From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-nfs-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
	by smtp.lore.kernel.org (Postfix) with ESMTP id CDE5FC433FE
	for <linux-nfs@archiver.kernel.org>; Sat,  2 Oct 2021 18:13:09 +0000 (UTC)
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by mail.kernel.org (Postfix) with ESMTP id B730161B2F
	for <linux-nfs@archiver.kernel.org>; Sat,  2 Oct 2021 18:13:09 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S233794AbhJBSOy (ORCPT <rfc822;linux-nfs@archiver.kernel.org>);
        Sat, 2 Oct 2021 14:14:54 -0400
Received: from zeniv-ca.linux.org.uk ([142.44.231.140]:35446 "EHLO
        zeniv-ca.linux.org.uk" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S233721AbhJBSOy (ORCPT
        <rfc822;linux-nfs@vger.kernel.org>); Sat, 2 Oct 2021 14:14:54 -0400
Received: from viro by zeniv-ca.linux.org.uk with local (Exim 4.94.2 #2 (Red Hat Linux))
        id 1mWjTJ-009FeH-J2; Sat, 02 Oct 2021 18:10:53 +0000
Date:   Sat, 2 Oct 2021 18:10:53 +0000
From:   Al Viro <viro@zeniv.linux.org.uk>
To:     Vivek Goyal <vgoyal@redhat.com>
Cc:     linux-security-module@vger.kernel.org, selinux@vger.kernel.org,
        linux-fsdevel@vger.kernel.org, virtio-fs@redhat.com,
        casey@schaufler-ca.com, Miklos Szeredi <miklos@szeredi.hu>,
        Daniel J Walsh <dwalsh@redhat.com>, jlayton@kernel.org,
        idryomov@gmail.com, ceph-devel@vger.kernel.org,
        linux-nfs@vger.kernel.org, bfields@fieldses.org,
        chuck.lever@oracle.com, stephen.smalley.work@gmail.com
Subject: Re: [PATCH] security: Return xattr name from
 security_dentry_init_security()
Message-ID: <YVigrS1Bc8J8bO1Y@zeniv-ca.linux.org.uk>
References: <YVYI/p1ipDFiQ5OR@redhat.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <YVYI/p1ipDFiQ5OR@redhat.com>
Sender: Al Viro <viro@ftp.linux.org.uk>
Precedence: bulk
List-ID: <linux-nfs.vger.kernel.org>
X-Mailing-List: linux-nfs@vger.kernel.org

On Thu, Sep 30, 2021 at 02:59:10PM -0400, Vivek Goyal wrote:
> Right now security_dentry_init_security() only supports single security
> label and is used by SELinux only. There are two users of of this hook,
> namely ceph and nfs.
> 
> NFS does not care about xattr name. Ceph hardcodes the xattr name to
> security.selinux (XATTR_NAME_SELINUX).
> 
> I am making changes to fuse/virtiofs to send security label to virtiofsd
> and I need to send xattr name as well. I also hardcoded the name of
> xattr to security.selinux.
> 
> Stephen Smalley suggested that it probably is a good idea to modify
> security_dentry_init_security() to also return name of xattr so that
> we can avoid this hardcoding in the callers.
> 
> This patch adds a new parameter "const char **xattr_name" to
> security_dentry_init_security() and LSM puts the name of xattr
> too if caller asked for it (xattr_name != NULL).

Umm...  Why not return the damn thing on success and ERR_PTR(-E...)
on failure, instead of breeding extra arguments?