[PATCH] [RFC] xfs: initialise attr fork on inode create
Dave Chinner
david at fromorbit.com
Mon Dec 7 20:49:15 UTC 2020
On Mon, Dec 07, 2020 at 05:25:45PM +0000, Christoph Hellwig wrote:
> On Mon, Dec 07, 2020 at 09:22:13AM -0800, Casey Schaufler wrote:
> > Only security modules should ever look at what's in the security blob.
> > In fact, you can't assume that the presence of a security blob
> > (i.e. ...->s_security != NULL) implies "need_xattr", or any other
> > state for the superblock.
>
> Maybe "strongly suggests that an xattr will be added" is the better
> wording.
Right, I did this knowing that only selinux and smack actually use
sb->s_security so it's not 100% reliable. However, these are also
the only two security modules that hook inode_init_security and
create xattrs.
So it seems like peeking at ->s_security here gives us a fairly
reliable indicator that we're going to have to create xattrs on this
new inode before we complete the create process...
Cheers,
Dave.
--
Dave Chinner
david at fromorbit.com
More information about the Linux-security-module-archive
mailing list