[LU-4746] Lustre not using kernel current_umask() function breaks GRSecurity umask handling Created: 10/Mar/14  Updated: 18/Feb/15  Resolved: 18/Feb/15

Status: Resolved
Project: Lustre
Component/s: None
Affects Version/s: Lustre 2.1.5, Lustre 1.8.9, Lustre 2.5.0, Lustre 2.4.2
Fix Version/s: Lustre 2.7.0

Type: Bug Priority: Minor
Reporter: Andrew Prout Assignee: Bob Glossman (Inactive)
Resolution: Fixed Votes: 0
Labels: patch

Attachments: Text File lustre-1.8.9.patch     Text File lustre-2.1.5.patch     Text File lustre-2.4.2.patch     Text File lustre-2.5.0.patch    
Severity: 3
Rank (Obsolete): 13041

 Description   

Lustre 2.5.0 (and before) do not use the kernel's default current_umask() function, instead accessing the current process pointer directly with current->fs->umask. On a standard kernel this is equivalent, however on a GRSecurity-enabled kernel there's additional logic in the kernel's current_umask() function that's being skipped.

 Comments   
Comment by Andrew Prout [ 10/Mar/14 ]

Patches to fix attached. All affected versions compile normally when calling the Linux kernel's current_umask() function.

Comment by Andreas Dilger [ 12/Mar/14 ]

Andrew,
thanks for the patches. Like the kernel, we need a Signed-off-by: line in the patch in order to accept it. Please see https://wiki.hpdd.intel.com/display/PUB/Using+Gerrit for details on how best to submit patches for Lustre.

Comment by Andrew Prout [ 17/Mar/14 ]

Try #2 on the patches...

Comment by Cliff White (Inactive) [ 25/Mar/14 ]

Can you submit the patches to Gerrit for our review process?

Comment by Cliff White (Inactive) [ 07/Apr/14 ]

I will push these into Gerritt

Comment by Cliff White (Inactive) [ 13/May/14 ]

Patches pushed, in the autotest process

Comment by Cliff White (Inactive) [ 13/May/14 ]

http://review.whamcloud.com/#/c/10320/
http://review.whamcloud.com/#/c/10321/
http://review.whamcloud.com/#/c/10322/
http://review.whamcloud.com/#/c/10323/

Comment by Oleg Drokin [ 11/Jun/14 ]

I take it this issue is also present in current master version (upcoming 2.6)?
Can we get a patch for master branch too? Thanks.
(2.5 and 2.4 versions are not supposed to be landed without a corresponding master version as tehy are technically supposed to be backports).

Comment by James A Simmons [ 11/Jun/14 ]

Seems I never got around to cleaning that up in LU-3963. Also we need more fixes in a few other places as well in all the branches. Also is their a wrapper to change the umask value?

Comment by James A Simmons [ 28/Aug/14 ]

Created the patch for master at

http://review.whamcloud.com/#/c/11642

Need to do it anyways for LU-3963. Once landed we can back port to the branches of interest. Even with this patch we should look to cleanup sec_ctx.c. I really don't think we need to keep push_ctx and pop_ctx around anymore.

Comment by James A Simmons [ 15/Sep/14 ]

Patch landed for master. Patches for b2_5 and b2_4 still outstanding.

Comment by Jodi Levi (Inactive) [ 18/Feb/15 ]

Patch landed to Master. Other version patch landings will be tracked external to this ticket.

Generated at Sat Feb 10 01:45:29 UTC 2024 using Jira 9.4.14#940014-sha1:734e6822bbf0d45eff9af51f82432957f73aa32c.