LU-16012 sec: fix detection of SELinux enforcement

[fs/lustre-release.git] / lustre / llite / xattr_security.c

diff --git a/lustre/llite/xattr_security.c b/lustre/llite/xattr_security.c
index 3993700..caf89be 100644 (file)
--- a/lustre/llite/xattr_security.c
+++ b/lustre/llite/xattr_security.c
@@ -50,7 +50,8 @@
 /*
  * Check for LL_SBI_FILE_SECCTX before calling.
  */
-int ll_dentry_init_security(struct dentry *dentry, int mode, struct qstr *name,
+int ll_dentry_init_security(struct inode *parent, struct dentry *dentry,
+                           int mode, struct qstr *name,
                            const char **secctx_name, void **secctx,
                            __u32 *secctx_size)
 {
@@ -73,6 +74,15 @@ int ll_dentry_init_security(struct dentry *dentry, int mode, struct qstr *name,
        if (!selinux_is_enabled())
                return 0;
 
+       /* fetch length of security xattr name */
+       rc = security_inode_listsecurity(parent, NULL, 0);
+       /* xattr name length == 0 means SELinux is disabled */
+       if (rc == 0)
+               return 0;
+       /* we support SELinux only */
+       if (rc != strlen(XATTR_NAME_SELINUX) + 1)
+               return -EOPNOTSUPP;
+
        rc = security_dentry_init_security(dentry, mode, name, secctx,
                                           secctx_size);
        /* Usually, security_dentry_init_security() returns -EOPNOTSUPP when