Project

General

Profile

Actions
Copy link

Feature #5486

closed

kclient: make it work with selinux

Added by Sage Weil almost 11 years ago. Updated about 4 years ago.

Status:
Resolved
Priority:
Urgent
Assignee:
Zheng Yan
Category:
-
Target version:
-
% Done:

0%

Source:
Community (user)
Tags:
Backport:
Reviewed:
Affected Versions:
Component(FS):
kceph
Labels (FS):
task(hard)
Pull request ID:

Description

see #5477 for the latest failed attempt

Related issues 1 (0 open1 closed)

Has duplicate CephFS - Feature #13231: kclient: support SELinuxDuplicate09/24/2015

Actions
Actions
Copy link
 #1

Updated by Greg Farnum about 10 years ago

I don't know anything about SELinux, nor its users. What needs to work for us to support SELinux, and how big of a stumbling block is it for RHEL7 systems if we don't support SELinux?

Actions
Copy link
 #2

Updated by Greg Farnum about 10 years ago

  • Priority changed from Normal to High

Hmm, Sage notes that maybe it'll work now we support ACLs. Or maybe we can use a special mount option?

Actions
Copy link
 #3

Updated by Greg Farnum almost 10 years ago

  • Tracker changed from Bug to Feature
Actions
Copy link
 #4

Updated by Zheng Yan over 9 years ago

I think cephfs part is ready for selinux support. but ceph is not included in selinux policy.

Actions
Copy link
 #5

Updated by Greg Farnum almost 8 years ago

  • Component(FS) kceph added
Actions
Copy link
 #6

Updated by Greg Farnum almost 8 years ago

  • Category changed from 53 to Administration/Usability
Actions
Copy link
 #7

Updated by Patrick Donnelly about 6 years ago

  • Target version set to v14.0.0
  • Labels (FS) task(hard) added
Actions
Copy link
 #8

Updated by Patrick Donnelly almost 6 years ago

  • Priority changed from High to Normal
Actions
Copy link
 #9

Updated by Patrick Donnelly almost 6 years ago

Actions
Copy link
 #10

Updated by Patrick Donnelly about 5 years ago

  • Target version changed from v14.0.0 to v15.0.0
Actions
Copy link
 #11

Updated by Patrick Donnelly about 5 years ago

  • Target version deleted (v15.0.0)
Actions
Copy link
 #12

Updated by Patrick Donnelly almost 5 years ago

  • Category deleted (Administration/Usability)
  • Status changed from New to In Progress
  • Assignee set to Zheng Yan
  • Priority changed from Normal to Urgent
  • Start date deleted (07/01/2013)

[PATCH 1/2] ceph: rename struct ceph_acls_info to ceph_acl_sec_ctx
[PATCH 2/2] ceph: add selinux support

Actions
Copy link
 #13

Updated by Patrick Donnelly almost 5 years ago

  • Target version set to v15.0.0

Targeting Octopus so it shows up in searches.

Actions
Copy link
 #14

Updated by Patrick Donnelly over 4 years ago

  • Target version deleted (v15.0.0)
Actions
Copy link
 #15

Updated by Zheng Yan about 4 years ago

  • Status changed from In Progress to Resolved

upstreamed

commit ac6713ccb5a6d13b59a2e3fda4fb049a2c4e0af2
Author: Yan, Zheng <>
Date: Sun May 26 16:27:56 2019 +0800

ceph: add selinux support
When creating new file/directory, use security_dentry_init_security() to
    prepare selinux context for the new inode, then send openc/mkdir request
    to MDS, together with selinux xattr.
security_dentry_init_security() only supports single security module and
    only selinux has dentry_init_security hook. So only selinux is supported
    for now. We can add support for other security modules once kernel has a
    generic version of dentry_init_security()
Signed-off-by: "Yan, Zheng" &lt;&gt;
    Reviewed-by: Jeff Layton &lt;&gt;
    Signed-off-by: Ilya Dryomov &lt;&gt;
Actions
Copy link

Also available in: Atom PDF