Received: by 2002:a05:6358:11c7:b0:104:8066:f915 with SMTP id i7csp304147rwl; Thu, 23 Mar 2023 16:42:48 -0700 (PDT) X-Google-Smtp-Source: AKy350YfOAD06CL7+jJUN6K59eIEthryrx8SVNp6iyAKyAWPOspaPmdmANzYmPKRby75VV0ufjce X-Received: by 2002:a62:1d95:0:b0:627:e577:4326 with SMTP id d143-20020a621d95000000b00627e5774326mr735765pfd.17.1679614968254; Thu, 23 Mar 2023 16:42:48 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1679614968; cv=none; d=google.com; s=arc-20160816; b=E0wB8hyyEWdT75Cr/R34i2xlQx2g3DYyJg8vWFaToyfeh9n/3SnerDJg0LrolMDvH4 aCBSxc/UdVtZZdnEtFRc9bjiLag0LvwekElttCJDnZKIH40yc5ujdayvzAFJsK7Cxrji WTQfM5noiDX3aZNRnXPPQLwdDqGCm+iLgz7hA8JYRhQ1/scjc5vgieUcO/LsJJwZXBri /Y6acRb1xpWjzNX0WiJV/tjGikqul3JqX3ABkS4TYN6nx/HaGt3Gm9M2KTGTScHhAygJ zIBkf16x/uJTVX47PKyNwxsaQZjHujrNWGAEle0gMd75FMSrXwGQ6u/cmwthMlJzytvR Kv4A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:cc:to:subject :message-id:date:from:in-reply-to:references:mime-version :dkim-signature; bh=H5DqnFNdwoRsvRD9gY7AVflhKHmqWJvLpG3CELYJwy4=; b=osWsdqgmTGPvHF9LG0hgRGHldPpjSBji8BohcdODjY0qRd2RDBlZ+9WVoqcMUiNqjV awmLe6QXxuB0qunFrT5LoARvbwI4o/6rr3AcId15lTeF/tK+9vFmoCaQueu8CsdYlYxJ uYvxf/ycA6bozxSONWAVDQ7Jz3/E/trvH8xqktQIQunAJElPlpEgFhut1rJUXafqIxbg MkYMmio0mQOToGgG/A7g7tfEByLXCw8CsYpTB/YiJnMGjwgZqA1ipfjRar5sLOUovuCA Ltj4cq25lFOtyklGSQY8Jm5cqNd6pwEtRYABn7zGWGkxGXh5H984ox9sqVhPQe8g+0y8 9txw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@paul-moore.com header.s=google header.b=MvmzhjVi; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=paul-moore.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id 140-20020a630292000000b0050fa6fa6e3fsi8964896pgc.0.2023.03.23.16.42.36; Thu, 23 Mar 2023 16:42:48 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@paul-moore.com header.s=google header.b=MvmzhjVi; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=paul-moore.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230302AbjCWXhW (ORCPT + 99 others); Thu, 23 Mar 2023 19:37:22 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:34764 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231307AbjCWXhV (ORCPT ); Thu, 23 Mar 2023 19:37:21 -0400 Received: from mail-yb1-xb30.google.com (mail-yb1-xb30.google.com [IPv6:2607:f8b0:4864:20::b30]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 1E3AC24C84 for ; Thu, 23 Mar 2023 16:37:19 -0700 (PDT) Received: by mail-yb1-xb30.google.com with SMTP id e65so277324ybh.10 for ; Thu, 23 Mar 2023 16:37:19 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=paul-moore.com; s=google; t=1679614638; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=H5DqnFNdwoRsvRD9gY7AVflhKHmqWJvLpG3CELYJwy4=; b=MvmzhjViCPcj6Nhc+3xUZBlHLNZc4r6lPParcd8U1SVaNbw7wKC7ctiSLNtETXsbZR SfRHOqCYRqd1uqAwWuo9yiMFLI0eaNDRiZlTA6cLo/WgAikQelZ1tHGFpIZZPWcjT35o RAn0baZ5sYIIGCdLt+R9DAyKHRnnJXL0EwkWhxKR9y3ewPQOPLqgHbZlIjayJV65Q4zv 5Lw4K4PXz4x9XgSVjgC27sSASSJW5nHoZurlVklnEY9HZZJhC9oqu0bxuU17lvaxiU3a kl+1LdimUZ3SdVmvRmCVK2t7FT3bIF4MTO+fvC6g4axqIpSiLufJkJgHH86Rqinq42Ye nNDw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; t=1679614638; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=H5DqnFNdwoRsvRD9gY7AVflhKHmqWJvLpG3CELYJwy4=; b=FWBDj1ELky+yeDNf0uC8t/G8zMCYfnA9H8y2c6HQuvm2l+JKx5KdZy1Z9kQyKStwpG e09WC8wixntl8N2ogPg+U9bzeA4ocRBL42rLWdgUycvRmzjgv2VplkctPPnqMijqi/Un