From: Hongchao Zhang <[email protected]> For IMA (Integrity Measurement Architecture), there are two xattr "security.ima" and "security.evm" to protect the file to be modified accidentally or maliciously, the two xattr are not compatible with VBR, then disable it to workaround the problem currently and enable it when the conditions are ready.
Signed-off-by: Hongchao Zhang <[email protected]> Intel-bug-id: https://jira.hpdd.intel.com/browse/LU-6455 Reviewed-on: http://review.whamcloud.com/14928 Reviewed-by: Andreas Dilger <[email protected]> Reviewed-by: Mike Pershin <[email protected]> Reviewed-by: Oleg Drokin <[email protected]> Signed-off-by: James Simmons <[email protected]> --- drivers/staging/lustre/lustre/llite/xattr.c | 5 +++++ 1 files changed, 5 insertions(+), 0 deletions(-) diff --git a/drivers/staging/lustre/lustre/llite/xattr.c b/drivers/staging/lustre/lustre/llite/xattr.c index 3ae1a02..ea3becc 100644 --- a/drivers/staging/lustre/lustre/llite/xattr.c +++ b/drivers/staging/lustre/lustre/llite/xattr.c @@ -126,6 +126,11 @@ static int xattr_type_filter(struct ll_sb_info *sbi, strcmp(name, "selinux") == 0) return -EOPNOTSUPP; + /*FIXME: enable IMA when the conditions are ready */ + if (handler->flags == XATTR_SECURITY_T && + (!strcmp(name, "ima") || !strcmp(name, "evm"))) + return -EOPNOTSUPP; + sprintf(fullname, "%s%s\n", handler->prefix, name); rc = md_setxattr(sbi->ll_md_exp, ll_inode2fid(inode), valid, fullname, pv, size, 0, flags, -- 1.7.1 _______________________________________________ devel mailing list [email protected] http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel
