From: Al Viro <viro@zeniv.linux.org.uk>
To: Vivek Goyal <vgoyal@redhat.com>
Cc: linux-security-module@vger.kernel.org, selinux@vger.kernel.org,
linux-fsdevel@vger.kernel.org, virtio-fs@redhat.com,
casey@schaufler-ca.com, Miklos Szeredi <miklos@szeredi.hu>,
Daniel J Walsh <dwalsh@redhat.com>,
jlayton@kernel.org, idryomov@gmail.com,
ceph-devel@vger.kernel.org, linux-nfs@vger.kernel.org,
bfields@fieldses.org, chuck.lever@oracle.com,
stephen.smalley.work@gmail.com
Subject: Re: [PATCH] security: Return xattr name from security_dentry_init_security()
Date: Sat, 2 Oct 2021 18:10:53 +0000 [thread overview]
Message-ID: <YVigrS1Bc8J8bO1Y@zeniv-ca.linux.org.uk> (raw)
In-Reply-To: <YVYI/p1ipDFiQ5OR@redhat.com>
On Thu, Sep 30, 2021 at 02:59:10PM -0400, Vivek Goyal wrote:
> Right now security_dentry_init_security() only supports single security
> label and is used by SELinux only. There are two users of of this hook,
> namely ceph and nfs.
>
> NFS does not care about xattr name. Ceph hardcodes the xattr name to
> security.selinux (XATTR_NAME_SELINUX).
>
> I am making changes to fuse/virtiofs to send security label to virtiofsd
> and I need to send xattr name as well. I also hardcoded the name of
> xattr to security.selinux.
>
> Stephen Smalley suggested that it probably is a good idea to modify
> security_dentry_init_security() to also return name of xattr so that
> we can avoid this hardcoding in the callers.
>
> This patch adds a new parameter "const char **xattr_name" to
> security_dentry_init_security() and LSM puts the name of xattr
> too if caller asked for it (xattr_name != NULL).
Umm... Why not return the damn thing on success and ERR_PTR(-E...)
on failure, instead of breeding extra arguments?
next prev parent reply other threads:[~2021-10-02 18:13 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-09-30 18:59 [PATCH] security: Return xattr name from security_dentry_init_security() Vivek Goyal
2021-09-30 20:20 ` Casey Schaufler
2021-10-02 18:10 ` Al Viro [this message]
2021-10-04 13:56 ` Vivek Goyal
2021-10-04 15:20 ` Jeff Layton
2021-10-04 15:54 ` Casey Schaufler
2021-10-04 16:01 ` Jeff Layton
2021-10-04 16:39 ` Casey Schaufler
2021-10-04 17:05 ` Vivek Goyal
2021-10-04 17:13 ` Vivek Goyal
2021-10-04 17:36 ` Casey Schaufler
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YVigrS1Bc8J8bO1Y@zeniv-ca.linux.org.uk \
--to=viro@zeniv.linux.org.uk \
--cc=bfields@fieldses.org \
--cc=casey@schaufler-ca.com \
--cc=ceph-devel@vger.kernel.org \
--cc=chuck.lever@oracle.com \
--cc=dwalsh@redhat.com \
--cc=idryomov@gmail.com \
--cc=jlayton@kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-nfs@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=miklos@szeredi.hu \
--cc=selinux@vger.kernel.org \
--cc=stephen.smalley.work@gmail.com \
--cc=vgoyal@redhat.com \
--cc=virtio-fs@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox