[PATCH v3 2/2] fs/xattr: add *at family syscalls
Arnd Bergmann
arnd at arndb.de
Fri Apr 26 17:38:18 UTC 2024
On Fri, Apr 26, 2024, at 18:20, Christian Göttsche wrote:
> From: Christian Göttsche <cgzones at googlemail.com>
>
> Add the four syscalls setxattrat(), getxattrat(), listxattrat() and
> removexattrat(). Those can be used to operate on extended attributes,
> especially security related ones, either relative to a pinned directory
> or on a file descriptor without read access, avoiding a
> /proc/<pid>/fd/<fd> detour, requiring a mounted procfs.
>
> One use case will be setfiles(8) setting SELinux file contexts
> ("security.selinux") without race conditions and without a file
> descriptor opened with read access requiring SELinux read permission.
>
> Use the do_{name}at() pattern from fs/open.c.
>
> Pass the value of the extended attribute, its length, and for
> setxattrat(2) the command (XATTR_CREATE or XATTR_REPLACE) via an added
> struct xattr_args to not exceed six syscall arguments and not
> merging the AT_* and XATTR_* flags.
>
> Signed-off-by: Christian Göttsche <cgzones at googlemail.com>
> CC: x86 at kernel.org
> CC: linux-alpha at vger.kernel.org
> CC: linux-kernel at vger.kernel.org
> CC: linux-arm-kernel at lists.infradead.org
> CC: linux-ia64 at vger.kernel.org
> CC: linux-m68k at lists.linux-m68k.org
> CC: linux-mips at vger.kernel.org
> CC: linux-parisc at vger.kernel.org
> CC: linuxppc-dev at lists.ozlabs.org
> CC: linux-s390 at vger.kernel.org
> CC: linux-sh at vger.kernel.org
> CC: sparclinux at vger.kernel.org
> CC: linux-fsdevel at vger.kernel.org
> CC: audit at vger.kernel.org
> CC: linux-arch at vger.kernel.org
> CC: linux-api at vger.kernel.org
> CC: linux-security-module at vger.kernel.org
> CC: selinux at vger.kernel.org
I checked that the syscalls are all well-formed regarding
argument types, number of arguments and (absence of)
compat handling, and that they are wired up correctly
across architectures
I did not look at the actual implementation in detail.
Reviewed-by: Arnd Bergmann <arnd at arndb.de>
More information about the Linux-security-module-archive
mailing list