[PATCH v2] security,fs,nfs,net: update security_inode_listsecurity() interface
Konstantin Andreev
andreev at swemel.ru
Fri Jun 6 13:39:45 UTC 2025
Stephen Smalley, 28/04/2025:
> Update the security_inode_listsecurity() interface to allow
> use of the xattr_list_one() helper and update the hook
> implementations.
>
> Link: https://lore.kernel.org/selinux/20250424152822.2719-1-stephen.smalley.work@gmail.com/
Sorry for being late to the party.
Your approach assumes that every fs-specific xattr lister
called like
| vfs_listxattr() {
| if (inode->i_op->listxattr)
| error = inode->i_op->listxattr(dentry, list, size)
| ...
must call LSM to integrate LSM's xattr(s) into fs-specific list.
You did this for tmpfs:
| simple_xattr_list() {
| security_inode_listsecurity()
| // iterate real xatts list
Well, but what about other filesystems in the linux kernel?
Should all of them also modify their xattr listers?
To me, taking care of security xattrs is improper responsibility
for filesystem code.
May it be better to merge LSM xattrs
and fs-backed xattrs at the vfs level (vfs_listxattr)?
--
Konstantin Andreev
More information about the Linux-security-module-archive
mailing list