LU-15184 llite: properly detect SELinux disabled case

Usually, security_dentry_init_security() returns -EOPNOTSUPP when
SELinux is disabled. But on some kernels (e.g. rhel 8.5) it returns
0 when SELinux is disabled, and in this case the security context is
empty.
So in both cases make sure the security context name is not set, which
means "SELinux is disabled" for the rest of the code.

Signed-off-by: Sebastien Buisson <sbuisson@ddn.com>
Change-Id: I3b9608f9768288de89570c158e8429560fa0213f
Reviewed-on: https://review.whamcloud.com/45501
Reviewed-by: Jian Yu <yujian@whamcloud.com>
Reviewed-by: Shaun Tancheff <shaun.tancheff@hpe.com>
Tested-by: jenkins <devops@whamcloud.com>
Reviewed-by: John L. Hammond <jhammond@whamcloud.com>
Tested-by: Maloo <maloo@whamcloud.com>
Reviewed-by: Oleg Drokin <green@whamcloud.com>

diff --git a/lustre/llite/xattr_security.c b/lustre/llite/xattr_security.c
index 94679b8..3993700 100644 (file)
--- a/lustre/llite/xattr_security.c
+++ b/lustre/llite/xattr_security.c
@@ -75,7 +75,13 @@ int ll_dentry_init_security(struct dentry *dentry, int mode, struct qstr *name,
 
        rc = security_dentry_init_security(dentry, mode, name, secctx,
                                           secctx_size);
-       if (rc == -EOPNOTSUPP)
+       /* Usually, security_dentry_init_security() returns -EOPNOTSUPP when
+        * SELinux is disabled.
+        * But on some kernels (e.g. rhel 8.5) it returns 0 when SELinux is
+        * disabled, and in this case the security context is empty.
+        */
+       if (rc == -EOPNOTSUPP || (rc == 0 && *secctx_size == 0))
+               /* do nothing */
                return 0;
        if (rc < 0)
                return rc;