[PATCH v2] security: Return xattr name from security_dentry_init_security()
Christian Brauner
christian.brauner at ubuntu.com
Fri Oct 15 09:07:18 UTC 2021
On Tue, Oct 12, 2021 at 09:23:07AM -0400, Vivek Goyal wrote:
> Right now security_dentry_init_security() only supports single security
> label and is used by SELinux only. There are two users of of this hook,
> namely ceph and nfs.
>
> NFS does not care about xattr name. Ceph hardcodes the xattr name to
> security.selinux (XATTR_NAME_SELINUX).
>
> I am making changes to fuse/virtiofs to send security label to virtiofsd
> and I need to send xattr name as well. I also hardcoded the name of
> xattr to security.selinux.
>
> Stephen Smalley suggested that it probably is a good idea to modify
> security_dentry_init_security() to also return name of xattr so that
> we can avoid this hardcoding in the callers.
>
> This patch adds a new parameter "const char **xattr_name" to
> security_dentry_init_security() and LSM puts the name of xattr
> too if caller asked for it (xattr_name != NULL).
>
> Signed-off-by: Vivek Goyal <vgoyal at redhat.com>
> Reviewed-by: Jeff Layton <jlayton at kernel.org>
> ---
Looks good to me.
Reviewed-by: Christian Brauner <christian.brauner at ubuntu.com>
More information about the Linux-security-module-archive
mailing list