Re: [PATCH v2] security,fs,nfs,net: update security_inode_listsecurity() interface

Linux Security Modules development
 help / color / mirror / Atom feed

From: Konstantin Andreev <andreev@swemel.ru>
To: Stephen Smalley <stephen.smalley.work@gmail.com>
Cc: linux-security-module@vger.kernel.org, linux-nfs@vger.kernel.org,
	linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org,
	netdev@vger.kernel.org, selinux@vger.kernel.org,
	Christian Brauner <brauner@kernel.org>,
	Casey Schaufler <casey@schaufler-ca.com>,
	Paul Moore <paul@paul-moore.com>
Subject: Re: [PATCH v2] security,fs,nfs,net: update security_inode_listsecurity() interface
Date: Fri, 6 Jun 2025 18:24:16 +0300	[thread overview]
Message-ID: <3b461ee7-c3ee-484b-b945-ec6070355bfe@swemel.ru> (raw)
In-Reply-To: <CAEjxPJ5KoTBB18_7+fWL+GWY4N5Vp2=Kn=9FJR2GewFRcMgzPQ@mail.gmail.com>

Stephen Smalley, 06/06/2025 10:28 -0400:
> On Fri, Jun 6, 2025 at 9:38 AM Konstantin Andreev <andreev@swemel.ru> wrote:
>> Stephen Smalley, 28/04/2025:
>>> Update the security_inode_listsecurity() interface to allow
>>> use of the xattr_list_one() helper and update the hook
>>> implementations.
>>>
>>> Link: https://lore.kernel.org/selinux/20250424152822.2719-1-stephen.smalley.work@gmail.com/
>>
>> Sorry for being late to the party.
>>
>> Your approach assumes that every fs-specific xattr lister
>> called like
>>
>> | vfs_listxattr() {
>> |    if (inode->i_op->listxattr)
>> |        error = inode->i_op->listxattr(dentry, list, size)
>> |   ...
>>
>> must call LSM to integrate LSM's xattr(s) into fs-specific list.
>> You did this for tmpfs:
>>
>> | simple_xattr_list() {
>> |   security_inode_listsecurity()
>> |   // iterate real xatts list
>>
>>
>> Well, but what about other filesystems in the linux kernel?
>> Should all of them also modify their xattr listers?
>>
>> To me, taking care of security xattrs is improper responsibility
>> for filesystem code.
>>
>> May it be better to merge LSM xattrs
>> and fs-backed xattrs at the vfs level (vfs_listxattr)?
> 
> This patch and the preceding one on which it depends were specifically
> to address a regression in the handling of listxattr() for tmpfs/shmem
> and similar filesystems.
> Originally they had no xattr handler at the filesystem level and
> vfs_listxattr() already has a fallback to ensure inclusion of the
> security.* xattr for that case.

Understood

> For filesystems like ext4 that have always (relative to first
> introduction of security.* xattrs) provided handlers, they already
> return the fs-backed xattr value and we don't need to ask the LSM for
> it.

They only return those security.* xattrs that were physically stored
in the fs permanent storage.

If LSM's xattrs are not stored they are not listed :(

> That said, you may be correct that it would be better to introduce
> some additional handling in vfs_listxattr() but I would recommend
> doing that as a follow-up.

Understood

--
Konstantin Andreev

next prev parent reply	other threads:[~2025-06-06 15:23 UTC|newest]

Thread overview: 23+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2025-04-28 19:50 [PATCH v2] security,fs,nfs,net: update security_inode_listsecurity() interface Stephen Smalley
2025-04-29  7:46 ` Christian Brauner
2025-04-29 12:25   ` Stephen Smalley
2025-04-29 23:34 ` Paul Moore
2025-05-20 21:31   ` Paul Moore
2025-05-21  0:22     ` Casey Schaufler
2025-05-27 21:03     ` Anna Schumaker
2025-06-19 21:18       ` Paul Moore
2025-07-24  2:09         ` Paul Moore
2025-12-03 15:35           ` Stephen Smalley
2025-12-03 15:55             ` Paul Moore
2025-12-03 18:08               ` Stephen Smalley
2025-12-03 20:01                 ` Stephen Smalley
2025-06-05 18:09   ` Stephen Smalley
2025-06-05 18:24     ` Paul Moore
2025-05-21  0:31 ` Kuniyuki Iwashima
2025-06-19 21:04   ` Paul Moore
2025-06-06 13:39 ` Konstantin Andreev
2025-06-06 14:28   ` Stephen Smalley
2025-06-06 15:24     ` Konstantin Andreev [this message]
2026-04-28 19:21 ` [PATCH ported/repost " Paul Moore
2026-04-28 19:26   ` Paul Moore
2026-05-01 16:00     ` Paul Moore

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=3b461ee7-c3ee-484b-b945-ec6070355bfe@swemel.ru \
    --to=andreev@swemel.ru \
    --cc=brauner@kernel.org \
    --cc=casey@schaufler-ca.com \
    --cc=linux-fsdevel@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-nfs@vger.kernel.org \
    --cc=linux-security-module@vger.kernel.org \
    --cc=netdev@vger.kernel.org \
    --cc=paul@paul-moore.com \
    --cc=selinux@vger.kernel.org \
    --cc=stephen.smalley.work@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox