From 115ee9d00cfe6b8a9cb0225a19ea8bcf12f7115a Mon Sep 17 00:00:00 2001 From: Hongchao Zhang Date: Thu, 27 Oct 2016 18:11:52 -0400 Subject: [PATCH] staging: lustre: mdt: disable IMA support For IMA (Integrity Measurement Architecture), there are two xattr "security.ima" and "security.evm" to protect the file to be modified accidentally or maliciously, the two xattr are not compatible with VBR, then disable it to workaround the problem currently and enable it when the conditions are ready. Signed-off-by: Hongchao Zhang Intel-bug-id: https://jira.hpdd.intel.com/browse/LU-6455 Reviewed-on: http://review.whamcloud.com/14928 Reviewed-by: Andreas Dilger Reviewed-by: Mike Pershin Reviewed-by: Oleg Drokin Signed-off-by: James Simmons Signed-off-by: Greg Kroah-Hartman --- drivers/staging/lustre/lustre/llite/xattr.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/drivers/staging/lustre/lustre/llite/xattr.c b/drivers/staging/lustre/lustre/llite/xattr.c index 3ae1a02a1966..ea3beccedc6b 100644 --- a/drivers/staging/lustre/lustre/llite/xattr.c +++ b/drivers/staging/lustre/lustre/llite/xattr.c @@ -126,6 +126,11 @@ ll_xattr_set_common(const struct xattr_handler *handler, strcmp(name, "selinux") == 0) return -EOPNOTSUPP; + /*FIXME: enable IMA when the conditions are ready */ + if (handler->flags == XATTR_SECURITY_T && + (!strcmp(name, "ima") || !strcmp(name, "evm"))) + return -EOPNOTSUPP; + sprintf(fullname, "%s%s\n", handler->prefix, name); rc = md_setxattr(sbi->ll_md_exp, ll_inode2fid(inode), valid, fullname, pv, size, 0, flags, -- 2.20.1