On Mon, 2023-03-06 at 11:45 +0100, Valentin Vidi? wrote:> On Mon, Mar 06, 2023 at 10:13:45AM +0100, Roberto Sassu wrote:
> > which LSMs are you running?
>
> This is on Debian, so AppArmor is on by default. It seems like
> only SELinux and SMACK have hooks for inode_init_security so
> for other LSMs 'const char **name' would not get set?
If there is no hook registering to inode_init_security, theoretically
the LSM infrastructure should return -EOPNOTSUPP, which causes ocfs2 to
set si->enable to zero, and not execute the line that causes the kernel
to panic.
The problem would arise if somehow the LSM infrastructure returns zero,
without setting the xattr. That would explain the panic.
Not sure, I will think more.
Roberto