From 9bcac0b87330a199e512ca52a8932e3ad7c6e42f Mon Sep 17 00:00:00 2001
From: Keith <keith@whamcloud.com>
Date: Thu, 28 Jun 2012 13:24:54 -0700
Subject: [PATCH] LU-549 llite: Improve statfs performance if selinux is
 disabled

Don't disable all security xattrs when selinux is disabled just
disable security.selinux. Disabling all security xattrs was
overreaching and causing issues at a customer site.

This patch is built ontop of the original patch:
commit 7cc542fd4c26ccb117ceb13a47ac8ced3107b9b3.

Signed-off-by: Keith Mannthey <keith@whamcloud.com>
Change-Id: I73482d2ff1f166a48dceb3737df0e9e1b187dc85
Reviewed-on: http://review.whamcloud.com/2955
Reviewed-by: Andreas Dilger <adilger@whamcloud.com>
Tested-by: Hudson
Reviewed-by: Fan Yong <yong.fan@whamcloud.com>
Tested-by: Maloo <whamcloud.maloo@gmail.com>
Reviewed-by: Oleg Drokin <green@whamcloud.com>
---
 lustre/llite/xattr.c | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/lustre/llite/xattr.c b/lustre/llite/xattr.c
index c765611..03a8fae 100644
--- a/lustre/llite/xattr.c
+++ b/lustre/llite/xattr.c
@@ -96,8 +96,6 @@ int xattr_type_filter(struct ll_sb_info *sbi, int xattr_type)
            !(sbi->ll_flags & LL_SBI_ACL))
                 return -EOPNOTSUPP;
 
-        if (xattr_type == XATTR_SECURITY_T && !selinux_is_enabled())
-                return -EOPNOTSUPP;
         if (xattr_type == XATTR_USER_T && !(sbi->ll_flags & LL_SBI_USER_XATTR))
                 return -EOPNOTSUPP;
         if (xattr_type == XATTR_TRUSTED_T && !cfs_capable(CFS_CAP_SYS_ADMIN))
@@ -138,6 +136,11 @@ int ll_setxattr_common(struct inode *inode, const char *name,
             strcmp(name, "security.capability") == 0))
                 RETURN(0);
 
+        /* LU-549:  Disable security.selinux when selinux is disabled */
+        if (xattr_type == XATTR_SECURITY_T && !selinux_is_enabled() &&
+            strcmp(name, "security.selinux") == 0)
+                RETURN(-EOPNOTSUPP);
+
 #ifdef CONFIG_FS_POSIX_ACL
         if (sbi->ll_flags & LL_SBI_RMT_CLIENT &&
             (xattr_type == XATTR_ACL_ACCESS_T ||
@@ -307,6 +310,11 @@ int ll_getxattr_common(struct inode *inode, const char *name,
             strcmp(name, "security.capability") == 0))
                 RETURN(-ENODATA);
 
+        /* LU-549:  Disable security.selinux when selinux is disabled */
+        if (xattr_type == XATTR_SECURITY_T && !selinux_is_enabled() &&
+            strcmp(name, "security.selinux") == 0)
+                RETURN(-EOPNOTSUPP);
+
 #ifdef CONFIG_FS_POSIX_ACL
         if (sbi->ll_flags & LL_SBI_RMT_CLIENT &&
             (xattr_type == XATTR_ACL_ACCESS_T ||
-- 
1.8.3.1