LU-13742 llite: do not bypass selinux xattr handling

Without the hint from selinux_is_enabled() to determine if selinux is running at boot the performance fix from LU-549 to skip handling of selinux xattrs cannot be correctly handled. The correct path is to act is if selinux is enabled. This fixes a bug introduced by LU-12355 that now exists in RHEL 8.2 kernels where clients have enabled selinux. Fixes: 39e5bfa7 ("LU-12355 llite: include file linux/selinux.h removed") Test-Parameters: clientdistro=el8.2 serverdistro=el8.2 clientselinux testlist=sanity-selinux Test-Parameters: clientdistro=el8.1 serverdistro=el8.1 clientselinux testlist=sanity-selinux Signed-off-by: Shaun Tancheff <shaun.tancheff@hpe.com> Change-Id: I6fb5ed9ecdb79545225b5586b90509eb157a355b Reviewed-on: https://review.whamcloud.com/39569 Reviewed-by: Sebastien Buisson <sbuisson@ddn.com> Tested-by: jenkins <devops@whamcloud.com> Reviewed-by: Andreas Dilger <adilger@whamcloud.com> Tested-by: Maloo <maloo@whamcloud.com> Reviewed-by: Oleg Drokin <green@whamcloud.com>

LU-13742 llite: do not bypass selinux xattr handling
Without the hint from selinux_is_enabled() to determine if selinux is running at boot the performance fix from LU-549 to skip handling of selinux xattrs cannot be correctly handled. The correct path is to act is if selinux is enabled. This fixes a bug introduced by LU-12355 that now exists in RHEL 8.2 kernels where clients have enabled selinux. Fixes: 39e5bfa7 ("LU-12355 llite: include file linux/selinux.h removed") Test-Parameters: clientdistro=el8.2 serverdistro=el8.2 clientselinux testlist=sanity-selinux Test-Parameters: clientdistro=el8.1 serverdistro=el8.1 clientselinux testlist=sanity-selinux Signed-off-by: Shaun Tancheff <shaun.tancheff@hpe.com> Change-Id: I6fb5ed9ecdb79545225b5586b90509eb157a355b Reviewed-on: https://review.whamcloud.com/39569 Reviewed-by: Sebastien Buisson <sbuisson@ddn.com> Tested-by: jenkins <devops@whamcloud.com> Reviewed-by: Andreas Dilger <adilger@whamcloud.com> Tested-by: Maloo <maloo@whamcloud.com> Reviewed-by: Oleg Drokin <green@whamcloud.com>
994287bd · Shaun Tancheff · Oleg Drokin · fb8ef58e · 994287bd
Commit 994287bd authored Aug 05, 2020 by Shaun Tancheff Committed by Oleg Drokin Aug 13, 2020
--- a/lustre/llite/xattr.c
+++ b/lustre/llite/xattr.c
@@ -54,17 +54,6 @@ static inline const char *xattr_prefix(const struct xattr_handler *handler)
 }
 #endif

-#ifdef HAVE_LINUX_SELINUX_IS_ENABLED
-# define test_xattr_is_selinux_disabled(handler, name) \
-		((handler)->flags == XATTR_SECURITY_T && \
-		!selinux_is_enabled() && \
-		strcmp((name), "selinux") == 0)
-#else
-# define test_xattr_is_selinux_disabled(handler, name) \
-		((handler)->flags == XATTR_SECURITY_T && \
-		strcmp((name), "selinux") == 0)
-#endif
-
 const struct xattr_handler *get_xattr_type(const char *name)
 {
 	int i;
@@ -146,7 +135,8 @@ static int ll_xattr_set_common(const struct xattr_handler *handler,
 		RETURN(0);

 	/* LU-549:  Disable security.selinux when selinux is disabled */
-	if (test_xattr_is_selinux_disabled(handler, name))
+	if (handler->flags == XATTR_SECURITY_T && !selinux_is_enabled() &&
+	    strcmp(name, "selinux") == 0)
 		RETURN(-EOPNOTSUPP);

 	/*
@@ -454,7 +444,8 @@ static int ll_xattr_get_common(const struct xattr_handler *handler,
 		RETURN(rc);

 	/* LU-549:  Disable security.selinux when selinux is disabled */
-	if (test_xattr_is_selinux_disabled(handler, name))
+	if (handler->flags == XATTR_SECURITY_T && !selinux_is_enabled() &&
+	    !strcmp(name, "selinux"))
 		RETURN(-EOPNOTSUPP);

 #ifdef CONFIG_LUSTRE_FS_POSIX_ACL