Hello,
OCFS2 mount option 'acl' is a small trap for users. When xattr feature
is not enabled and 'acl' mount option is specified, it is just silently
cleared during mount. IMHO that's not a good behavior - when admin requests
ACLs and we are not able to provide them, we should just fail the mount.
The trap is even more dangerous because the mount command is not aware that
we've cleared the 'acl' mount option and thus it records in /etc/mtab that
the filesystem is mounted with 'acl' mount option. So the output of mount
command looks as if ACLs were really in use. The only way to find out they
are not is to look into /proc/mounts or to try to get/set some ACL.
Attached patch makes the mount fail if 'acl' mount option is specified
but xattr feature is disabled.
Honza
--
Jan Kara <[email protected]>
SUSE Labs, CR
>From 0f46be4568660b986de8f2b67d8f9a66f8432944 Mon Sep 17 00:00:00 2001
From: Jan Kara <[email protected]>
Date: Mon, 14 Sep 2009 16:51:29 +0200
Subject: [PATCH] ocfs2: Fail the mount when 'acl' mount option is specified but extended attributes are disabled
When extended attributes are disabled on the filesystem, we cannot support
ACLs. It is better to fail the mount in such case then silently turn off
the ACL support.
Signed-off-by: Jan Kara <[email protected]>
---
fs/ocfs2/super.c | 20 +++++++++++++++-----
1 files changed, 15 insertions(+), 5 deletions(-)
diff --git a/fs/ocfs2/super.c b/fs/ocfs2/super.c
index 4e6b8e7..459c775 100644
--- a/fs/ocfs2/super.c
+++ b/fs/ocfs2/super.c
@@ -696,8 +696,6 @@ unlock_osb:
if (!ret) {
/* Only save off the new mount options in case of a successful
* remount. */
- if (!(osb->s_feature_incompat & OCFS2_FEATURE_INCOMPAT_XATTR))
- parsed_options.mount_opt &= ~OCFS2_MOUNT_POSIX_ACL;
osb->s_mount_opt = parsed_options.mount_opt;
osb->s_atime_quantum = parsed_options.atime_quantum;
osb->preferred_slot = parsed_options.slot;
@@ -1012,9 +1010,6 @@ static int ocfs2_fill_super(struct super_block *sb, void *data, int silent)
brelse(bh);
bh = NULL;
- if (!(osb->s_feature_incompat & OCFS2_FEATURE_INCOMPAT_XATTR))
- parsed_options.mount_opt &= ~OCFS2_MOUNT_POSIX_ACL;
-
osb->s_mount_opt = parsed_options.mount_opt;
osb->s_atime_quantum = parsed_options.atime_quantum;
osb->preferred_slot = parsed_options.slot;
@@ -1037,6 +1032,13 @@ static int ocfs2_fill_super(struct super_block *sb, void *data, int silent)
"filesystem does not have the feature enabled.\n");
goto read_super_error;
}
+ if (osb->s_mount_opt & OCFS2_MOUNT_POSIX_ACL &&
+ !OCFS2_HAS_INCOMPAT_FEATURE(sb, OCFS2_FEATURE_INCOMPAT_XATTR)) {
+ status = -EINVAL;
+ mlog(ML_ERROR, "ACL support requested but extended attributes "
+ "feature is not enabled\n");
+ goto read_super_error;
+ }
status = ocfs2_verify_userspace_stack(osb, &parsed_options);
if (status)
@@ -1396,6 +1398,14 @@ static int ocfs2_parse_options(struct super_block *sb,
break;
#ifdef CONFIG_OCFS2_FS_POSIX_ACL
case Opt_acl:
+ if (is_remount && !OCFS2_HAS_INCOMPAT_FEATURE(sb,
+ OCFS2_FEATURE_INCOMPAT_XATTR)) {
+ mlog(ML_ERROR, "ACL support requested but "
+ "extended attributes feature is not "
+ "enabled\n");
+ status = 0;
+ goto bail;
+ }
mopt->mount_opt |= OCFS2_MOUNT_POSIX_ACL;
break;
case Opt_noacl:
--
1.6.0.2
_______________________________________________
Ocfs2-devel mailing list
[email protected]
http://oss.oracle.com/mailman/listinfo/ocfs2-devel
