Commit 994287bd authored by Shaun Tancheff's avatar Shaun Tancheff Committed by Oleg Drokin
Browse files

LU-13742 llite: do not bypass selinux xattr handling

Without the hint from selinux_is_enabled() to determine if selinux
is running at boot the performance fix from LU-549 to skip handling
of selinux xattrs cannot be correctly handled.

The correct path is to act is if selinux is enabled.

This fixes a bug introduced by LU-12355 that now exists in
RHEL 8.2 kernels where clients have enabled selinux.

Fixes: 39e5bfa7

 ("LU-12355 llite: include file linux/selinux.h removed")
Test-Parameters: clientdistro=el8.2 serverdistro=el8.2 clientselinux testlist=sanity-selinux
Test-Parameters: clientdistro=el8.1 serverdistro=el8.1 clientselinux testlist=sanity-selinux
Signed-off-by: default avatarShaun Tancheff <shaun.tancheff@hpe.com>
Change-Id: I6fb5ed9ecdb79545225b5586b90509eb157a355b
Reviewed-on: https://review.whamcloud.com/39569

Reviewed-by: default avatarSebastien Buisson <sbuisson@ddn.com>
Tested-by: default avatarjenkins <devops@whamcloud.com>
Reviewed-by: default avatarAndreas Dilger <adilger@whamcloud.com>
Tested-by: default avatarMaloo <maloo@whamcloud.com>
Reviewed-by: default avatarOleg Drokin <green@whamcloud.com>
parent fb8ef58e
......@@ -54,17 +54,6 @@ static inline const char *xattr_prefix(const struct xattr_handler *handler)
}
#endif
#ifdef HAVE_LINUX_SELINUX_IS_ENABLED
# define test_xattr_is_selinux_disabled(handler, name) \
((handler)->flags == XATTR_SECURITY_T && \
!selinux_is_enabled() && \
strcmp((name), "selinux") == 0)
#else
# define test_xattr_is_selinux_disabled(handler, name) \
((handler)->flags == XATTR_SECURITY_T && \
strcmp((name), "selinux") == 0)
#endif
const struct xattr_handler *get_xattr_type(const char *name)
{
int i;
......@@ -146,7 +135,8 @@ static int ll_xattr_set_common(const struct xattr_handler *handler,
RETURN(0);
/* LU-549: Disable security.selinux when selinux is disabled */
if (test_xattr_is_selinux_disabled(handler, name))
if (handler->flags == XATTR_SECURITY_T && !selinux_is_enabled() &&
strcmp(name, "selinux") == 0)
RETURN(-EOPNOTSUPP);
/*
......@@ -454,7 +444,8 @@ static int ll_xattr_get_common(const struct xattr_handler *handler,
RETURN(rc);
/* LU-549: Disable security.selinux when selinux is disabled */
if (test_xattr_is_selinux_disabled(handler, name))
if (handler->flags == XATTR_SECURITY_T && !selinux_is_enabled() &&
!strcmp(name, "selinux"))
RETURN(-EOPNOTSUPP);
#ifdef CONFIG_LUSTRE_FS_POSIX_ACL
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment