Commit 573d194b authored by Phoebe Buckheister's avatar Phoebe Buckheister 🐍

client: set posix acl to uncached on read

returning the acl without calling forget_cached_acl will cause the
currently cached acl (default: empty) to be user on all further acl
accesses for the inode, until the inode is flushed. flushed happen only
under memory pressure and during unmount, thus the current behaviour is
far from what users expect.
parent ed2067bb
......@@ -465,7 +465,11 @@ struct posix_acl* FhgfsOps_get_acl(struct inode* inode, int type)
FhgfsInode* fhgfsInode = BEEGFS_INODE(inode);
const EntryInfo* entryInfo = FhgfsInode_getEntryInfo(fhgfsInode);
int refreshRes = maybeRefreshInode(inode, true, false, false);
int refreshRes;
forget_cached_acl(inode, type);
refreshRes = maybeRefreshInode(inode, true, false, false);
if (refreshRes)
return ERR_PTR(refreshRes);
......
def readAsNobody(file)
shell? "sudo runuser -u nobody -- cat #{file} >/dev/null"
end
on node do
cd node.properties["client0"]["mount"] do
tempdir do
file = "test"
create_file(file)
shell "chmod", "600", file
if readAsNobody(file)
raise("Access allowed but should not")
end
shell "setfacl", "-m", "u:nobody:r", file
if not readAsNobody(file)
raise("ACLs not working: access denied")
end
end
end
end
hosts:
node:
- mgmtd
- meta:
config:
storeUseExtendedAttribs: true
storeClientXAttrs: true
storeClientACLs: true
- storage
- helperd
- client:
config:
sysXAttrsEnabled: true
sysACLsEnabled: true
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment