LU-13742 llite: do not bypass selinux xattr handling

Without the hint from selinux_is_enabled() to determine if selinux
is running at boot the performance fix from LU-549 to skip handling
of selinux xattrs cannot be correctly handled.

The correct path is to act is if selinux is enabled.

This fixes a bug introduced by LU-12355 that now exists in
RHEL 8.2 kernels where clients have enabled selinux.

Fixes: 39e5bfa734 ("LU-12355 llite: include file linux/selinux.h removed")
Test-Parameters: clientdistro=el8.2 serverdistro=el8.2 clientselinux testlist=sanity-selinux
Test-Parameters: clientdistro=el8.1 serverdistro=el8.1 clientselinux testlist=sanity-selinux
Signed-off-by: Shaun Tancheff <shaun.tancheff@hpe.com>
Change-Id: I6fb5ed9ecdb79545225b5586b90509eb157a355b
Reviewed-on: https://review.whamcloud.com/39569
Reviewed-by: Sebastien Buisson <sbuisson@ddn.com>
Tested-by: jenkins <devops@whamcloud.com>
Reviewed-by: Andreas Dilger <adilger@whamcloud.com>
Tested-by: Maloo <maloo@whamcloud.com>
Reviewed-by: Oleg Drokin <green@whamcloud.com>

diff --git a/lustre/llite/xattr.c b/lustre/llite/xattr.c
index c1535bd..c5eff78 100644 (file)
--- a/lustre/llite/xattr.c
+++ b/lustre/llite/xattr.c
@@ -54,17 +54,6 @@ static inline const char *xattr_prefix(const struct xattr_handler *handler)
 }
 #endif
 
-#ifdef HAVE_LINUX_SELINUX_IS_ENABLED
-# define test_xattr_is_selinux_disabled(handler, name) \
-               ((handler)->flags == XATTR_SECURITY_T && \
-               !selinux_is_enabled() && \
-               strcmp((name), "selinux") == 0)
-#else
-# define test_xattr_is_selinux_disabled(handler, name) \
-               ((handler)->flags == XATTR_SECURITY_T && \
-               strcmp((name), "selinux") == 0)
-#endif
-
 const struct xattr_handler *get_xattr_type(const char *name)
 {
        int i;
@@ -146,7 +135,8 @@ static int ll_xattr_set_common(const struct xattr_handler *handler,
                RETURN(0);
 
        /* LU-549:  Disable security.selinux when selinux is disabled */
-       if (test_xattr_is_selinux_disabled(handler, name))
+       if (handler->flags == XATTR_SECURITY_T && !selinux_is_enabled() &&
+           strcmp(name, "selinux") == 0)
                RETURN(-EOPNOTSUPP);
 
        /*
@@ -454,7 +444,8 @@ static int ll_xattr_get_common(const struct xattr_handler *handler,
                RETURN(rc);
 
        /* LU-549:  Disable security.selinux when selinux is disabled */
-       if (test_xattr_is_selinux_disabled(handler, name))
+       if (handler->flags == XATTR_SECURITY_T && !selinux_is_enabled() &&
+           !strcmp(name, "selinux"))
                RETURN(-EOPNOTSUPP);
 
 #ifdef CONFIG_LUSTRE_FS_POSIX_ACL