Merge pull request #153 from giuseppe/drop-security-capability-handling

main: drop special handling for security.capability
containers · Nov 29, 2019 · fe47dba · fe47dba
2 parents e0d2ffa + 5d05320
commit fe47dba
Show file tree

Hide file tree

Showing 2 changed files with 0 additions and 19 deletions.
diff --git a/fuse-overlayfs.h b/fuse-overlayfs.h
@@ -57,7 +57,6 @@ struct ovl_node
   unsigned int hidden : 1;
   unsigned int whiteout : 1;
   unsigned int loaded : 1;
-  unsigned int no_security_capability : 1;
 };
 
 struct ovl_mapping

diff --git a/main.c b/main.c
@@ -2253,7 +2253,6 @@ ovl_getxattr (fuse_req_t req, fuse_ino_t ino, const char *name, size_t size)
   struct ovl_node *node;
   struct ovl_data *lo = ovl_data (req);
   cleanup_free char *buf = NULL;
-  bool is_security_capability = false;
   int ret;
 
   if (UNLIKELY (ovl_debug (req)))
@@ -2265,22 +2264,13 @@ ovl_getxattr (fuse_req_t req, fuse_ino_t ino, const char *name, size_t size)
       return;
     }
 
-  if (get_timeout (lo) > 0)
-    is_security_capability = has_prefix (name, "security.capability");
-
   node = do_lookup_file (lo, ino, NULL);
   if (node == NULL)
     {
       fuse_reply_err (req, ENOENT);
       return;
     }
 
-  if (is_security_capability && node->no_security_capability)
-    {
-      fuse_reply_err (req, ENODATA);
-      return;
-    }
-
   if (size > 0)
     {
       buf = malloc (size);
@@ -2300,9 +2290,6 @@ ovl_getxattr (fuse_req_t req, fuse_ino_t ino, const char *name, size_t size)
       ret = getxattr (path, name, buf, size);
     }
 
-  if (get_timeout (lo) > 0 && is_security_capability && ret < 0 && errno == ENODATA)
-    node->no_security_capability = 1;
-
   if (ret < 0)
     {
       fuse_reply_err (req, errno);
@@ -3002,7 +2989,6 @@ ovl_setxattr (fuse_req_t req, fuse_ino_t ino, const char *name,
 {
   cleanup_lock int l = enter_big_lock ();
   struct ovl_data *lo = ovl_data (req);
-  bool is_security_capability = false;
   struct ovl_node *node;
   int ret;
 
@@ -3022,8 +3008,6 @@ ovl_setxattr (fuse_req_t req, fuse_ino_t ino, const char *name,
       return;
     }
 
-  is_security_capability = has_prefix (name, "security.capability");
-
   node = do_lookup_file (lo, ino, NULL);
   if (node == NULL)
     {
@@ -3052,7 +3036,6 @@ ovl_setxattr (fuse_req_t req, fuse_ino_t ino, const char *name,
       return;
     }
 
-  node->no_security_capability = 1;
   fuse_reply_err (req, 0);
 }
 
@@ -4543,7 +4526,6 @@ ovl_mkdir (fuse_req_t req, fuse_ino_t parent, const char *name, mode_t mode)
       node->last_layer = pnode->last_layer;
       if (get_timeout (lo) > 0)
         node->loaded = 1;
-      node->no_security_capability = 1;
     }
   else
     {