[PATCH 0/5] smack: fix bugs: invalid unix socket label, invalid transmute attr

[Konstantin Andreev]

Formerly, Smack inode security was initialized
by smack_d_instantiate() for all inodes,
except ones under /proc

Commit [1] imposed the sole responsibility for
initializing inode security for newly created
filesystem objects on smack_inode_init_security().

However, smack_inode_init_security() lacks some logic
present in smack_d_instantiate().

This patch series fixes 2 particular omissions
I faced directly:

1) special handling of unix socket files (5th patch)
2) S_ISDIR check for "transmute" xattr (2nd patch)

I did not check for other omissions,
but there may be ones.

Patches 1,3,4 are necessary optimizations
in smack_inode_init_security() made along the way.

I structured the changes this way to make the review
process easier.

The patch set applies on top of:
https://github.com/cschaufler/smack-next/commits/next
commit 4b59f4fd0a36

[1] 2023-11-16 roberto.sassu
commit e63d86b8b764 ("smack: Initialize the in-memory inode in smack_inode_init_security()")
Link: https://lore.kernel.org/linux-security-module/20231116090125.187209-5-roberto.sassu@huaweicloud.com/

Konstantin Andreev (5):
  smack: deduplicate "does access rule request transmutation"
  smack: fix bug: SMACK64TRANSMUTE set on non-directory
  smack: deduplicate xattr setting in smack_inode_init_security()
  smack: always "instantiate" inode in smack_inode_init_security()
  smack: fix bug: invalid label of unix socket file

 Documentation/admin-guide/LSM/Smack.rst |   5 +
 security/smack/smack_lsm.c              | 159 +++++++++++++++---------
 2 files changed, 107 insertions(+), 57 deletions(-)

-- 
2.43.0