Feature #5486
closedkclient: make it work with selinux
Added by Sage Weil almost 11 years ago. Updated about 4 years ago.
0%
Updated by Greg Farnum about 10 years ago
I don't know anything about SELinux, nor its users. What needs to work for us to support SELinux, and how big of a stumbling block is it for RHEL7 systems if we don't support SELinux?
Updated by Greg Farnum about 10 years ago
- Priority changed from Normal to High
Hmm, Sage notes that maybe it'll work now we support ACLs. Or maybe we can use a special mount option?
Updated by Zheng Yan over 9 years ago
I think cephfs part is ready for selinux support. but ceph is not included in selinux policy.
Updated by Greg Farnum almost 8 years ago
- Category changed from 53 to Administration/Usability
Updated by Patrick Donnelly about 6 years ago
- Target version set to v14.0.0
- Labels (FS) task(hard) added
Updated by Patrick Donnelly almost 6 years ago
- Priority changed from High to Normal
Updated by Patrick Donnelly almost 6 years ago
- Has duplicate Feature #13231: kclient: support SELinux added
Updated by Patrick Donnelly about 5 years ago
- Target version changed from v14.0.0 to v15.0.0
Updated by Patrick Donnelly almost 5 years ago
- Category deleted (
Administration/Usability) - Status changed from New to In Progress
- Assignee set to Zheng Yan
- Priority changed from Normal to Urgent
- Start date deleted (
07/01/2013)
[PATCH 1/2] ceph: rename struct ceph_acls_info to ceph_acl_sec_ctx
[PATCH 2/2] ceph: add selinux support
Updated by Patrick Donnelly almost 5 years ago
- Target version set to v15.0.0
Targeting Octopus so it shows up in searches.
Updated by Zheng Yan about 4 years ago
- Status changed from In Progress to Resolved
upstreamed
commit ac6713ccb5a6d13b59a2e3fda4fb049a2c4e0af2
Author: Yan, Zheng <zyan@redhat.com>
Date: Sun May 26 16:27:56 2019 +0800
ceph: add selinux support
When creating new file/directory, use security_dentry_init_security() to
prepare selinux context for the new inode, then send openc/mkdir request
to MDS, together with selinux xattr.
security_dentry_init_security() only supports single security module and
only selinux has dentry_init_security hook. So only selinux is supported
for now. We can add support for other security modules once kernel has a
generic version of dentry_init_security()
Signed-off-by: "Yan, Zheng" <zyan@redhat.com>
Reviewed-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>