xpG4sHqhpo68ZiPXoPXQQYDLHNWRt5Qc6aHynggUBChy8/dZfj8X8gK/wsLbSEEgoLd5 VvpD1MwZaytpfoXdYLkI8H+obWxEQRfqgoF53Bpu9at+iPJFdD9+PPO9aeHfBwrkqr5V 4YCMSNdn+mIs9Pn1RThKUQrR7szY7GEXNOEe4PHC84oK/3vuu4OGK4wdKoOf0YlqCzQT o2og== X-Gm-Message-State: AAQBX9eN6EGEX3J8l3nBl/NKpaBDmc7uSOY3aFPxUTsmjNmKTu2M3WF7 18DmmC4ZNbWoF9rCVMrpwqyKwlV3ebl4zYX6mPJh X-Received: by 2002:a05:6902:18c7:b0:b72:fff0:2f7f with SMTP id ck7-20020a05690218c700b00b72fff02f7fmr715296ybb.4.1679614638263; Thu, 23 Mar 2023 16:37:18 -0700 (PDT) MIME-Version: 1.0 References: <20230314081720.4158676-1-roberto.sassu@huaweicloud.com> <20230314081720.4158676-3-roberto.sassu@huaweicloud.com> In-Reply-To: <20230314081720.4158676-3-roberto.sassu@huaweicloud.com> From: Paul Moore Date: Thu, 23 Mar 2023 19:37:07 -0400 Message-ID: Subject: Re: [PATCH v8 2/6] ocfs2: Switch to security_inode_init_security() To: Roberto Sassu Cc: mark@fasheh.com, jlbec@evilplan.org, joseph.qi@linux.alibaba.com, zohar@linux.ibm.com, dmitry.kasatkin@gmail.com, jmorris@namei.org, serge@hallyn.com, stephen.smalley.work@gmail.com, eparis@parisplace.org, casey@schaufler-ca.com, ocfs2-devel@oss.oracle.com, reiserfs-devel@vger.kernel.org, linux-integrity@vger.kernel.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org, linux-kernel@vger.kernel.org, keescook@chromium.org, nicolas.bouchinet@clip-os.org, Roberto Sassu Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Spam-Status: No, score=-0.2 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Mar 14, 2023 at 4:18=E2=80=AFAM Roberto Sassu wrote: > > From: Roberto Sassu > > In preparation for removing security_old_inode_init_security(), switch to > security_inode_init_security(). > > Extend the existing ocfs2_initxattrs() to take the > ocfs2_security_xattr_info structure from fs_info, and populate the > name/value/len triple with the first xattr provided by LSMs. > > As fs_info was not used before, ocfs2_initxattrs() can now handle the cas= e > of replicating the behavior of security_old_inode_init_security(), i.e. > just obtaining the xattr, in addition to setting all xattrs provided by > LSMs. > > Supporting multiple xattrs is not currently supported where > security_old_inode_init_security() was called (mknod, symlink), as it > requires non-trivial changes that can be done at a later time. Like for > reiserfs, even if EVM is invoked, it will not provide an xattr (if it is > not the first to set it, its xattr will be discarded; if it is the first, > it does not have xattrs to calculate the HMAC on). > > Finally, since security_inode_init_security(), unlike > security_old_inode_init_security(), returns zero instead of -EOPNOTSUPP i= f > no xattrs were provided by LSMs or if inodes are private, additionally > check in ocfs2_init_security_get() if the xattr name is set. > > If not, act as if security_old_inode_init_security() returned -EOPNOTSUPP= , > and set si->enable to zero to notify to the functions following > ocfs2_init_security_get() that no xattrs are available. > > Signed-off-by: Roberto Sassu > Reviewed-by: Casey Schaufler > Acked-by: Joseph Qi > --- > fs/ocfs2/namei.c | 2 ++ > fs/ocfs2/xattr.c | 30 ++++++++++++++++++++++++++---- > 2 files changed, 28 insertions(+), 4 deletions(-) Merged into lsm/next, thanks. --=20 paul-moore.com