From 39e5bfa73414d18738001761b42ea0e3264c2983 Mon Sep 17 00:00:00 2001 From: Shaun Tancheff Date: Sun, 21 Jul 2019 00:09:01 -0500 Subject: [PATCH] LU-12355 llite: include file linux/selinux.h removed In kernel 5.1 linux/selinux.h was removed with SELinux: Remove unused selinux_is_enabled Linux-commit: 3d252529480c68bfd6a6774652df7c8968b28e41 Test-Parameters: trivial Signed-off-by: Shaun Tancheff Change-Id: If963e6b22b7b07899de5b970f934bb157c5f7cec Reviewed-on: https://review.whamcloud.com/35035 Tested-by: jenkins Tested-by: Maloo Reviewed-by: Sebastien Buisson Reviewed-by: Petros Koutoupis Reviewed-by: Oleg Drokin --- lustre/autoconf/lustre-core.m4 | 25 +++++++++++++++++++++++++ lustre/include/lustre_compat.h | 4 ++++ lustre/llite/xattr.c | 19 +++++++++++++++---- lustre/llite/xattr_security.c | 20 ++++++++++++++++---- lustre/obdclass/obd_mount_server.c | 2 ++ 5 files changed, 62 insertions(+), 8 deletions(-) diff --git a/lustre/autoconf/lustre-core.m4 b/lustre/autoconf/lustre-core.m4 index db48b1c2..22ed68a 100644 --- a/lustre/autoconf/lustre-core.m4 +++ b/lustre/autoconf/lustre-core.m4 @@ -2837,6 +2837,28 @@ EXTRA_KCFLAGS="$tmp_flags" ]) # LC_INODE_TIMESPEC64 # +# LC_HAS_LINUX_SELINUX_ENABLED +# +# kernel 5.1 commit 3d252529480c68bfd6a6774652df7c8968b28e41 +# SELinux: Remove unused selinux_is_enabled +# +AC_DEFUN([LC_HAS_LINUX_SELINUX_ENABLED], [ +tmp_flags="$EXTRA_KCFLAGS" +EXTRA_KCFLAGS="-Werror" +LB_CHECK_COMPILE([if linux/selinux.h exists], +selinux_is_enabled, [ + #include +],[ + bool has_selinux = selinux_is_enabled(); + (void)has_selinux; +],[ + AC_DEFINE(HAVE_LINUX_SELINUX_IS_ENABLED, 1, + [if linux/selinux.h exists]) +]) +EXTRA_KCFLAGS="$tmp_flags" +]) # LC_HAS_LINUX_SELINUX_ENABLED + +# # LC_PROG_LINUX # # Lustre linux kernel checks @@ -3065,6 +3087,9 @@ AC_DEFUN([LC_PROG_LINUX], [ # 5.0 LC_UAPI_LINUX_MOUNT_H + # 5.1 + LC_HAS_LINUX_SELINUX_ENABLED + # kernel patch to extend integrity interface LC_BIO_INTEGRITY_PREP_FN diff --git a/lustre/include/lustre_compat.h b/lustre/include/lustre_compat.h index 3abc2d8..5553521 100644 --- a/lustre/include/lustre_compat.h +++ b/lustre/include/lustre_compat.h @@ -741,4 +741,8 @@ static inline bool bdev_integrity_enabled(struct block_device *bdev, int rw) kmem_cache_create(name, size, align, flags, ctor) #endif +#ifndef HAVE_LINUX_SELINUX_IS_ENABLED +#define selinux_is_enabled() 1 +#endif + #endif /* _LUSTRE_COMPAT_H */ diff --git a/lustre/llite/xattr.c b/lustre/llite/xattr.c index 1bf2819..b8500df 100644 --- a/lustre/llite/xattr.c +++ b/lustre/llite/xattr.c @@ -34,7 +34,9 @@ #include #include #include +#ifdef HAVE_LINUX_SELINUX_IS_ENABLED #include +#endif #define DEBUG_SUBSYSTEM S_LLITE @@ -52,6 +54,17 @@ static inline const char *xattr_prefix(const struct xattr_handler *handler) } #endif +#ifdef HAVE_LINUX_SELINUX_IS_ENABLED +# define test_xattr_is_selinux_disabled(handler, name) \ + ((handler)->flags == XATTR_SECURITY_T && \ + !selinux_is_enabled() && \ + strcmp((name), "selinux") == 