Re: [PATCH 18/20] staging: lustre: llite: Remove filtering of seclabel xattr
From: Greg Kroah-Hartman
Date: Sun Jul 30 2017 - 13:07:21 EST
On Thu, Jul 27, 2017 at 08:35:33PM +0100, James Simmons wrote:
>
> > From: Robin Humble <plaguedbypenguins@xxxxxxxxx>
> >
> > The security.capability xattr is used to implement File
> > Capabilities in recent Linux versions. Capabilities are a
> > fine grained approach to granting executables elevated
> > privileges. eg. /bin/ping can have capabilities
> > cap_net_admin, cap_net_raw+ep instead of being setuid root.
> >
> > This xattr has long been filtered out by llite, initially for
> > stability reasons (b15587), and later over performance
> > concerns as this xattr is read for every file with eg.
> > 'ls --color'. Since LU-2869 xattr's are cached on clients,
> > alleviating most performance concerns.
> >
> > Removing llite's filtering of the security.capability xattr
> > enables using Lustre as a root filesystem, which is used on
> > some large clusters.
>
> The commit message for this patch is incorrect. Some how it got
> mixed up with another patch which I missed in this push. Please
> drop this patch and I will resent the correct patches later.
Now dropped.