From 7904abf2ac28c11345954c6aad0546ee5776860b Mon Sep 17 00:00:00 2001 From: Sebastien Buisson Date: Mon, 15 Nov 2021 13:31:36 -0800 Subject: [PATCH] LU-15184 llite: properly detect SELinux disabled case Usually, security_dentry_init_security() returns -EOPNOTSUPP when SELinux is disabled. But on some kernels (e.g. rhel 8.5) it returns 0 when SELinux is disabled, and in this case the security context is empty. So in both cases make sure the security context name is not set, which means "SELinux is disabled" for the rest of the code. Lustre-change: https://review.whamcloud.com/45501 Lustre-commit: TBD (from 85779753abe0451e2b0b82dcf5d4a4d111b0bfb8) Signed-off-by: Sebastien Buisson Change-Id: I3b9608f9768288de89570c158e8429560fa0213f Reviewed-on: https://review.whamcloud.com/45524 Tested-by: jenkins Tested-by: Maloo Reviewed-by: Oleg Drokin --- lustre/llite/xattr_security.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/lustre/llite/xattr_security.c b/lustre/llite/xattr_security.c index 94679b8..3993700 100644 --- a/lustre/llite/xattr_security.c +++ b/lustre/llite/xattr_security.c @@ -75,7 +75,13 @@ int ll_dentry_init_security(struct dentry *dentry, int mode, struct qstr *name, rc = security_dentry_init_security(dentry, mode, name, secctx, secctx_size); - if (rc == -EOPNOTSUPP) + /* Usually, security_dentry_init_security() returns -EOPNOTSUPP when + * SELinux is disabled. + * But on some kernels (e.g. rhel 8.5) it returns 0 when SELinux is + * disabled, and in this case the security context is empty. + */ + if (rc == -EOPNOTSUPP || (rc == 0 && *secctx_size == 0)) + /* do nothing */ return 0; if (rc < 0) return rc; -- 1.8.3.1