[lustre-devel] [PATCH 18/20] staging: lustre: llite: Remove filtering of seclabel xattr
gregkh at linuxfoundation.org
Sun Jul 30 08:04:25 PDT 2017
On Thu, Jul 27, 2017 at 08:35:33PM +0100, James Simmons wrote:
> > From: Robin Humble <plaguedbypenguins at gmail.com>
> > The security.capability xattr is used to implement File
> > Capabilities in recent Linux versions. Capabilities are a
> > fine grained approach to granting executables elevated
> > privileges. eg. /bin/ping can have capabilities
> > cap_net_admin, cap_net_raw+ep instead of being setuid root.
> > This xattr has long been filtered out by llite, initially for
> > stability reasons (b15587), and later over performance
> > concerns as this xattr is read for every file with eg.
> > 'ls --color'. Since LU-2869 xattr's are cached on clients,
> > alleviating most performance concerns.
> > Removing llite's filtering of the security.capability xattr
> > enables using Lustre as a root filesystem, which is used on
> > some large clusters.
> The commit message for this patch is incorrect. Some how it got
> mixed up with another patch which I missed in this push. Please
> drop this patch and I will resent the correct patches later.
More information about the lustre-devel