0) +#else +# define test_xattr_is_selinux_disabled(handler, name) \ + ((handler)->flags == XATTR_SECURITY_T && \ + strcmp((name), "selinux") == 0) +#endif + const struct xattr_handler *get_xattr_type(const char *name) { int i; @@ -135,8 +148,7 @@ static int ll_xattr_set_common(const struct xattr_handler *handler, RETURN(0); /* LU-549: Disable security.selinux when selinux is disabled */ - if (handler->flags == XATTR_SECURITY_T && !selinux_is_enabled() && - strcmp(name, "selinux") == 0) + if (test_xattr_is_selinux_disabled(handler, name)) RETURN(-EOPNOTSUPP); /* @@ -424,8 +436,7 @@ static int ll_xattr_get_common(const struct xattr_handler *handler, RETURN(rc); /* LU-549: Disable security.selinux when selinux is disabled */ - if (handler->flags == XATTR_SECURITY_T && !selinux_is_enabled() && - !strcmp(name, "selinux")) + if (test_xattr_is_selinux_disabled(handler, name)) RETURN(-EOPNOTSUPP); #ifdef CONFIG_FS_POSIX_ACL diff --git a/lustre/llite/xattr_security.c b/lustre/llite/xattr_security.c index 45f6483..e2bfe61 100644 --- a/lustre/llite/xattr_security.c +++ b/lustre/llite/xattr_security.c @@ -33,7 +33,9 @@ #include #include +#ifdef HAVE_LINUX_SELINUX_IS_ENABLED #include +#endif #include #include "llite_internal.h" @@ -55,7 +57,8 @@ int ll_dentry_init_security(struct dentry *dentry, int mode, struct qstr *name, #ifdef HAVE_SECURITY_DENTRY_INIT_SECURITY int rc; - /* security_dentry_init_security() is strange. Like + /* + * security_dentry_init_security() is strange. Like * security_inode_init_security() it may return a context (provided a * Linux security module is enabled) but unlike * security_inode_init_security() it does not return to us the name of @@ -65,13 +68,16 @@ int ll_dentry_init_security(struct dentry *dentry, int mode, struct qstr *name, * SELinux is the only module that implements * security_dentry_init_security(). Note that the NFS client code just * calls it and assumes that if anything is returned then it must come - * from SELinux. */ + * from SELinux. + */ if (!selinux_is_enabled()) return 0; rc = security_dentry_init_security(dentry, mode, name, secctx, secctx_size); + if (rc == -EOPNOTSUPP) + return 0; if (rc < 0) return rc; @@ -135,11 +141,17 @@ int ll_inode_init_security(struct dentry *dentry, struct inode *inode, struct inode *dir) { + int rc; + if (!selinux_is_enabled()) return 0; - return ll_security_inode_init_security(inode, dir, NULL, NULL, 0, - &ll_initxattrs, dentry); + rc = ll_security_inode_init_security(inode, dir, NULL, NULL, 0, + &ll_initxattrs, dentry); + if (rc == -EOPNOTSUPP) + return 0; + + return rc; } #else /* !HAVE_SECURITY_IINITSEC_CALLBACK */ /** diff --git a/lustre/obdclass/obd_mount_server.c b/lustre/obdclass/obd_mount_server.c index fed39fe..574e487 100644 --- a/lustre/obdclass/obd_mount_server.c +++ b/lustre/obdclass/obd_mount_server.c @@ -43,7 +43,9 @@ #define PRINT_MASK (D_SUPER | D_CONFIG) #include +#ifdef HAVE_LINUX_SELINUX_IS_ENABLED #include +#endif #include #include -- 1.8.3.1