Commit 39e5bfa7 authored by Shaun Tancheff's avatar Shaun Tancheff Committed by Oleg Drokin
Browse files

LU-12355 llite: include file linux/selinux.h removed



In kernel 5.1 linux/selinux.h was removed with
SELinux: Remove unused selinux_is_enabled

Linux-commit: 3d252529480c68bfd6a6774652df7c8968b28e41

Test-Parameters: trivial
Signed-off-by: default avatarShaun Tancheff <stancheff@cray.com>
Change-Id: If963e6b22b7b07899de5b970f934bb157c5f7cec
Reviewed-on: https://review.whamcloud.com/35035

Tested-by: default avatarjenkins <devops@whamcloud.com>
Tested-by: default avatarMaloo <maloo@whamcloud.com>
Reviewed-by: default avatarSebastien Buisson <sbuisson@ddn.com>
Reviewed-by: default avatarPetros Koutoupis <pkoutoupis@cray.com>
Reviewed-by: default avatarOleg Drokin <green@whamcloud.com>
parent d93aa017
......@@ -2836,6 +2836,28 @@ inode_timespec64, [
EXTRA_KCFLAGS="$tmp_flags"
]) # LC_INODE_TIMESPEC64
#
# LC_HAS_LINUX_SELINUX_ENABLED
#
# kernel 5.1 commit 3d252529480c68bfd6a6774652df7c8968b28e41
# SELinux: Remove unused selinux_is_enabled
#
AC_DEFUN([LC_HAS_LINUX_SELINUX_ENABLED], [
tmp_flags="$EXTRA_KCFLAGS"
EXTRA_KCFLAGS="-Werror"
LB_CHECK_COMPILE([if linux/selinux.h exists],
selinux_is_enabled, [
#include <linux/selinux.h>
],[
bool has_selinux = selinux_is_enabled();
(void)has_selinux;
],[
AC_DEFINE(HAVE_LINUX_SELINUX_IS_ENABLED, 1,
[if linux/selinux.h exists])
])
EXTRA_KCFLAGS="$tmp_flags"
]) # LC_HAS_LINUX_SELINUX_ENABLED
#
# LC_PROG_LINUX
#
......@@ -3065,6 +3087,9 @@ AC_DEFUN([LC_PROG_LINUX], [
# 5.0
LC_UAPI_LINUX_MOUNT_H
# 5.1
LC_HAS_LINUX_SELINUX_ENABLED
# kernel patch to extend integrity interface
LC_BIO_INTEGRITY_PREP_FN
......
......@@ -741,4 +741,8 @@ static inline bool bdev_integrity_enabled(struct block_device *bdev, int rw)
kmem_cache_create(name, size, align, flags, ctor)
#endif
#ifndef HAVE_LINUX_SELINUX_IS_ENABLED
#define selinux_is_enabled() 1
#endif
#endif /* _LUSTRE_COMPAT_H */
......@@ -34,7 +34,9 @@
#include <linux/sched.h>
#include <linux/mm.h>
#include <linux/xattr.h>
#ifdef HAVE_LINUX_SELINUX_IS_ENABLED
#include <linux/selinux.h>
#endif
#define DEBUG_SUBSYSTEM S_LLITE
......@@ -52,6 +54,17 @@ static inline const char *xattr_prefix(const struct xattr_handler *handler)
}
#endif
#ifdef HAVE_LINUX_SELINUX_IS_ENABLED
# define test_xattr_is_selinux_disabled(handler, name) \
((handler)->flags == XATTR_SECURITY_T && \
!selinux_is_enabled() && \
strcmp((name), "selinux") == 0)
#else
# define test_xattr_is_selinux_disabled(handler, name) \
((handler)->flags == XATTR_SECURITY_T && \
strcmp((name), "selinux") == 0)
#endif
const struct xattr_handler *get_xattr_type(const char *name)
{
int i;
......@@ -135,8 +148,7 @@ static int ll_xattr_set_common(const struct xattr_handler *handler,
RETURN(0);
/* LU-549: Disable security.selinux when selinux is disabled */
if (handler->flags == XATTR_SECURITY_T && !selinux_is_enabled() &&
strcmp(name, "selinux") == 0)
if (test_xattr_is_selinux_disabled(handler, name))
RETURN(-EOPNOTSUPP);
/*
......@@ -424,8 +436,7 @@ static int ll_xattr_get_common(const struct xattr_handler *handler,
RETURN(rc);
/* LU-549: Disable security.selinux when selinux is disabled */
if (handler->flags == XATTR_SECURITY_T && !selinux_is_enabled() &&
!strcmp(name, "selinux"))
if (test_xattr_is_selinux_disabled(handler, name))
RETURN(-EOPNOTSUPP);
#ifdef CONFIG_FS_POSIX_ACL
......
......@@ -33,7 +33,9 @@
#include <linux/types.h>
#include <linux/security.h>
#ifdef HAVE_LINUX_SELINUX_IS_ENABLED
#include <linux/selinux.h>
#endif
#include <linux/xattr.h>
#include "llite_internal.h"
......@@ -55,7 +57,8 @@ int ll_dentry_init_security(struct dentry *dentry, int mode, struct qstr *name,
#ifdef HAVE_SECURITY_DENTRY_INIT_SECURITY
int rc;
/* security_dentry_init_security() is strange. Like
/*
* security_dentry_init_security() is strange. Like
* security_inode_init_security() it may return a context (provided a
* Linux security module is enabled) but unlike
* security_inode_init_security() it does not return to us the name of
......@@ -65,13 +68,16 @@ int ll_dentry_init_security(struct dentry *dentry, int mode, struct qstr *name,
* SELinux is the only module that implements
* security_dentry_init_security(). Note that the NFS client code just
* calls it and assumes that if anything is returned then it must come
* from SELinux. */
* from SELinux.
*/
if (!selinux_is_enabled())
return 0;
rc = security_dentry_init_security(dentry, mode, name, secctx,
secctx_size);
if (rc == -EOPNOTSUPP)
return 0;
if (rc < 0)
return rc;
......@@ -135,11 +141,17 @@ int
ll_inode_init_security(struct dentry *dentry, struct inode *inode,
struct inode *dir)
{
int rc;
if (!selinux_is_enabled())
return 0;
return ll_security_inode_init_security(inode, dir, NULL, NULL, 0,
&ll_initxattrs, dentry);
rc = ll_security_inode_init_security(inode, dir, NULL, NULL, 0,
&ll_initxattrs, dentry);
if (rc == -EOPNOTSUPP)
return 0;
return rc;
}
#else /* !HAVE_SECURITY_IINITSEC_CALLBACK */
/**
......
......@@ -43,7 +43,9 @@
#define PRINT_MASK (D_SUPER | D_CONFIG)
#include <linux/types.h>
#ifdef HAVE_LINUX_SELINUX_IS_ENABLED
#include <linux/selinux.h>
#endif
#include <linux/statfs.h>
#include <linux/version.h>
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment