fuse: forbid only access to security.selinux xattr if not mounted with 'selinux'

Originally, all selinux.* xattrs were forbidden, causing
for example Samba's acl_xattr module which uses security.NTACL
to fail without the 'selinux' mount option, which is confusing
at least. This change specializes the check to the security.selinux
attribute, so other selinux.* attributes work with or without the option.

Change-Id: I9d3083123efbf403f20572cfb325a300ce2e90d9
Signed-off-by: Michael Adam <obnox@samba.org>

diff --git a/xlators/mount/fuse/src/fuse-bridge.c b/xlators/mount/fuse/src/fuse-bridge.c
index 16dd5b5ea0d065eee9b4533d5ea00dc828c1f724..71645c5ef3cc8a94cb5d84d5499b544d665feaf4 100644 (file)
--- a/xlators/mount/fuse/src/fuse-bridge.c
+++ b/xlators/mount/fuse/src/fuse-bridge.c
@@ -3169,7 +3169,7 @@ fuse_setxattr (xlator_t *this, fuse_in_header_t *finh, void *msg)
         }
 
         if (!priv->selinux) {
-                if (strncmp (name, "security.", 9) == 0) {
+                if (strcmp (name, "security.selinux") == 0) {
                         send_fuse_err (this, finh, EOPNOTSUPP);
                         GF_FREE (finh);
                         return;
@@ -3499,7 +3499,7 @@ fuse_getxattr (xlator_t *this, fuse_in_header_t *finh, void *msg)
         }
 
         if (!priv->selinux) {
-                if (strncmp (name, "security.", 9) == 0) {
+                if (strcmp (name, "security.selinux") == 0) {
                         op_errno = ENODATA;
                         goto err;
                 }