269`		`- is_security_capability = has_prefix (name, "security.capability");`
`2270`		`-`
`2271`	`2267`	`node = do_lookup_file (lo, ino, NULL);`
`2272`	`2268`	`if (node == NULL)`
`2273`	`2269`	`{`
`2274`	`2270`	`fuse_reply_err (req, ENOENT);`
`2275`	`2271`	`return;`
`2276`	`2272`	`}`
`2277`	`2273`
`2278`		`- if (is_security_capability && node->no_security_capability)`
`2279`		`- {`
`2280`		`- fuse_reply_err (req, ENODATA);`
`2281`		`- return;`
`2282`		`- }`
`2283`		`-`
`2284`	`2274`	`if (size > 0)`
`2285`	`2275`	`{`
`2286`	`2276`	`buf = malloc (size);`
`@@ -2300,9 +2290,6 @@ ovl_getxattr (fuse_req_t req, fuse_ino_t ino, const char *name, size_t size)`
`2300`	`2290`	`ret = getxattr (path, name, buf, size);`
`2301`	`2291`	`}`
`2302`	`2292`
`2303`		`- if (get_timeout (lo) > 0 && is_security_capability && ret < 0 && errno == ENODATA)`
`2304`		`- node->no_security_capability = 1;`
`2305`		`-`
`2306`	`2293`	`if (ret < 0)`
`2307`	`2294`	`{`
`2308`	`2295`	`fuse_reply_err (req, errno);`
`@@ -3002,7 +2989,6 @@ ovl_setxattr (fuse_req_t req, fuse_ino_t ino, const char *name,`
`3002`	`2989`	`{`
`3003`	`2990`	`cleanup_lock int l = enter_big_lock ();`
`3004`	`2991`	`struct ovl_data *lo = ovl_data (req);`
`3005`		`- bool is_security_capability = false;`
`3006`	`2992`	`struct ovl_node *node;`
`3007`	`2993`	`int ret;`
`3008`	`2994`
`@@ -3022,8 +3008,6 @@ ovl_setxattr (fuse_req_t req, fuse_ino_t ino, const char *name,`
`3022`	`3008`	`return;`
`3023`	`3009`	`}`
`3024`	`3010`
`3025`		`- is_security_capability = has_prefix (name, "security.capability");`
`3026`		`-`
`3027`	`3011`	`node = do_lookup_file (lo, ino, NULL);`
`3028`	`3012`	`if (node == NULL)`
`3029`	`3013`	`{`
`@@ -3052,7 +3036,6 @@ ovl_setxattr (fuse_req_t req, fuse_ino_t ino, const char *name,`
`3052`	`3036`	`return;`
`3053`	`3037`	`}`
`3054`	`3038`
`3055`		`- node->no_security_capability = 1;`
`3056`	`3039`	`fuse_reply_err (req, 0);`
`3057`	`3040`	`}`
`3058`	`3041`
`@@ -4543,7 +4526,6 @@ ovl_mkdir (fuse_req_t req, fuse_ino_t parent, const char *name, mode_t mode)`
`4543`	`4526`	`node->last_layer = pnode->last_layer;`
`4544`	`4527`	`if (get_timeout (lo) > 0)`
`4545`	`4528`	`node->loaded = 1;`
`4546`		`- node->no_security_capability = 1;`
`4547`	`4529`	`}`
`4548`	`4530`	`else`
`4549`	`4531`	`{`