staging: lustre: mdt: disable IMA support

For IMA (Integrity Measurement Architecture), there are two xattr
"security.ima" and "security.evm" to protect the file to be modified
accidentally or maliciously, the two xattr are not compatible with
VBR, then disable it to workaround the problem currently and enable
it when the conditions are ready.

Signed-off-by: Hongchao Zhang <hongchao.zhang@intel.com>
Intel-bug-id: https://jira.hpdd.intel.com/browse/LU-6455
Reviewed-on: http://review.whamcloud.com/14928
Reviewed-by: Andreas Dilger <andreas.dilger@intel.com>
Reviewed-by: Mike Pershin <mike.pershin@intel.com>
Reviewed-by: Oleg Drokin <oleg.drokin@intel.com>
Signed-off-by: James Simmons <jsimmons@infradead.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

diff --git a/drivers/staging/lustre/lustre/llite/xattr.c b/drivers/staging/lustre/lustre/llite/xattr.c
index 3ae1a02a196630b13b06524ff71eb3f203d37c87..ea3beccedc6bfa583f759cccd86108657e1201c3 100644 (file)
--- a/drivers/staging/lustre/lustre/llite/xattr.c
+++ b/drivers/staging/lustre/lustre/llite/xattr.c
@@ -126,6 +126,11 @@ ll_xattr_set_common(const struct xattr_handler *handler,
            strcmp(name, "selinux") == 0)
                return -EOPNOTSUPP;
 
+       /*FIXME: enable IMA when the conditions are ready */
+       if (handler->flags == XATTR_SECURITY_T &&
+           (!strcmp(name, "ima") || !strcmp(name, "evm")))
+               return -EOPNOTSUPP;
+
        sprintf(fullname, "%s%s\n", handler->prefix, name);
        rc = md_setxattr(sbi->ll_md_exp, ll_inode2fid(inode),
                         valid, fullname, pv, size, 0, flags,