Usually, security_dentry_init_security() returns -EOPNOTSUPP when
SELinux is disabled. But on some kernels (e.g. rhel 8.5) it returns
0 when SELinux is disabled, and in this case the security context is
empty.
So in both cases make sure the security context name is not set, which
means "SELinux is disabled" for the rest of the code.
Lustre-change: https://review.whamcloud.com/45501
Lustre-commit: TBD (from
85779753abe0451e2b0b82dcf5d4a4d111b0bfb8)
Signed-off-by: Sebastien Buisson <sbuisson@ddn.com>
Change-Id: I3b9608f9768288de89570c158e8429560fa0213f
Reviewed-on: https://review.whamcloud.com/45524
Tested-by: jenkins <devops@whamcloud.com>
Tested-by: Maloo <maloo@whamcloud.com>
Reviewed-by: Oleg Drokin <green@whamcloud.com>
rc = security_dentry_init_security(dentry, mode, name, secctx,
secctx_size);
- if (rc == -EOPNOTSUPP)
+ /* Usually, security_dentry_init_security() returns -EOPNOTSUPP when
+ * SELinux is disabled.
+ * But on some kernels (e.g. rhel 8.5) it returns 0 when SELinux is
+ * disabled, and in this case the security context is empty.
+ */
+ if (rc == -EOPNOTSUPP || (rc == 0 && *secctx_size == 0))
+ /* do nothing */
return 0;
if (rc < 0)
return rc;