From patchwork Wed Apr 24 02:17:26 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: NeilBrown X-Patchwork-Id: 10913977 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 9E87A1575 for ; Wed, 24 Apr 2019 02:18:05 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 8DE8528A0B for ; Wed, 24 Apr 2019 02:18:05 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 822EC28A10; Wed, 24 Apr 2019 02:18:05 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 Received: from pdx1-mailman02.dreamhost.com (pdx1-mailman02.dreamhost.com [64.90.62.194]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 2E26428A0B for ; Wed, 24 Apr 2019 02:18:05 +0000 (UTC) Received: from pdx1-mailman02.dreamhost.com (localhost [IPv6:::1]) by pdx1-mailman02.dreamhost.com (Postfix) with ESMTP id 938ED68344B; Tue, 23 Apr 2019 19:18:04 -0700 (PDT) X-Original-To: lustre-devel@lists.lustre.org Delivered-To: lustre-devel-lustre.org@pdx1-mailman02.dreamhost.com Received: from mx1.suse.de (mx2.suse.de [195.135.220.15]) by pdx1-mailman02.dreamhost.com (Postfix) with ESMTP id C744C21F9CF for ; Tue, 23 Apr 2019 19:18:01 -0700 (PDT) X-Virus-Scanned: by amavisd-new at test-mx.suse.de Received: from relay2.suse.de (unknown [195.135.220.254]) by mx1.suse.de (Postfix) with ESMTP id 00D14AC63; Wed, 24 Apr 2019 02:18:01 +0000 (UTC) From: NeilBrown To: James Simmons , Andreas Dilger , Oleg Drokin Date: Wed, 24 Apr 2019 12:17:26 +1000 Message-ID: <155607224621.16863.13502209812654413995.stgit@noble.brown> In-Reply-To: <155607223991.16863.3231709121984405156.stgit@noble.brown> References: <155607223991.16863.3231709121984405156.stgit@noble.brown> User-Agent: StGit/0.17.1-dirty MIME-Version: 1.0 Subject: [lustre-devel] [PATCH 3/4] lustre: remove use of selinux_is_enabled(). X-BeenThere: lustre-devel@lists.lustre.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "For discussing Lustre software development." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Lustre Development List Errors-To: lustre-devel-bounces@lists.lustre.org Sender: "lustre-devel" X-Virus-Scanned: ClamAV using ClamSMTP selinux_is_enabled() no longer exists. Instead we depend on relevant functions returning -EOPNOTSUPP. Signed-off-by: NeilBrown --- drivers/staging/lustre/lustre/llite/xattr.c | 11 ----------- .../staging/lustre/lustre/llite/xattr_security.c | 16 +++++++++------- 2 files changed, 9 insertions(+), 18 deletions(-) diff --git a/drivers/staging/lustre/lustre/llite/xattr.c b/drivers/staging/lustre/lustre/llite/xattr.c index a1d27061ac19..d604c5bc1abe 100644 --- a/drivers/staging/lustre/lustre/llite/xattr.c +++ b/drivers/staging/lustre/lustre/llite/xattr.c @@ -35,7 +35,6 @@ #include #include #include -#include #define DEBUG_SUBSYSTEM S_LLITE @@ -121,11 +120,6 @@ static int ll_xattr_set_common(const struct xattr_handler *handler, (handler->flags == XATTR_LUSTRE_T && !strcmp(name, "lov")))) return 0; - /* LU-549: Disable security.selinux when selinux is disabled */ - if (handler->flags == XATTR_SECURITY_T && !selinux_is_enabled() && - strcmp(name, "selinux") == 0) - return -EOPNOTSUPP; - /*FIXME: enable IMA when the conditions are ready */ if (handler->flags == XATTR_SECURITY_T && (!strcmp(name, "ima") || !strcmp(name, "evm"))) @@ -428,11 +422,6 @@ static int ll_xattr_get_common(const struct xattr_handler *handler, if (rc) return rc; - /* LU-549: Disable security.selinux when selinux is disabled */ - if (handler->flags == XATTR_SECURITY_T && !selinux_is_enabled() && - !strcmp(name, "selinux")) - return -EOPNOTSUPP; - #ifdef CONFIG_FS_POSIX_ACL /* posix acl is under protection of LOOKUP lock. when calling to this, * we just have path resolution to the target inode, so we have great diff --git a/drivers/staging/lustre/lustre/llite/xattr_security.c b/drivers/staging/lustre/lustre/llite/xattr_security.c index f1c011eb5613..e5a52d96643b 100644 --- a/drivers/staging/lustre/lustre/llite/xattr_security.c +++ b/drivers/staging/lustre/lustre/llite/xattr_security.c @@ -32,7 +32,6 @@ #include #include -#include #include #include "llite_internal.h" @@ -58,11 +57,11 @@ int ll_dentry_init_security(struct dentry *dentry, int mode, struct qstr *name, * calls it and assumes that if anything is returned then it must come * from SELinux. */ - if (!selinux_is_enabled()) - return 0; rc = security_dentry_init_security(dentry, mode, name, secctx, secctx_size); + if (rc == -EOPNOTSUPP) + return 0; if (rc < 0) return rc; @@ -124,9 +123,12 @@ int ll_inode_init_security(struct dentry *dentry, struct inode *inode, struct inode *dir) { - if (!selinux_is_enabled()) - return 0; + int err; - return security_inode_init_security(inode, dir, NULL, - &ll_initxattrs, dentry); + err = security_inode_init_security(inode, dir, NULL, + &ll_initxattrs, dentry); + + if (err == -EOPNOTSUPP) + return 0; + return err; }