Even if selinux is disabled, client still tries to get selinux
attributes from MDS. As xattrs are not yet cached, this significantly
slows down xattr heavy operations like ls -l. This patch forces
to return -EOPNOTSUPP on the client side if selinux is disabled.
It speeds up ls -l 25% for cold-cache case and 50% for hot-cache
case.
Signed-off-by: Yevheniy Demchenko <zheka@uvt.cz>
Change-Id: I5e416093bba4126e5fcad62d8c0a2963c1866386
Reviewed-on: http://review.whamcloud.com/2503
Reviewed-by: Andreas Dilger <adilger@whamcloud.com>
Tested-by: Hudson
Tested-by: Maloo <whamcloud.maloo@gmail.com>
Reviewed-by: Fan Yong <yong.fan@whamcloud.com>
Reviewed-by: Oleg Drokin <green@whamcloud.com>
[set_cpus_allowed is exported by the kernel])],
[AC_MSG_RESULT([no])] )])
+# 2.6.32 introduces selinux_is_enabled()
+AC_DEFUN([LC_SELINUX_IS_ENABLED],
+[AC_MSG_CHECKING([if selinux_is_enabled is available])
+LB_LINUX_TRY_COMPILE([
+ #include <linux/selinux.h>
+],[
+ selinux_is_enabled();
+],[
+ AC_MSG_RESULT([yes])
+ AC_DEFINE(HAVE_SELINUX_IS_ENABLED, 1,
+ [selinux_is_enabled is defined])
+],[
+ AC_MSG_RESULT([no])
+])
+])
+
#
# LC_D_OBTAIN_ALIAS
# starting from 2.6.28 kernel replaces d_alloc_anon() with
LC_SET_CPUS_ALLOWED
LC_CACHE_UPCALL
LC_EXPORT_GENERIC_ERROR_REMOVE_PAGE
+ LC_SELINUX_IS_ENABLED
# 2.6.35, 3.0.0
LC_FILE_FSYNC
# define TIMES_SET_FLAGS (ATTR_MTIME_SET | ATTR_ATIME_SET)
#endif
+#ifndef HAVE_SELINUX_IS_ENABLED
+static inline bool selinux_is_enabled(void)
+{
+ return 0;
+}
+#endif
+
#endif /* __KERNEL__ */
#endif /* _COMPAT25_H */
#include <linux/sched.h>
#include <linux/mm.h>
#include <linux/smp_lock.h>
+#ifdef HAVE_SELINUX_IS_ENABLED
+#include <linux/selinux.h>
+#endif
#define DEBUG_SUBSYSTEM S_LLITE
!(sbi->ll_flags & LL_SBI_ACL))
return -EOPNOTSUPP;
+ if (xattr_type == XATTR_SECURITY_T && !selinux_is_enabled())
+ return -EOPNOTSUPP;
if (xattr_type == XATTR_USER_T && !(sbi->ll_flags & LL_SBI_USER_XATTR))
return -EOPNOTSUPP;
if (xattr_type == XATTR_TRUSTED_T && !cfs_capable(CFS_CAP_SYS_ADMIN))