From: James Simmons <jsimmons@infradead.org>
To: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
devel@driverdev.osuosl.org,
Andreas Dilger <andreas.dilger@intel.com>,
Oleg Drokin <oleg.drokin@intel.com>, NeilBrown <neilb@suse.com>
Cc: Robin Humble <plaguedbypenguins@gmail.com>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
Lustre Development List <lustre-devel@lists.lustre.org>
Subject: [lustre-devel] [PATCH 06/22] staging: lustre: llite: Remove filtering of seclabel xattr
Date: Mon, 16 Apr 2018 00:14:55 -0400 [thread overview]
Message-ID: <1523852111-17321-7-git-send-email-jsimmons@infradead.org> (raw)
In-Reply-To: <1523852111-17321-1-git-send-email-jsimmons@infradead.org>
From: Robin Humble <plaguedbypenguins@gmail.com>
The security.capability xattr is used to implement File
Capabilities in recent Linux versions. Capabilities are a
fine grained approach to granting executables elevated
privileges. eg. /bin/ping can have capabilities
cap_net_admin, cap_net_raw+ep instead of being setuid root.
This xattr has long been filtered out by llite, initially for
stability reasons (b15587), and later over performance
concerns as this xattr is read for every file with eg.
'ls --color'. Since LU-2869 xattr's are cached on clients,
alleviating most performance concerns.
Removing llite's filtering of the security.capability xattr
enables using Lustre as a root filesystem, which is used on
some large clusters.
Signed-off-by: Robin Humble <plaguedbypenguins@gmail.com>
Intel-bug-id: https://jira.hpdd.intel.com/browse/LU-9562
Reviewed-on: https://review.whamcloud.com/27292
Reviewed-by: John L. Hammond <john.hammond@intel.com>
Reviewed-by: Sebastien Buisson <sbuisson@ddn.com>
Reviewed-by: Oleg Drokin <oleg.drokin@intel.com>
Signed-off-by: James Simmons <jsimmons@infradead.org>
---
drivers/staging/lustre/lustre/llite/xattr.c | 9 ---------
1 file changed, 9 deletions(-)
diff --git a/drivers/staging/lustre/lustre/llite/xattr.c b/drivers/staging/lustre/lustre/llite/xattr.c
index 2d78432..55a19a5 100644
--- a/drivers/staging/lustre/lustre/llite/xattr.c
+++ b/drivers/staging/lustre/lustre/llite/xattr.c
@@ -117,11 +117,6 @@ static int xattr_type_filter(struct ll_sb_info *sbi,
(handler->flags == XATTR_LUSTRE_T && !strcmp(name, "lov"))))
return 0;
- /* b15587: ignore security.capability xattr for now */
- if ((handler->flags == XATTR_SECURITY_T &&
- !strcmp(name, "capability")))
- return 0;
-
/* LU-549: Disable security.selinux when selinux is disabled */
if (handler->flags == XATTR_SECURITY_T && !selinux_is_enabled() &&
strcmp(name, "selinux") == 0)
@@ -383,10 +378,6 @@ static int ll_xattr_get_common(const struct xattr_handler *handler,
if (rc)
return rc;
- /* b15587: ignore security.capability xattr for now */
- if ((handler->flags == XATTR_SECURITY_T && !strcmp(name, "capability")))
- return -ENODATA;
-
/* LU-549: Disable security.selinux when selinux is disabled */
if (handler->flags == XATTR_SECURITY_T && !selinux_is_enabled() &&
!strcmp(name, "selinux"))
--
1.8.3.1
next prev parent reply other threads:[~2018-04-16 4:14 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-04-16 4:14 [lustre-devel] [PATCH 00/22] staging: lustre: llite: fix xattr handling James Simmons
2018-04-16 4:14 ` [lustre-devel] [PATCH 01/22] staging: lustre: llite: initialize xattr->xe_namelen James Simmons
2018-04-16 4:14 ` [lustre-devel] [PATCH 02/22] staging: lustre: obd: create it_has_reply_body() James Simmons
2018-04-16 4:14 ` [lustre-devel] [PATCH 03/22] staging: lustre: obd: change debug reporting in lmv_enqueue() James Simmons
2018-04-16 4:14 ` [lustre-devel] [PATCH 04/22] staging: lustre: ldlm: xattr locks are lost on mdt James Simmons
2018-04-16 4:14 ` [lustre-devel] [PATCH 05/22] staging: lustre: llite: handle xattr cache refill race James Simmons
2018-04-16 4:14 ` James Simmons [this message]
2018-04-16 4:14 ` [lustre-devel] [PATCH 07/22] staging: lustre: llite: refactor lustre.lov xattr handling James Simmons
2018-04-16 4:14 ` [lustre-devel] [PATCH 08/22] staging: lustre: llite: add simple comment about lustre.lov xattrs James Simmons
2018-04-16 4:14 ` [lustre-devel] [PATCH 09/22] staging: lustre: llite: break up ll_setstripe_ea function James Simmons
2018-04-16 4:14 ` [lustre-devel] [PATCH 10/22] staging: lustre: llite: return from ll_adjust_lum() if lump is NULL James Simmons
2018-04-16 4:15 ` [lustre-devel] [PATCH 11/22] staging: lustre: llite: eat -EEXIST on setting trusted.lov James Simmons
2018-04-16 4:15 ` [lustre-devel] [PATCH 12/22] staging: lustre: llite: fix invalid size test in ll_setstripe_ea() James Simmons
2018-04-16 4:15 ` [lustre-devel] [PATCH 13/22] staging: lustre: llite: remove newline in fullname strings James Simmons
2018-04-16 4:15 ` [lustre-devel] [PATCH 14/22] staging: lustre: llite: record in stats attempted removal of lma/link xattr James Simmons
2018-04-16 4:15 ` [lustre-devel] [PATCH 15/22] staging: lustre: llite: cleanup posix acl xattr code James Simmons
2018-04-16 4:15 ` [lustre-devel] [PATCH 16/22] staging: lustre: llite: use proper types in the " James Simmons
2018-04-16 4:15 ` [lustre-devel] [PATCH 17/22] staging: lustre: llite: cleanup xattr code comments James Simmons
2018-04-16 4:15 ` [lustre-devel] [PATCH 18/22] staging: lustre: llite: style changes in xattr.c James Simmons
2018-04-16 4:15 ` [lustre-devel] [PATCH 19/22] staging: lustre: llite: add support set_acl method in inode operations James Simmons
2018-04-17 8:38 ` Dan Carpenter
2018-04-16 4:15 ` [lustre-devel] [PATCH 20/22] staging: lustre: llite: use xattr_handler name for ACLs James Simmons
2018-04-16 4:15 ` [lustre-devel] [PATCH 21/22] staging: lustre: llite: correct removexattr detection James Simmons
2018-04-16 4:15 ` [lustre-devel] [PATCH 22/22] staging: lustre: llite: remove unused parameters from md_{get, set}xattr() James Simmons
2018-04-23 12:58 ` [lustre-devel] [PATCH 00/22] staging: lustre: llite: fix xattr handling Greg Kroah-Hartman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1523852111-17321-7-git-send-email-jsimmons@infradead.org \
--to=jsimmons@infradead.org \
--cc=andreas.dilger@intel.com \
--cc=devel@driverdev.osuosl.org \
--cc=gregkh@linuxfoundation.org \
--cc=linux-kernel@vger.kernel.org \
--cc=lustre-devel@lists.lustre.org \
--cc=neilb@suse.com \
--cc=oleg.drokin@intel.com \
--cc=plaguedbypenguins@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).