Whamcloud - gitweb
git://git.whamcloud.com / fs / lustre-release.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: c9efb1e)
LU-549 llite: Improve statfs performance if selinux is disabled
authorKeith <keith@whamcloud.com>
Thu, 28 Jun 2012 20:24:54 +0000 (13:24 -0700)
committerOleg Drokin <green@whamcloud.com>
Thu, 12 Jul 2012 19:19:02 +0000 (15:19 -0400)
Don't disable all security xattrs when selinux is disabled just
disable security.selinux. Disabling all security xattrs was
overreaching and causing issues at a customer site.

This patch is built ontop of the original patch:
commit 7cc542fd4c26ccb117ceb13a47ac8ced3107b9b3.

Signed-off-by: Keith Mannthey <keith@whamcloud.com>
Change-Id: I73482d2ff1f166a48dceb3737df0e9e1b187dc85
Reviewed-on: http://review.whamcloud.com/2955
Reviewed-by: Andreas Dilger <adilger@whamcloud.com>
Tested-by: Hudson
Reviewed-by: Fan Yong <yong.fan@whamcloud.com>
Tested-by: Maloo <whamcloud.maloo@gmail.com>
Reviewed-by: Oleg Drokin <green@whamcloud.com>
lustre/llite/xattr.c patch | blob | history

diff --git a/lustre/llite/xattr.c b/lustre/llite/xattr.c
index c765611..03a8fae 100644 (file)
--- a/lustre/llite/xattr.c
+++ b/lustre/llite/xattr.c
@@ -96,8 +96,6 @@ int xattr_type_filter(struct ll_sb_info *sbi, int xattr_type)
            !(sbi->ll_flags & LL_SBI_ACL))
                 return -EOPNOTSUPP;
 
-        if (xattr_type == XATTR_SECURITY_T && !selinux_is_enabled())
-                return -EOPNOTSUPP;
         if (xattr_type == XATTR_USER_T && !(sbi->ll_flags & LL_SBI_USER_XATTR))
                 return -EOPNOTSUPP;
         if (xattr_type == XATTR_TRUSTED_T && !cfs_capable(CFS_CAP_SYS_ADMIN))
@@ -138,6 +136,11 @@ int ll_setxattr_common(struct inode *inode, const char *name,
             strcmp(name, "security.capability") == 0))
                 RETURN(0);
 
+        /* LU-549:  Disable security.selinux when selinux is disabled */
+        if (xattr_type == XATTR_SECURITY_T && !selinux_is_enabled() &&
+            strcmp(name, "security.selinux") == 0)
+                RETURN(-EOPNOTSUPP);
+
 #ifdef CONFIG_FS_POSIX_ACL
         if (sbi->ll_flags & LL_SBI_RMT_CLIENT &&
             (xattr_type == XATTR_ACL_ACCESS_T ||
@@ -307,6 +310,11 @@ int ll_getxattr_common(struct inode *inode, const char *name,
             strcmp(name, "security.capability") == 0))
                 RETURN(-ENODATA);
 
+        /* LU-549:  Disable security.selinux when selinux is disabled */
+        if (xattr_type == XATTR_SECURITY_T && !selinux_is_enabled() &&
+            strcmp(name, "security.selinux") == 0)
+                RETURN(-EOPNOTSUPP);
+
 #ifdef CONFIG_FS_POSIX_ACL
         if (sbi->ll_flags & LL_SBI_RMT_CLIENT &&
             (xattr_type == XATTR_ACL_ACCESS_T ||
Lustre primary development and releases