[PATCH v2] security, fs, nfs, net: update security_inode_listsecurity() interface

Tue Apr 29 12:25:17 UTC 2025

On Tue, Apr 29, 2025 at 3:46 AM Christian Brauner <brauner at kernel.org> wrote:
>
> On Mon, Apr 28, 2025 at 03:50:19PM -0400, Stephen Smalley wrote:
> > Update the security_inode_listsecurity() interface to allow
> > use of the xattr_list_one() helper and update the hook
> > implementations.
> >
> > Link: https://lore.kernel.org/selinux/20250424152822.2719-1-stephen.smalley.work@gmail.com/
> >
> > Signed-off-by: Stephen Smalley <stephen.smalley.work at gmail.com>
> > ---
> > This patch is relative to the one linked above, which in theory is on
> > vfs.fixes but doesn't appear to have been pushed when I looked.
>
> It should be now.
> Thanks for doing this.

Maybe I am looking in the wrong place?
$ git remote -v | grep vfs
vfs https://git.kernel.org/pub/scm/linux/kernel/git/vfs/vfs.git (fetch)
vfs https://git.kernel.org/pub/scm/linux/kernel/git/vfs/vfs.git (push)
$ git fetch vfs
$ git log vfs/vfs.fixes fs/xattr.c
commit f520bed25d17bb31c2d2d72b0a785b593a4e3179 (tag:
vfs-6.15-rc4.fixes, vfs/vfs.fixes, vfs.fixes)
Author: Jan Kara <jack at suse.cz>
Date:   Thu Apr 24 15:22:47 2025 +0200

    fs/xattr: Fix handling of AT_FDCWD in setxattrat(2) and getxattrat(2)

    Currently, setxattrat(2) and getxattrat(2) are wrongly handling the
    calls of the from setxattrat(AF_FDCWD, NULL, AT_EMPTY_PATH, ...) and
    fail with -EBADF error instead of operating on CWD. Fix it.

    Fixes: 6140be90ec70 ("fs/xattr: add *at family syscalls")
    Signed-off-by: Jan Kara <jack at suse.cz>
    Link: https://lore.kernel.org/20250424132246.16822-2-jack@suse.cz
    Signed-off-by: Christian Brauner <brauner at kernel.org>

commit 46a7fcec097da5b3188dce608362fe6bf4ea26ee (tag: pull-xattr,
viro/work.xattr2)
Author: Colin Ian King <colin.i.king at gmail.com>
Date:   Wed Oct 30 18:25:47 2024 +0000

    xattr: remove redundant check on variable err

    Curretly in function generic_listxattr the for_each_xattr_handler loop
    checks err and will return out of the function if err is non-zero.
    It's impossible for err to be non-zero at the end of the function where
    err is checked again for a non-zero value. The final non-zero check is
    therefore redundant and can be removed. Also move the declaration of
    err into the loop.

    Signed-off-by: Colin Ian King <colin.i.king at gmail.com>
    Signed-off-by: Al Viro <viro at zeniv.linux.org.uk>