SELinux : implementation of SELinux translator

The patch implement a part of SELinux translator to support setting SELinux contexts on files in a glusterfs volume. URL: https://github.com/gluster/glusterfs-specs/blob/master/accepted/SELinux-client-support.md Change-Id: Id8916bd8e064ccf74ba86225ead95f86dc5a1a25 BUG: 1318100 Fixes : #55 Signed-off-by: Manikandan Selvaganesh <mselvaga@redhat.com> Signed-off-by: Jiffin Tony Thottan <jthottan@redhat.com> Signed-off-by: Niels de Vos <ndevos@redhat.com> Reviewed-on: https://review.gluster.org/13762 Smoke: Gluster Build System <jenkins@build.gluster.org> NetBSD-regression: NetBSD Build System <jenkins@build.gluster.org> CentOS-regression: Gluster Build System <jenkins@build.gluster.org> Reviewed-by: Manikandan Selvaganesh <manikandancs333@gmail.com> Reviewed-by: Atin Mukherjee <amukherj@redhat.com>
author: Manikandan Selvaganesh <mselvaga@redhat.com> 2016-03-16 21:37:22 +0530
committer: Niels de Vos <ndevos@redhat.com> 2017-05-03 09:34:11 +0000
commit: 6484558c7502e5afe1c96081dbe329ca5d9cb7e2 (patch)
tree: 82f055d8e6db4c75b6800d545e5ca8a91cffa9b4 /xlators/mgmt/glusterd
parent: 41000cd0b57a81c4ace4a1d3da0fcc352a11f146 (diff)
3 files changed, 37 insertions, 5 deletions
diff --git a/xlators/mgmt/glusterd/src/glusterd-volgen.c b/xlators/mgmt/glusterd/src/glusterd-volgen.c
index f0713e6e64a..02c8ed2ade2 100644
--- a/xlators/mgmt/glusterd/src/glusterd-volgen.c
+++ b/xlators/mgmt/glusterd/src/glusterd-volgen.c
@@ -1441,11 +1441,11 @@ brick_graph_add_posix (volgen_graph_t *graph, glusterd_volinfo_t *volinfo,
                         dict_t *set_dict, glusterd_brickinfo_t *brickinfo)
 {
         int             ret = -1;
-        gf_boolean_t    quota_enabled = _gf_true;
-        gf_boolean_t    trash_enabled = _gf_false;
-        gf_boolean_t    pgfid_feat    = _gf_false;
-        char            *value = NULL;
-        xlator_t        *xl = NULL;
+        gf_boolean_t    quota_enabled   = _gf_true;
+        gf_boolean_t    trash_enabled   = _gf_false;
+        gf_boolean_t    pgfid_feat      = _gf_false;
+        char            *value          = NULL;
+        xlator_t        *xl             = NULL;
 
         if (!graph || !volinfo || !set_dict || !brickinfo)
                 goto out;
@@ -1496,6 +1496,25 @@ out:
 }
 
 static int
+brick_graph_add_selinux (volgen_graph_t *graph, glusterd_volinfo_t *volinfo,
+                         dict_t *set_dict, glusterd_brickinfo_t *brickinfo)
+{
+        xlator_t        *xl     = NULL;
+        int             ret     = -1;
+
+        if (!graph || !volinfo)
+                goto out;
+
+        xl = volgen_graph_add (graph, "features/selinux", volinfo->volname);
+        if (!xl)
+                goto out;
+
+        ret = 0;
+out:
+        return ret;
+}
+
+static int
 brick_graph_add_trash (volgen_graph_t *graph, glusterd_volinfo_t *volinfo,
                         dict_t *set_dict, glusterd_brickinfo_t *brickinfo)
 {
@@ -2433,6 +2452,7 @@ static volgen_brick_xlator_t server_graph_table[] = {
         {brick_graph_add_index, "index"},
         {brick_graph_add_barrier, NULL},
         {brick_graph_add_marker, "marker"},
+        {brick_graph_add_selinux, "selinux"},
         {brick_graph_add_fdl, "fdl"},
         {brick_graph_add_iot, "io-threads"},
         {brick_graph_add_upcall, "upcall"},
diff --git a/xlators/mgmt/glusterd/src/glusterd-volgen.h b/xlators/mgmt/glusterd/src/glusterd-volgen.h
index 8f725c46380..5941fd959ae 100644
--- a/xlators/mgmt/glusterd/src/glusterd-volgen.h
+++ b/xlators/mgmt/glusterd/src/glusterd-volgen.h
@@ -32,6 +32,7 @@
 #define VKEY_FEATURES_TRASH       "features.trash"
 #define VKEY_FEATURES_BITROT      "features.bitrot"
 #define VKEY_FEATURES_SCRUB       "features.scrub"
+#define VKEY_FEATURES_SELINUX     "features.selinux"
 #define VKEY_PARALLEL_READDIR     "performance.parallel-readdir"
 #define VKEY_READDIR_AHEAD        "performance.readdir-ahead"
 #define VKEY_RDA_CACHE_LIMIT      "performance.rda-cache-limit"
diff --git a/xlators/mgmt/glusterd/src/glusterd-volume-set.c b/xlators/mgmt/glusterd/src/glusterd-volume-set.c
index 8b2ac810e09..1b26f7d8397 100644
--- a/xlators/mgmt/glusterd/src/glusterd-volume-set.c
+++ b/xlators/mgmt/glusterd/src/glusterd-volume-set.c
@@ -3036,6 +3036,17 @@ struct volopt_map_entry glusterd_volopt_map[] = {
                          "The max value is 262144 pages i.e 1 GB and "
                          "the min value is 1000 pages i.e ~4 MB."
         },
+        { .key         = VKEY_FEATURES_SELINUX,
+          .voltype     = "features/selinux",
+          .type        = NO_DOC,
+          .value       = "on",
+          .op_version  = GD_OP_VERSION_3_11_0,
+          .description = "Convert security.selinux xattrs to "
+                         "trusted.gluster.selinux on the bricks. Recommended "
+                         "to have enabled when clients and/or bricks support "
+                         "SELinux."
+        },
+
 #endif /* USE_GFDB */
         { .key         = "locks.trace",
           .voltype     = "features/locks",
author	Manikandan Selvaganesh <mselvaga@redhat.com>	2016-03-16 21:37:22 +0530
committer	Niels de Vos <ndevos@redhat.com>	2017-05-03 09:34:11 +0000
commit	6484558c7502e5afe1c96081dbe329ca5d9cb7e2 (patch)
tree	82f055d8e6db4c75b6800d545e5ca8a91cffa9b4 /xlators/mgmt/glusterd
parent	41000cd0b57a81c4ace4a1d3da0fcc352a11f146 (diff)