From: Konstantin Andreev <andreev@swemel.ru>
To: casey@schaufler-ca.com
Cc: linux-security-module@vger.kernel.org
Subject: [PATCH 00/19] smack: clean up xattr handling
Date: Thu, 24 Jul 2025 16:09:33 +0300 [thread overview]
Message-ID: <cover.1753356770.git.andreev@swemel.ru> (raw)
A set of minor bug fixes and optimizations in Smack xattr handling.
Logically independent, but with the code dependencies.
The patch set applies on top of:
https://github.com/cschaufler/smack-next/commits/next
commit 6ddd169d0288
Konstantin Andreev (19):
smack: fix bug: changing Smack xattrs requires cap_sys_admin
smack: fix bug: changing Smack xattrs requires cap_mac_override
smack: fix bug: setting label-containing xattrs silently ignores input garbage
smack: stop polling other LSMs & VFS to getxattr() unsupported SMACK64IPIN/OUT
smack: restrict getxattr() SMACK64TRANSMUTE to directories
smack: fix bug: getxattr() returns invalid SMACK64EXEC/MMAP
smack: deduplicate task label validation
smack: smack_inode_setsecurity: prevent setting SMACK64EXEC/MMAP in other LSMs
smack: smack_inode_setsecurity: prevent setting SMACK64IPIN/OUT in other LSMs
smack: fix bug: smack_inode_setsecurity() imports alien xattrs as labels
smack: fix bug: smack_inode_setsecurity() false EINVAL for alien xattrs
smack: restrict setxattr() SMACK64IPIN/IPOUT to sockets
smack: restrict setxattr() SMACK64EXEC/MMAP to regular files
smack: return EOPNOTSUPP for setxattr() unsupported SMACK64(TRANSMUTE)
smack: smack_inode_setsecurity(): skip checks for SMACK64TRANSMUTE
smack: smack_inode_notifysecctx(): reject invalid labels
smack: smack_inode_post_setxattr(): find label instead of import
smack: smack_inode_setsecurity(): find label instead of import
smack: deduplicate strcmp(name, XATTR_{,NAME_}SMACK*)
Documentation/admin-guide/LSM/Smack.rst | 3 +-
security/smack/smack.h | 2 +
security/smack/smack_access.c | 22 +-
security/smack/smack_lsm.c | 492 +++++++++++++++---------
4 files changed, 324 insertions(+), 195 deletions(-)
--
2.43.0
next reply other threads:[~2025-07-24 13:20 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-07-24 13:09 Konstantin Andreev [this message]
2025-07-24 13:09 ` [PATCH 01/19] smack: fix bug: changing Smack xattrs requires cap_sys_admin Konstantin Andreev
2025-07-24 13:09 ` [PATCH 02/19] smack: fix bug: changing Smack xattrs requires cap_mac_override Konstantin Andreev
2025-07-24 13:09 ` [PATCH 03/19] smack: fix bug: setting label-containing xattrs silently ignores input garbage Konstantin Andreev
2025-07-24 13:09 ` [PATCH 04/19] smack: stop polling other LSMs & VFS to getxattr() unsupported SMACK64IPIN/OUT Konstantin Andreev
2025-07-24 13:09 ` [PATCH 05/19] smack: restrict getxattr() SMACK64TRANSMUTE to directories Konstantin Andreev
2025-07-24 13:09 ` [PATCH 06/19] smack: fix bug: getxattr() returns invalid SMACK64EXEC/MMAP Konstantin Andreev
2025-07-24 13:09 ` [PATCH 07/19] smack: deduplicate task label validation Konstantin Andreev
2025-07-24 13:09 ` [PATCH 08/19] smack: smack_inode_setsecurity: prevent setting SMACK64EXEC/MMAP in other LSMs Konstantin Andreev
2025-07-24 13:09 ` [PATCH 09/19] smack: smack_inode_setsecurity: prevent setting SMACK64IPIN/OUT " Konstantin Andreev
2025-07-24 13:09 ` [PATCH 10/19] smack: fix bug: smack_inode_setsecurity() imports alien xattrs as labels Konstantin Andreev
2025-07-24 13:09 ` [PATCH 11/19] smack: fix bug: smack_inode_setsecurity() false EINVAL for alien xattrs Konstantin Andreev
2025-07-24 13:09 ` [PATCH 12/19] smack: restrict setxattr() SMACK64IPIN/IPOUT to sockets Konstantin Andreev
2025-07-24 13:09 ` [PATCH 13/19] smack: restrict setxattr() SMACK64EXEC/MMAP to regular files Konstantin Andreev
2025-07-24 13:09 ` [PATCH 14/19] smack: return EOPNOTSUPP for setxattr() unsupported SMACK64(TRANSMUTE) Konstantin Andreev
2025-07-24 13:09 ` [PATCH 15/19] smack: smack_inode_setsecurity(): skip checks for SMACK64TRANSMUTE Konstantin Andreev
2025-07-24 13:09 ` [PATCH 16/19] smack: smack_inode_notifysecctx(): reject invalid labels Konstantin Andreev
2025-07-24 13:09 ` [PATCH 17/19] smack: smack_inode_post_setxattr(): find label instead of import Konstantin Andreev
2025-07-24 13:09 ` [PATCH 18/19] smack: smack_inode_setsecurity(): " Konstantin Andreev
2025-07-24 13:09 ` [PATCH 19/19] smack: deduplicate strcmp(name, XATTR_{,NAME_}SMACK*) Konstantin Andreev
2025-07-26 17:41 ` [PATCH 00/19] smack: clean up xattr handling Casey Schaufler
2025-07-27 14:32 ` Re[2]: " Konstantin Andreev
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=cover.1753356770.git.andreev@swemel.ru \
--to=andreev@swemel.ru \
--cc=casey@schaufler-ca.com \
--cc=linux-security-module@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).