From 994287bd47819ebd8badb716da4232cdff97d324 Mon Sep 17 00:00:00 2001
From: Shaun Tancheff <shaun.tancheff@hpe.com>
Date: Wed, 5 Aug 2020 09:17:03 -0500
Subject: [PATCH] LU-13742 llite: do not bypass selinux xattr handling

Without the hint from selinux_is_enabled() to determine if selinux
is running at boot the performance fix from LU-549 to skip handling
of selinux xattrs cannot be correctly handled.

The correct path is to act is if selinux is enabled.

This fixes a bug introduced by LU-12355 that now exists in
RHEL 8.2 kernels where clients have enabled selinux.

Fixes: 39e5bfa734 ("LU-12355 llite: include file linux/selinux.h removed")
Test-Parameters: clientdistro=el8.2 serverdistro=el8.2 clientselinux testlist=sanity-selinux
Test-Parameters: clientdistro=el8.1 serverdistro=el8.1 clientselinux testlist=sanity-selinux
Signed-off-by: Shaun Tancheff <shaun.tancheff@hpe.com>
Change-Id: I6fb5ed9ecdb79545225b5586b90509eb157a355b
Reviewed-on: https://review.whamcloud.com/39569
Reviewed-by: Sebastien Buisson <sbuisson@ddn.com>
Tested-by: jenkins <devops@whamcloud.com>
Reviewed-by: Andreas Dilger <adilger@whamcloud.com>
Tested-by: Maloo <maloo@whamcloud.com>
Reviewed-by: Oleg Drokin <green@whamcloud.com>
---
 lustre/llite/xattr.c | 17 ++++-------------
 1 file changed, 4 insertions(+), 13 deletions(-)

diff --git a/lustre/llite/xattr.c b/lustre/llite/xattr.c
index c1535bd..c5eff78 100644
--- a/lustre/llite/xattr.c
+++ b/lustre/llite/xattr.c
@@ -54,17 +54,6 @@ static inline const char *xattr_prefix(const struct xattr_handler *handler)
 }
 #endif
 
-#ifdef HAVE_LINUX_SELINUX_IS_ENABLED
-# define test_xattr_is_selinux_disabled(handler, name) \
-		((handler)->flags == XATTR_SECURITY_T && \
-		!selinux_is_enabled() && \
-		strcmp((name), "selinux") == 0)
-#else
-# define test_xattr_is_selinux_disabled(handler, name) \
-		((handler)->flags == XATTR_SECURITY_T && \
-		strcmp((name), "selinux") == 0)
-#endif
-
 const struct xattr_handler *get_xattr_type(const char *name)
 {
 	int i;
@@ -146,7 +135,8 @@ static int ll_xattr_set_common(const struct xattr_handler *handler,
 		RETURN(0);
 
 	/* LU-549:  Disable security.selinux when selinux is disabled */
-	if (test_xattr_is_selinux_disabled(handler, name))
+	if (handler->flags == XATTR_SECURITY_T && !selinux_is_enabled() &&
+	    strcmp(name, "selinux") == 0)
 		RETURN(-EOPNOTSUPP);
 
 	/*
@@ -454,7 +444,8 @@ static int ll_xattr_get_common(const struct xattr_handler *handler,
 		RETURN(rc);
 
 	/* LU-549:  Disable security.selinux when selinux is disabled */
-	if (test_xattr_is_selinux_disabled(handler, name))
+	if (handler->flags == XATTR_SECURITY_T && !selinux_is_enabled() &&
+	    !strcmp(name, "selinux"))
 		RETURN(-EOPNOTSUPP);
 
 #ifdef CONFIG_LUSTRE_FS_POSIX_ACL
-- 
1.8.3.1