From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-qt1-f169.google.com (mail-qt1-f169.google.com [209.85.160.169]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 17E83230BC1 for ; Fri, 21 Mar 2025 21:32:27 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.160.169 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1742592750; cv=none; b=fqw/tHgbOaBuItUCwnDys6UVeQe8w6fF6LLBjD4txe3fu+7Crb6KpJLFVhHX1ptqN5ukvQUbExoc6WyUvSzGsx53ZTZsVG1PpPhLg2a4Pdbq9idPvnTbKXmmvl60e2y/bOVUG6OncqqCk7whX7EYyLu9MjwCFHgvrdZgWx3G0aE= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1742592750; c=relaxed/simple; bh=yG1Qzi6F+aGsBMpdWaT175/M25TWqxBfzW0aBc2Mby8=; h=Date:Message-ID:MIME-Version:Content-Type:From:To:Cc:Subject: References:In-Reply-To; b=GKUO6Yce7eec4EALQ7LkJfBU5YiucK0MzVvQLeSLISdHFIf1ludixa6bVjRrBA94t5V3TRWaF5H2fDVdI6uY6Up8BiqIWjU/UF4b57Aq2VxXSY2QNHBE1kgOaco4PNCdHEAplu/deXtnCMjBiVn0/XH4pPncmxAxaGQ9sXIygXU= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=paul-moore.com; spf=pass smtp.mailfrom=paul-moore.com; dkim=pass (2048-bit key) header.d=paul-moore.com header.i=@paul-moore.com header.b=fIRjMm4y; arc=none smtp.client-ip=209.85.160.169 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=paul-moore.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=paul-moore.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=paul-moore.com header.i=@paul-moore.com header.b="fIRjMm4y" Received: by mail-qt1-f169.google.com with SMTP id d75a77b69052e-4767b3f8899so35811941cf.0 for ; Fri, 21 Mar 2025 14:32:27 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=paul-moore.com; s=google; t=1742592747; x=1743197547; darn=vger.kernel.org; h=in-reply-to:references:subject:cc:to:from:content-transfer-encoding :mime-version:message-id:date:from:to:cc:subject:date:message-id :reply-to; bh=WkEW7se4kA9gakYYehbVu1ZGmOR39c99GGBG3Q74ESA=; b=fIRjMm4y38rt6rR4EiVKrVqg8BgTJNJQzyxdGM3k4y0k9FWSEYB11GkLVZzJlOJC6P LYoP8Lc8BN7MqvRpg1M6uwz5/HCvBNBnnUPff9qC9ZraQOsQ5GUQEawk8nwSJ2R7w19Z Sk01Pvd8sjpeKYJJxvykAYmwnre5DsbtRyrfPhzlWJPMAhta6i64rgRDiNja4KVmxnVP rzhGnDTCiEHE+V04jIUKueIyxF6Gr30GDSoRcl/LOSRTXDBhiSsLptTCSi6lTO7cgJdu 3HHzCXJxe7cd89ONE4gDisu7v9DNNUwILVxBToovN+8GcAfKKh+8f8rSbRrLTA/ycUPn SCzQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1742592747; x=1743197547; h=in-reply-to:references:subject:cc:to:from:content-transfer-encoding :mime-version:message-id:date:x-gm-message-state:from:to:cc:subject :date:message-id:reply-to; bh=WkEW7se4kA9gakYYehbVu1ZGmOR39c99GGBG3Q74ESA=; b=l36FtKTG5SMeMYphnP1IBiff1pe7YvXF6V1MsDNQ4Osw+jZm4/jctZEsGJlSpOlxbw KDghkCvN0cwRe2sszJC2gPrnhz4/NLq2W84m+ECiunUj9CWpz+VJkwGd9KhG8XaA1wak TzUaolz6zsWgxtV3tV5vikQjDLXjYqp0wyIy2cbgttbUmXFpnWOrYGdQqFEUTYJeC/eo kyr90isvaXlx2G96FXG1Yn90URTzpsnqjTJ0Bk9Ebg8nKYLv85ppB2hLSBIneCF82tTW hbhUdIprwRk5XCUxdMrGdcWO+vHhqLQwi1XIiiY8FiaiiQz8eU1wzuQKkCR+VwciNk/w UngA== X-Forwarded-Encrypted: i=1; AJvYcCVtoIwPaly4QcZ02iSCQ9/HoRc0CM0F6yEX3zSN0vmJ49jLtm8lR+hB4TrWCovJv1R3D9F1d9065KMCbGTE@vger.kernel.org X-Gm-Message-State: AOJu0YwPL+dBo5kbbgDPaXCyeJl4zDxStMVnScYTqKQatRHuWQ2bQzFb PY8GWaO8LvDSUKDR5IqtDMpzcWBq329+yFCdZ6vtpedABGjaAP/KoePkkGdE6g== X-Gm-Gg: ASbGncvJJsdiGdAQSdB+CjZMoRLeeGPgN9sbyxgLgPgcurI9aErtLBYYfec4QRCdRdX psbFd618nWajOsaTbeAboyvfoGfcyBg5fXj0XPO+OeaRU1HtiC8ECTb/9BNFdQI7CI2EwujaSFv XQMsDO1uRXux/IcXrYlRDY0RZ+ZjElhUfphn+MCIm9rx3572UkKfESh9V+iZ9SjsCtfvAHkqfjr C7Vwt6FL+klm6qkfM6l3nMmeHQht1zA6khApkPOTSA33ieSwufngV7LFkqKiJO+DwAYq5g3vYh4 vYhYM33NmuSyREIHPYntm7McTO9gaFdE8wCw0FKHnTLlDPRMieMFs2bJIu5sXqtqek3//rY0fWg jfcIPaFYaFij1cQ== X-Google-Smtp-Source: AGHT+IEqvMs9f3zdHkqatEuHHMLq+Pp1CGQwo1N+6m68HBYAt0XjQifVPk3cXxCHJ8EdFG+VR82ouA== X-Received: by 2002:a05:622a:1f98:b0:471:fef5:ee84 with SMTP id d75a77b69052e-4771d924e1emr70292591cf.7.1742592746683; Fri, 21 Mar 2025 14:32:26 -0700 (PDT) Received: from localhost (pool-71-126-255-178.bstnma.fios.verizon.net. [71.126.255.178]) by smtp.gmail.com with UTF8SMTPSA id d75a77b69052e-4771d64d5f6sm16343541cf.81.2025.03.21.14.32.26 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 21 Mar 2025 14:32:26 -0700 (PDT) Date: Fri, 21 Mar 2025 17:32:25 -0400 Message-ID: Precedence: bulk X-Mailing-List: linux-fsdevel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Mailer: pstg-pwork:20250320_1749/pstg-lib:20250320_2248/pstg-pwork:20250320_1749 From: Paul Moore To: Andrey Albershteyn , Richard Henderson , Matt Turner , Russell King , Catalin Marinas , Will Deacon , Geert Uytterhoeven , Michal Simek , Thomas Bogendoerfer , "James E.J. Bottomley" , Helge Deller , Madhavan Srinivasan , Michael Ellerman , Nicholas Piggin , Christophe Leroy , Naveen N Rao , Heiko Carstens , Vasily Gorbik , Alexander Gordeev , Christian Borntraeger , Sven Schnelle , Yoshinori Sato , Rich Felker , John Paul Adrian Glaubitz , "David S. Miller" , Andreas Larsson , Andy Lutomirski , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , Chris Zankel , Max Filippov , Alexander Viro , Christian Brauner , Jan Kara , =?UTF-8?B?TWlja2HDq2wgU2FsYcO8bg==?= , =?UTF-8?Q?G=C3=BCnther_Noack?= , Arnd Bergmann , =?UTF-8?Q?Pali_Roh=C3=A1r?= , James Morris , "Serge E. Hallyn" Cc: linux-alpha@vger.kernel.org, linux-kernel@vger.kernel.org, linux-arm-kernel@lists.infradead.org, linux-m68k@lists.linux-m68k.org, linux-mips@vger.kernel.org, linux-parisc@vger.kernel.org, linuxppc-dev@lists.ozlabs.org, linux-s390@vger.kernel.org, linux-sh@vger.kernel.org, sparclinux@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-security-module@vger.kernel.org, linux-api@vger.kernel.org, linux-arch@vger.kernel.org, selinux@vger.kernel.org, Andrey Albershteyn Subject: Re: [PATCH v4 1/3] lsm: introduce new hooks for setting/getting inode fsxattr References: <20250321-xattrat-syscall-v4-1-3e82e6fb3264@kernel.org> In-Reply-To: <20250321-xattrat-syscall-v4-1-3e82e6fb3264@kernel.org> On Mar 21, 2025 Andrey Albershteyn wrote: > > Introduce new hooks for setting and getting filesystem extended > attributes on inode (FS_IOC_FSGETXATTR). > > Cc: selinux@vger.kernel.org > Cc: Paul Moore > > Signed-off-by: Andrey Albershteyn > --- > fs/ioctl.c | 7 ++++++- > include/linux/lsm_hook_defs.h | 4 ++++ > include/linux/security.h | 16 ++++++++++++++++ > security/security.c | 32 ++++++++++++++++++++++++++++++++ > 4 files changed, 58 insertions(+), 1 deletion(-) Thanks Andrey, one small change below, but otherwise this looks pretty good. If you feel like trying to work up the SELinux implementation but need some assitance please let me know, I'll be happy to help :) > diff --git a/fs/ioctl.c b/fs/ioctl.c > index 638a36be31c14afc66a7fd6eb237d9545e8ad997..4434c97bc5dff5a3e8635e28745cd99404ff353e 100644 > --- a/fs/ioctl.c > +++ b/fs/ioctl.c > @@ -525,10 +525,15 @@ EXPORT_SYMBOL(fileattr_fill_flags); > int vfs_fileattr_get(struct dentry *dentry, struct fileattr *fa) > { > struct inode *inode = d_inode(dentry); > + int error; > > if (!inode->i_op->fileattr_get) > return -ENOIOCTLCMD; > > + error = security_inode_getfsxattr(inode, fa); > + if (error) > + return error; > + > return inode->i_op->fileattr_get(dentry, fa); > } > EXPORT_SYMBOL(vfs_fileattr_get); > @@ -692,7 +697,7 @@ int vfs_fileattr_set(struct mnt_idmap *idmap, struct dentry *dentry, > fa->flags |= old_ma.flags & ~FS_COMMON_FL; > } > err = fileattr_set_prepare(inode, &old_ma, fa); > - if (!err) > + if (!err && !security_inode_setfsxattr(inode, fa)) > err = inode->i_op->fileattr_set(idmap, dentry, fa); > } > inode_unlock(inode); I don't believe we want to hide or otherwise drop the LSM return code as that could lead to odd behavior, e.g. returning 0/success despite not having executed the fileattr_set operation. -- paul-moore.com