[Lustre-devel] security_inode_unlink in obdfilter.

Andreas Dilger adilger at sun.com
Wed Jun 18 23:29:00 PDT 2008

On Jun 18, 2008  20:12 +0300, Alexey Lyashkov wrote:
> Is anybody know - why filter use this function in filter_vfs_unlink?
> >From my point view this only add Selinux checks for OST objects, but ost
> not set any selinux context for object and this do nothing.
> I see only one possible variant for usage are log events via audit log.
> Is we really need this?

This is just to keep filter_vfs_unlink() the same as vfs_unlink(),
to be consistent in case SELinux or other security framework is in
place.  If SELinux is NOT in use, then it just ends up as a no-op.

Cheers, Andreas
Andreas Dilger
Sr. Staff Engineer, Lustre Group
Sun Microsystems of Canada, Inc.

More information about the lustre-devel mailing list