Without the hint from selinux_is_enabled() to determine if selinux
is running at boot the performance fix from LU-549 to skip handling
of selinux xattrs cannot be correctly handled.
The correct path is to act is if selinux is enabled.
This fixes a bug introduced by LU-12355 that now exists in
RHEL 8.2 kernels where clients have enabled selinux.
Fixes:
39e5bfa734 ("LU-12355 llite: include file linux/selinux.h removed")
Test-Parameters: clientdistro=el8.2 serverdistro=el8.2 clientselinux testlist=sanity-selinux
Test-Parameters: clientdistro=el8.1 serverdistro=el8.1 clientselinux testlist=sanity-selinux
Signed-off-by: Shaun Tancheff <shaun.tancheff@hpe.com>
Change-Id: I6fb5ed9ecdb79545225b5586b90509eb157a355b
Reviewed-on: https://review.whamcloud.com/39569
Reviewed-by: Sebastien Buisson <sbuisson@ddn.com>
Tested-by: jenkins <devops@whamcloud.com>
Reviewed-by: Andreas Dilger <adilger@whamcloud.com>
Tested-by: Maloo <maloo@whamcloud.com>
Reviewed-by: Oleg Drokin <green@whamcloud.com>
-#ifdef HAVE_LINUX_SELINUX_IS_ENABLED
-# define test_xattr_is_selinux_disabled(handler, name) \
- ((handler)->flags == XATTR_SECURITY_T && \
- !selinux_is_enabled() && \
- strcmp((name), "selinux") == 0)
-#else
-# define test_xattr_is_selinux_disabled(handler, name) \
- ((handler)->flags == XATTR_SECURITY_T && \
- strcmp((name), "selinux") == 0)
-#endif
-
const struct xattr_handler *get_xattr_type(const char *name)
{
int i;
const struct xattr_handler *get_xattr_type(const char *name)
{
int i;
RETURN(0);
/* LU-549: Disable security.selinux when selinux is disabled */
RETURN(0);
/* LU-549: Disable security.selinux when selinux is disabled */
- if (test_xattr_is_selinux_disabled(handler, name))
+ if (handler->flags == XATTR_SECURITY_T && !selinux_is_enabled() &&
+ strcmp(name, "selinux") == 0)
RETURN(rc);
/* LU-549: Disable security.selinux when selinux is disabled */
RETURN(rc);
/* LU-549: Disable security.selinux when selinux is disabled */
- if (test_xattr_is_selinux_disabled(handler, name))
+ if (handler->flags == XATTR_SECURITY_T && !selinux_is_enabled() &&
+ !strcmp(name, "selinux"))
RETURN(-EOPNOTSUPP);
#ifdef CONFIG_LUSTRE_FS_POSIX_ACL
RETURN(-EOPNOTSUPP);
#ifdef CONFIG_LUSTRE_FS_POSIX_ACL