From 6484558c7502e5afe1c96081dbe329ca5d9cb7e2 Mon Sep 17 00:00:00 2001
From: Manikandan Selvaganesh <mselvaga@redhat.com>
Date: Wed, 16 Mar 2016 21:37:22 +0530
Subject: SELinux : implementation of SELinux translator

The patch implement a part of SELinux translator to support setting
SELinux contexts on files in a glusterfs volume.

URL: https://github.com/gluster/glusterfs-specs/blob/master/accepted/SELinux-client-support.md

Change-Id: Id8916bd8e064ccf74ba86225ead95f86dc5a1a25
BUG: 1318100
Fixes : #55
Signed-off-by: Manikandan Selvaganesh <mselvaga@redhat.com>
Signed-off-by: Jiffin Tony Thottan <jthottan@redhat.com>
Signed-off-by: Niels de Vos <ndevos@redhat.com>
Reviewed-on: https://review.gluster.org/13762
Smoke: Gluster Build System <jenkins@build.gluster.org>
NetBSD-regression: NetBSD Build System <jenkins@build.gluster.org>
CentOS-regression: Gluster Build System <jenkins@build.gluster.org>
Reviewed-by: Manikandan Selvaganesh <manikandancs333@gmail.com>
Reviewed-by: Atin Mukherjee <amukherj@redhat.com>
---
 xlators/mgmt/glusterd/src/glusterd-volgen.c     | 30 ++++++++++++++++++++-----
 xlators/mgmt/glusterd/src/glusterd-volgen.h     |  1 +
 xlators/mgmt/glusterd/src/glusterd-volume-set.c | 11 +++++++++
 3 files changed, 37 insertions(+), 5 deletions(-)

(limited to 'xlators/mgmt/glusterd/src')

diff --git a/xlators/mgmt/glusterd/src/glusterd-volgen.c b/xlators/mgmt/glusterd/src/glusterd-volgen.c
index f0713e6e64a..02c8ed2ade2 100644
--- a/xlators/mgmt/glusterd/src/glusterd-volgen.c
+++ b/xlators/mgmt/glusterd/src/glusterd-volgen.c
@@ -1441,11 +1441,11 @@ brick_graph_add_posix (volgen_graph_t *graph, glusterd_volinfo_t *volinfo,
                         dict_t *set_dict, glusterd_brickinfo_t *brickinfo)
 {
         int             ret = -1;
-        gf_boolean_t    quota_enabled = _gf_true;
-        gf_boolean_t    trash_enabled = _gf_false;
-        gf_boolean_t    pgfid_feat    = _gf_false;
-        char            *value = NULL;
-        xlator_t        *xl = NULL;
+        gf_boolean_t    quota_enabled   = _gf_true;
+        gf_boolean_t    trash_enabled   = _gf_false;
+        gf_boolean_t    pgfid_feat      = _gf_false;
+        char            *value          = NULL;
+        xlator_t        *xl             = NULL;
 
         if (!graph || !volinfo || !set_dict || !brickinfo)
                 goto out;
@@ -1495,6 +1495,25 @@ out:
         return ret;
 }
 
+static int
+brick_graph_add_selinux (volgen_graph_t *graph, glusterd_volinfo_t *volinfo,
+                         dict_t *set_dict, glusterd_brickinfo_t *brickinfo)
+{
+        xlator_t        *xl     = NULL;
+        int             ret     = -1;
+
+        if (!graph || !volinfo)
+                goto out;
+
+        xl = volgen_graph_add (graph, "features/selinux", volinfo->volname);
+        if (!xl)
+                goto out;
+
+        ret = 0;
+out:
+        return ret;
+}
+
 static int
 brick_graph_add_trash (volgen_graph_t *graph, glusterd_volinfo_t *volinfo,
                         dict_t *set_dict, glusterd_brickinfo_t *brickinfo)
@@ -2433,6 +2452,7 @@ static volgen_brick_xlator_t server_graph_table[] = {
         {brick_graph_add_index, "index"},
         {brick_graph_add_barrier, NULL},
         {brick_graph_add_marker, "marker"},
+        {brick_graph_add_selinux, "selinux"},
         {brick_graph_add_fdl, "fdl"},
         {brick_graph_add_iot, "io-threads"},
         {brick_graph_add_upcall, "upcall"},
diff --git a/xlators/mgmt/glusterd/src/glusterd-volgen.h b/xlators/mgmt/glusterd/src/glusterd-volgen.h
index 8f725c46380..5941fd959ae 100644
--- a/xlators/mgmt/glusterd/src/glusterd-volgen.h
+++ b/xlators/mgmt/glusterd/src/glusterd-volgen.h
@@ -32,6 +32,7 @@
 #define VKEY_FEATURES_TRASH       "features.trash"
 #define VKEY_FEATURES_BITROT      "features.bitrot"
 #define VKEY_FEATURES_SCRUB       "features.scrub"
+#define VKEY_FEATURES_SELINUX     "features.selinux"
 #define VKEY_PARALLEL_READDIR     "performance.parallel-readdir"
 #define VKEY_READDIR_AHEAD        "performance.readdir-ahead"
 #define VKEY_RDA_CACHE_LIMIT      "performance.rda-cache-limit"
diff --git a/xlators/mgmt/glusterd/src/glusterd-volume-set.c b/xlators/mgmt/glusterd/src/glusterd-volume-set.c
index 8b2ac810e09..1b26f7d8397 100644
--- a/xlators/mgmt/glusterd/src/glusterd-volume-set.c
+++ b/xlators/mgmt/glusterd/src/glusterd-volume-set.c
@@ -3036,6 +3036,17 @@ struct volopt_map_entry glusterd_volopt_map[] = {
                          "The max value is 262144 pages i.e 1 GB and "
                          "the min value is 1000 pages i.e ~4 MB."
         },
+        { .key         = VKEY_FEATURES_SELINUX,
+          .voltype     = "features/selinux",
+          .type        = NO_DOC,
+          .value       = "on",
+          .op_version  = GD_OP_VERSION_3_11_0,
+          .description = "Convert security.selinux xattrs to "
+                         "trusted.gluster.selinux on the bricks. Recommended "
+                         "to have enabled when clients and/or bricks support "
+                         "SELinux."
+        },
+
 #endif /* USE_GFDB */
         { .key         = "locks.trace",
           .voltype     = "features/locks",
-- 
cgit