Uploaded image for project: 'Lustre'
  1. Lustre
  2. LU-5560

SELinux support on the client side

Details

    • 15510

    Description

      The aim is to be able to enforce SELinux security policies on Lustre from SELinux-enabled clients.

      It requires to properly initiate file security context on client side, and store it on server side via extended attribute.

      Attachments

        Issue Links

          is blocked by

          Bug - A problem which impairs or prevents the functions of the product. LU-6784 Defects in SELinux support

          • Blocker - Blocks development and/or testing work, production could not run.
          • Resolved
          is related to

          Bug - A problem which impairs or prevents the functions of the product. LUDOC-335 Documentation for SELinux Feature

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Open

          Bug - A problem which impairs or prevents the functions of the product. LU-8654 obd_connect_data handling must account for clients that send obd_connect_data_v1

          • Blocker - Blocks development and/or testing work, production could not run.
          • Resolved

          Bug - A problem which impairs or prevents the functions of the product. LU-9193 Multiple hangs observed with many open/getattr

          • Critical - Crashes, loss of data, severe memory leak.
          • Resolved

          Bug - A problem which impairs or prevents the functions of the product. LU-6950 Lustre mount throws away SELinux context options

          • Major - Major loss of function.
          • Resolved

          Bug - A problem which impairs or prevents the functions of the product. LU-7417 Permission Denied on enforcing SElinux on Client

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Closed
          mentioned in

          Page Loading...

          Page Loading...

          Page Loading...

          Page Loading...

          Activity

            [LU-5560] SELinux support on the client side
            gerrit Gerrit Updater added a comment -

            Oleg Drokin (oleg.drokin@intel.com) merged in patch http://review.whamcloud.com/19971/
            Subject: LU-5560 security: send file security context for creates
            Project: fs/lustre-release
            Branch: master
            Current Patch Set:
            Commit: 4ea24bdabb2b318721605bd185c32bbc1e9bc924

            gerrit Gerrit Updater added a comment - Oleg Drokin (oleg.drokin@intel.com) merged in patch http://review.whamcloud.com/19971/ Subject: LU-5560 security: send file security context for creates Project: fs/lustre-release Branch: master Current Patch Set: Commit: 4ea24bdabb2b318721605bd185c32bbc1e9bc924
            pjones Peter Jones added a comment -

            Reclosing as the test script landed. Sebastien, you should open a new ticket to track the atomic context transfer during create patch also still in flight - http://review.whamcloud.com/#/c/19971/

            pjones Peter Jones added a comment - Reclosing as the test script landed. Sebastien, you should open a new ticket to track the atomic context transfer during create patch also still in flight - http://review.whamcloud.com/#/c/19971/
            gerrit Gerrit Updater added a comment -

            Oleg Drokin (oleg.drokin@intel.com) merged in patch http://review.whamcloud.com/15818/
            Subject: LU-5560 tests: add sanity-selinux.sh
            Project: fs/lustre-release
            Branch: master
            Current Patch Set:
            Commit: bfca8338e5f2ae1b7c16cc1d0c2376523d68685e

            gerrit Gerrit Updater added a comment - Oleg Drokin (oleg.drokin@intel.com) merged in patch http://review.whamcloud.com/15818/ Subject: LU-5560 tests: add sanity-selinux.sh Project: fs/lustre-release Branch: master Current Patch Set: Commit: bfca8338e5f2ae1b7c16cc1d0c2376523d68685e
            gerrit Gerrit Updater added a comment -

            Oleg Drokin (oleg.drokin@intel.com) merged in patch http://review.whamcloud.com/19970/
            Subject: LU-5560 obd: reserve connection flag OBD_CONNECT2_FILE_SECCTX
            Project: fs/lustre-release
            Branch: master
            Current Patch Set:
            Commit: a06b32d1c49eb6c31aeba556795841730de37006

            gerrit Gerrit Updater added a comment - Oleg Drokin (oleg.drokin@intel.com) merged in patch http://review.whamcloud.com/19970/ Subject: LU-5560 obd: reserve connection flag OBD_CONNECT2_FILE_SECCTX Project: fs/lustre-release Branch: master Current Patch Set: Commit: a06b32d1c49eb6c31aeba556795841730de37006
            jamesanunez James Nunez (Inactive) added a comment -

            Reopening ticket because the patch containing the SELinux test suite never landed; http://review.whamcloud.com/#/c/15818.

            jamesanunez James Nunez (Inactive) added a comment - Reopening ticket because the patch containing the SELinux test suite never landed; http://review.whamcloud.com/#/c/15818 .
            jgmitter Joseph Gmitter (Inactive) added a comment -

            This work has landed for the 2.8.0 release in patch http://review.whamcloud.com/#/c/11648/

            jgmitter Joseph Gmitter (Inactive) added a comment - This work has landed for the 2.8.0 release in patch http://review.whamcloud.com/#/c/11648/
            sarah Sarah Liu added a comment -

            Hello,

            For the upgrade/downgrade testing of this feature, how would you like the test be implemented? Is there any specific requirement?

            Thanks,
            Sarah

            sarah Sarah Liu added a comment - Hello, For the upgrade/downgrade testing of this feature, how would you like the test be implemented? Is there any specific requirement? Thanks, Sarah
            sebastien.buisson Sebastien Buisson (Inactive) added a comment -

            Hi,

            Here is an updated Test Plan for SELinux support on the client side, including remarks from Andrew Perepechko.

            Sebastien.

            sebastien.buisson Sebastien Buisson (Inactive) added a comment - Hi, Here is an updated Test Plan for SELinux support on the client side, including remarks from Andrew Perepechko. Sebastien.
            sebastien.buisson Sebastien Buisson (Inactive) added a comment -

            Hi,

            Here is an updated Test Plan for SELinux support on the client side, including functional tests.

            Sebastien.

            sebastien.buisson Sebastien Buisson (Inactive) added a comment - Hi, Here is an updated Test Plan for SELinux support on the client side, including functional tests. Sebastien.
            gerrit Gerrit Updater added a comment -

            Sebastien Buisson (sebastien.buisson@bull.net) uploaded a new patch: http://review.whamcloud.com/15818
            Subject: LU-5560 tests: add sanity-selinux.sh
            Project: fs/lustre-release
            Branch: master
            Current Patch Set: 1
            Commit: 38ed4c38796c1903f4cfd553d886f7fbaebba972

            gerrit Gerrit Updater added a comment - Sebastien Buisson (sebastien.buisson@bull.net) uploaded a new patch: http://review.whamcloud.com/15818 Subject: LU-5560 tests: add sanity-selinux.sh Project: fs/lustre-release Branch: master Current Patch Set: 1 Commit: 38ed4c38796c1903f4cfd553d886f7fbaebba972

            People

              green Oleg Drokin
              sbuisson Sebastien Buisson (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              23 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: