Received: by 2002:a05:6358:11c7:b0:104:8066:f915 with SMTP id i7csp1184561rwl; Fri, 24 Mar 2023 07:20:11 -0700 (PDT) X-Google-Smtp-Source: AKy350ZQyMtDN1re0eR1kXkN6i18oWGrttdr4nS/zUsQXJ9G4HGPjKbT4/L6UeIPQFyucayP+ewU X-Received: by 2002:a62:38c3:0:b0:625:c7ca:d82f with SMTP id f186-20020a6238c3000000b00625c7cad82fmr3449029pfa.18.1679667611186; Fri, 24 Mar 2023 07:20:11 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1679667611; cv=none; d=google.com; s=arc-20160816; b=wCVOkA2hzMWkdA7uRWjMlB0ejxruuJ4klGzpkXs7bHdPSn2Djb15mXRZAGQ0IZvfMY RlDG9ohpcZBysthkV8eKx8nVBiy3wB5U4BjNcVvuUBOdXstakjwbIpznHheh0KhKrU7Z or+BJWDQUg6jMN69/0MVvPBa4qJj+7ogV8z8B564L8MlOSVoxEo+YM9Gq4g2r6mOph1K 8aLJ7k6auN1k+5uUeMsFw9pU+Kl7Z88aMsGl+NkrXipaHpohIaruUGzjbooXEyd2RYpr c38T0Y8DOXea9v4a7TUlziJnLKRl5jNWep14xV1F2PwLLkcgpZS4AQUpbfUw5vbEz7+D uaCA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:cc:to:subject :message-id:date:from:in-reply-to:references:mime-version :dkim-signature; bh=qyz70q0exwlxpG0yMPJfrMAVsSG+06PVBNztaJhtJqo=; b=GsuLzqa+6VBzzsG9vDj2oFMLymBLXEiHxd3r5wzKsCDYrUivOlIrdLYS1Ae1Ovt0ad 4Z5/9IGEVCjmghbtMkGn2upC7k/oG+ioPqvJZL2okHr7zCBS7muNSNKMBsAIKPEb4UFs VQepcLwljSEn5Q2Sn5tXfqXpcTpvDRn1OCTUmp/4uXCiF1MrFFR5VeyVxKOqKbKH5W0P T1dgaFn2xbm5wzdy7kvcN/oJZLtJCgrzZHruvMfQDbc9bP5otRY7mQNb5jplDoYTCxvI IhJ5lx7ryqco5fynWXV+v5jxNQ6npJUyfJpU7Q5DXMVAT2WhzUnNVnSson14X3obGAXM i3hA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@paul-moore.com header.s=google header.b=AOQvr9b4; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=paul-moore.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id fd13-20020a056a002e8d00b005e268568420si21323124pfb.23.2023.03.24.07.19.58; Fri, 24 Mar 2023 07:20:11 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@paul-moore.com header.s=google header.b=AOQvr9b4; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=paul-moore.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230100AbjCXOR2 (ORCPT + 99 others); Fri, 24 Mar 2023 10:17:28 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:56810 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230418AbjCXOR0 (ORCPT ); Fri, 24 Mar 2023 10:17:26 -0400 Received: from mail-yb1-xb2a.google.com (mail-yb1-xb2a.google.com [IPv6:2607:f8b0:4864:20::b2a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E72741E5FF for ; Fri, 24 Mar 2023 07:17:20 -0700 (PDT) Received: by mail-yb1-xb2a.google.com with SMTP id p15so2307812ybl.9 for ; Fri, 24 Mar 2023 07:17:20 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=paul-moore.com; s=google; t=1679667440; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=qyz70q0exwlxpG0yMPJfrMAVsSG+06PVBNztaJhtJqo=; b=AOQvr9b4IDlun2P9WBqyFgYrZnRMnWkZbi7nKD1h77svDtysp3k2+svumSz94wRohI DHZZwnayCvXPboUZHbIPyaInyWGXe1MZU80EoiXvTGptGU5x9ycbCOmJQPEv5+ToeKhI M28EIQd9BR39cjtGdwuyZiW6Z7sHOCN3XEb/+rDt/zaSbv28B5BeAQweq/nnqcNzKhfQ 8dNPfrfNpTMGHcndWQbl5qRBpRC+A5GBdNdTaoP1dpsA4MjG2imDAtn4mnZCDF0V7zF9 v0rIKu1s/EOQIUsfRTFmsVupWgV2UUt+PQt8qEAWmu6B4mKm/O6meI3joa44DP3+Dbq0 WgiQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; t=1679667440; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=qyz70q0exwlxpG0yMPJfrMAVsSG+06PVBNztaJhtJqo=; b=LcjDpCWTT4EfUCg2+vnShiGNt3vR4tIcAHvrbmpm0px62tWJ4ucmf5i9SpC/1z6u7f so4U/0sOJ+K7m7RReTIlVV3e7Alf1/oGvVw09OraMSEsIorR5QY/ww3Zwc7rphsokvvo KZ0v3/SoKjPjOY4G/nFu8i/NThunfDWyUS5uWGbg0DNjVUpAIAJn8aISi4qw8FjOh+1a 7+jQRFL9VprDG/PeJn0vqMwegw2BPq9arfb3yiSzmptoTLQ2RO2+ggS3jJ+5Pb56KQXe AzKqQliSwTHgrxJ8euzagTc567CFzqVsWywXh36sAsxdBdKwoEoxg2DiQf+bI6YCfYsn 8gEA== X-Gm-Message-State: AAQBX9drn+IYk0MwVOSPLWyaFU1mcKgszbnCd40a2ti1KLjvua3jXCU7 7xBdy16AMIyIlfuN/PtBf9FiRy+zo0uGdUh50D4b X-Received: by 2002:a05:6902:1586:b0:b76:ceb2:661b with SMTP id k6-20020a056902158600b00b76ceb2661bmr1495681ybu.3.1679667440030; Fri, 24 Mar 2023 07:17:20 -0700 (PDT) MIME-Version: 1.0 References: <20230314081720.4158676-1-roberto.sassu@huaweicloud.com> <20230314081720.4158676-5-roberto.sassu@huaweicloud.com> <5d8d802a-7664-fdf0-52ef-5817634d870d@schaufler-ca.com> In-Reply-To: <5d8d802a-7664-fdf0-52ef-5817634d870d@schaufler-ca.com> From: Paul Moore Date: Fri, 24 Mar 2023 10:17:09 -0400 Message-ID: Subject: Re: [PATCH v8 4/6] security: Allow all LSMs to provide xattrs for inode_init_security hook To: Casey Schaufler Cc: Roberto Sassu , mark@fasheh.com, jlbec@evilplan.org, joseph.qi@linux.alibaba.com, zohar@linux.ibm.com, dmitry.kasatkin@gmail.com, jmorris@namei.org, serge@hallyn.com, stephen.smalley.work@gmail.com, eparis@parisplace.org, ocfs2-devel@oss.oracle.com, reiserfs-devel@vger.kernel.org, linux-integrity@vger.kernel.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org, linux-kernel@vger.kernel.org, keescook@chromium.org, nicolas.bouchinet@clip-os.org, Roberto Sassu Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Spam-Status: No, score=-0.2 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Mar 23, 2023 at 9:01=E2=80=AFPM Casey Schaufler wrote: > On 3/23/2023 5:09 PM, Paul Moore wrote: > > On Tue, Mar 14, 2023 at 4:19=E2=80=AFAM Roberto Sassu > > wrote: ... > >> diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h > >> index c2be66c669a..75a2f85b49d 100644 > >> --- a/include/linux/lsm_hooks.h > >> +++ b/include/linux/lsm_hooks.h > >> @@ -63,6 +63,7 @@ struct lsm_blob_sizes { > >> int lbs_ipc; > >> int lbs_msg_msg; > >> int lbs_task; > >> + int lbs_xattr; /* number of xattr slots in new_xattrs arra= y */ > > > > No need for the comment, we don't do it for the other fields. > > I asked for the comment. lbs_xattr is the number of entries, which is > different from the other fields. The other fields contain blob sizes in > bytes. Inconsistent behavior should be noted. Fair enough. Since that's the case, let's encode something in the field name itself so that every user has a slight reminder that it is a count and not a size. How about 'lbs_xattr_count' or similar? --=20 paul-moore.com