From: Hongchao Zhang Date: Thu, 27 Oct 2016 22:11:52 +0000 (-0400) Subject: staging: lustre: mdt: disable IMA support X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=115ee9d00cfe6b8a9cb0225a19ea8bcf12f7115a;p=GitHub%2FLineageOS%2Fandroid_kernel_motorola_exynos9610.git staging: lustre: mdt: disable IMA support For IMA (Integrity Measurement Architecture), there are two xattr "security.ima" and "security.evm" to protect the file to be modified accidentally or maliciously, the two xattr are not compatible with VBR, then disable it to workaround the problem currently and enable it when the conditions are ready. Signed-off-by: Hongchao Zhang Intel-bug-id: https://jira.hpdd.intel.com/browse/LU-6455 Reviewed-on: http://review.whamcloud.com/14928 Reviewed-by: Andreas Dilger Reviewed-by: Mike Pershin Reviewed-by: Oleg Drokin Signed-off-by: James Simmons Signed-off-by: Greg Kroah-Hartman --- diff --git a/drivers/staging/lustre/lustre/llite/xattr.c b/drivers/staging/lustre/lustre/llite/xattr.c index 3ae1a02a1966..ea3beccedc6b 100644 --- a/drivers/staging/lustre/lustre/llite/xattr.c +++ b/drivers/staging/lustre/lustre/llite/xattr.c @@ -126,6 +126,11 @@ ll_xattr_set_common(const struct xattr_handler *handler, strcmp(name, "selinux") == 0) return -EOPNOTSUPP; + /*FIXME: enable IMA when the conditions are ready */ + if (handler->flags == XATTR_SECURITY_T && + (!strcmp(name, "ima") || !strcmp(name, "evm"))) + return -EOPNOTSUPP; + sprintf(fullname, "%s%s\n", handler->prefix, name); rc = md_setxattr(sbi->ll_md_exp, ll_inode2fid(inode), valid, fullname, pv, size, 0, flags,