From: James Simmons <jsimmons@infradead.org>
To: Andreas Dilger <adilger@whamcloud.com>,
Oleg Drokin <green@whamcloud.com>, NeilBrown <neilb@suse.de>
Cc: Lustre Development List <lustre-devel@lists.lustre.org>
Subject: [lustre-devel] [PATCH 09/12] lustre: llite: properly detect SELinux disabled case
Date: Sun, 12 Dec 2021 10:08:00 -0500 [thread overview]
Message-ID: <1639321683-22909-10-git-send-email-jsimmons@infradead.org> (raw)
In-Reply-To: <1639321683-22909-1-git-send-email-jsimmons@infradead.org>
From: Sebastien Buisson <sbuisson@ddn.com>
Usually, security_dentry_init_security() returns -EOPNOTSUPP when
SELinux is disabled. But on some kernels it returns 0 when SELinux
is disabled, and in this case the security context is empty.
So in both cases make sure the security context name is not set, which
means "SELinux is disabled" for the rest of the code.
WC-bug-id: https://jira.whamcloud.com/browse/LU-15184
Lustre-commit: 42661f7ba106b7d2e ("LU-15184 llite: properly detect SELinux disabled case")
Signed-off-by: Sebastien Buisson <sbuisson@ddn.com>
Reviewed-on: https://review.whamcloud.com/45501
Reviewed-by: Jian Yu <yujian@whamcloud.com>
Reviewed-by: Shaun Tancheff <shaun.tancheff@hpe.com>
Reviewed-by: John L. Hammond <jhammond@whamcloud.com>
Reviewed-by: Oleg Drokin <green@whamcloud.com>
Signed-off-by: James Simmons <jsimmons@infradead.org>
---
fs/lustre/llite/xattr_security.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/fs/lustre/llite/xattr_security.c b/fs/lustre/llite/xattr_security.c
index e4fb64a..f14021d 100644
--- a/fs/lustre/llite/xattr_security.c
+++ b/fs/lustre/llite/xattr_security.c
@@ -60,7 +60,13 @@ int ll_dentry_init_security(struct dentry *dentry, int mode, struct qstr *name,
rc = security_dentry_init_security(dentry, mode, name, secctx,
secctx_size);
- if (rc == -EOPNOTSUPP)
+ /* Usually, security_dentry_init_security() returns -EOPNOTSUPP when
+ * SELinux is disabled.
+ * But on some kernels (e.g. rhel 8.5) it returns 0 when SELinux is
+ * disabled, and in this case the security context is empty.
+ */
+ if (rc == -EOPNOTSUPP || (rc == 0 && *secctx_size == 0))
+ /* do nothing */
return 0;
if (rc < 0)
return rc;
--
1.8.3.1
_______________________________________________
lustre-devel mailing list
lustre-devel@lists.lustre.org
http://lists.lustre.org/listinfo.cgi/lustre-devel-lustre.org
next prev parent reply other threads:[~2021-12-12 15:09 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-12-12 15:07 [lustre-devel] [PATCH 00/12] lustre: backport OpenSFS work Dec 12, 2021 James Simmons
2021-12-12 15:07 ` [lustre-devel] [PATCH 01/12] lustre: llite: do not take mod rpc slot for getxattr James Simmons
2021-12-12 15:07 ` [lustre-devel] [PATCH 02/12] lnet: uapi: move out kernel only code James Simmons
2021-12-12 15:07 ` [lustre-devel] [PATCH 03/12] lustre: ptlrpc: Do not unlink difficult reply until sent James Simmons
2021-12-12 15:07 ` [lustre-devel] [PATCH 04/12] lustre: obdclass: make niduuid for lustre_stop_mgc() static James Simmons
2021-12-12 15:07 ` [lustre-devel] [PATCH 05/12] lnet: Allow specifying a source NID for lnetctl ping James Simmons
2021-12-12 15:07 ` [lustre-devel] [PATCH 06/12] lnet: Fix source specified send to different net James Simmons
2021-12-12 15:07 ` [lustre-devel] [PATCH 07/12] lnet: Fix source specified to routed destination James Simmons
2021-12-12 15:07 ` [lustre-devel] [PATCH 08/12] lustre: obdclass: cosmetic changes in pool handling James Simmons
2021-12-12 15:08 ` James Simmons [this message]
2021-12-12 15:08 ` [lustre-devel] [PATCH 10/12] lnet: o2iblnd: Default map_on_demand to 1 James Simmons
2021-12-12 15:08 ` [lustre-devel] [PATCH 11/12] lustre: pcc: disable PCC for encrypted files James Simmons
2021-12-12 15:08 ` [lustre-devel] [PATCH 12/12] lustre: llite: avoid needless large stats alloc James Simmons
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1639321683-22909-10-git-send-email-jsimmons@infradead.org \
--to=jsimmons@infradead.org \
--cc=adilger@whamcloud.com \
--cc=green@whamcloud.com \
--cc=lustre-devel@lists.lustre.org \
--cc=neilb@suse.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).