Received: by 2002:a05:6a10:5bc5:0:0:0:0 with SMTP id os5csp1447197pxb; Wed, 20 Oct 2021 05:25:42 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyXdWssDkUInZhRR7QJZywRtsXzb0c7zz9Hiy6c9uE64GIWbI/3PSXB/a2P70+QGYfGEt2n X-Received: by 2002:a05:6a00:a96:b0:44d:a0d5:411f with SMTP id b22-20020a056a000a9600b0044da0d5411fmr6141959pfl.65.1634732742488; Wed, 20 Oct 2021 05:25:42 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1634732742; cv=none; d=google.com; s=arc-20160816; b=svBkpkzRJNqfUv5isZhoi14rL/cEWCzg6dxm9rKYkO6720exsR0Gcc5z7olwEV1eYH YTsIBlsxpoNgSDmuZ/DMtbcRpLz436jaiZm42Yrjuc0XEz/C3CzoP9B2xStZixPfgDay E7PPISXwCLXj0aBp0CrIlkpMevaH1NXhYI4GJEpJu8FPPQDGDtxO9q7CpP3OdpKFgjWN 3PD7VVe7m6j5uP7p1UUkGNkb3X6aDY9C5WrtI+YTuWr7f+8tUJNNYwEwpQADHHt+TLw2 2PqLv/AUxTBAtaz3TaZ9CBHn15xoHtm4Z0VoF/tKpcE0acuQi272N/6L/U8GU7Q5VRFS vS1w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=JB7H3ohM5l70AQemzmGYYtizSnnDY/xIC1TQbSPrjbg=; b=MxGKaGv1Kp4Qvt9CjYiXYPGYCQYntTvAZln3IT7j9S1BJ3xvFn5Gq6suFBc43XVLtd Q7GybIQEKPWIBZM7pjx+yuAAEtNSHoWsUhMLa5hrWKzT9awuquxceZq+siopd6/EHZ6i lhlOs0vS560qEIbFXmsYogyBpPnwTD97qUSl1yDdYNJ7UYcXm23XM26FlFq353fq7ZHO wvCgmlV4r63/JtkRGegd96JA9ItgDzx8QrcbqJ+gfPwsmkWp4jEDBecPPCiZDBZbgw9H gL6ttq1AeGHkmx1JPopDB4dMujX3LQ+Cr5UOqsNlw7O7h1mhJY0cdoLgbrvhwwNJFgWS 0hnQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@paul-moore-com.20210112.gappssmtp.com header.s=20210112 header.b=rLU0zY3v; spf=pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-nfs-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id il9si3135607pjb.99.2021.10.20.05.25.10; Wed, 20 Oct 2021 05:25:42 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@paul-moore-com.20210112.gappssmtp.com header.s=20210112 header.b=rLU0zY3v; spf=pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-nfs-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229864AbhJTM1U (ORCPT + 99 others); Wed, 20 Oct 2021 08:27:20 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:50976 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229702AbhJTM1U (ORCPT ); Wed, 20 Oct 2021 08:27:20 -0400 Received: from mail-ed1-x52b.google.com (mail-ed1-x52b.google.com [IPv6:2a00:1450:4864:20::52b]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C9B16C06161C for ; Wed, 20 Oct 2021 05:25:05 -0700 (PDT) Received: by mail-ed1-x52b.google.com with SMTP id r4so18505763edi.5 for ; Wed, 20 Oct 2021 05:25:05 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=paul-moore-com.20210112.gappssmtp.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=JB7H3ohM5l70AQemzmGYYtizSnnDY/xIC1TQbSPrjbg=; b=rLU0zY3vuETlD8DmXa6icR4V0aZP7SDSFOv0A6gC6PjWLkWUnOXPevqNLUuFKMGfRd P3YPsN0m9K+kbIJpG0XJuYnNvFuqUkKY1tqTd83Dgp/ML8j+TqRT2WMJkVKvMM2DrFXM WMikcrl5blUx0kl36C9sOUF8R+OmPP0b7ult7a5I7yAPYzbbutNNxvHbnOzpKZXsUwE9 eFdh2zLJ9aRW5t8WLT6PbcQCcdj6qj3XAZu58vuOl6e5ci73vbDUMrlWroby41Ry7drM qsdaWrj3JDOj8QnhA/ow2VgGlOwItBtfQoQCh8HAmXYot9iY0Lxg6OWLD/ccRlL1kMiI kaDg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=JB7H3ohM5l70AQemzmGYYtizSnnDY/xIC1TQbSPrjbg=; b=2MgTBA4MtFLZUHH5YnVCf/En22XoeIBrMqofn5IxRj8Y6a8Fr4vfLXjHN+wV3dhMr4 NGcOFnJWFq8TDLuEo7ddVBKLpArYg1PBqD8rbNd3nRKXE7ABqqJj+Ez3Fi6pdTUX4edk B19K8C9x6jp0V4+XO+RQW+QPinsC3emELDfvY6YpK5erX/VEX/8D1/JMXN3YdIZamZoP pijmZ9hEHxWQJCRmHPsGFXBCRGnfBCsAVwBMvFv+k7l7JODJrXVSB+zCiZN7lbSWclrE w0rC4psGDlGc2Ky4eLW31zmXWLps5WY6AA4n5HYh9i86r8vmAdAdP2qKrfAO5PtFiPW0 poFA== X-Gm-Message-State: AOAM530KjKYHn5R85Jh9oC1BspbrwjcQPymrGZtXvgeMdlQ2Zp3JXmFw veQoSdmhDqP46T/VeVV8Hk023Ithj7rW+MC8SykI X-Received: by 2002:a05:6402:22d6:: with SMTP id dm22mr63176602edb.209.1634732695469; Wed, 20 Oct 2021 05:24:55 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: Paul Moore Date: Wed, 20 Oct 2021 08:24:44 -0400 Message-ID: Subject: Re: [PATCH v2] security: Return xattr name from security_dentry_init_security() To: Vivek Goyal Cc: James Morris , linux-security-module@vger.kernel.org, selinux@vger.kernel.org, Serge Hallyn , linux-fsdevel@vger.kernel.org, virtio-fs@redhat.com, Miklos Szeredi , Dan Walsh , jlayton@kernel.org, idryomov@gmail.com, ceph-devel@vger.kernel.org, linux-nfs@vger.kernel.org, bfields@fieldses.org, chuck.lever@oracle.com, anna.schumaker@netapp.com, trond.myklebust@hammerspace.com, Stephen Smalley , casey@schaufler-ca.com, Ondrej Mosnacek Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-nfs@vger.kernel.org On Tue, Oct 12, 2021 at 9:23 AM Vivek Goyal wrote: > > Right now security_dentry_init_security() only supports single security > label and is used by SELinux only. There are two users of of this hook, > namely ceph and nfs. > > NFS does not care about xattr name. Ceph hardcodes the xattr name to > security.selinux (XATTR_NAME_SELINUX). > > I am making changes to fuse/virtiofs to send security label to virtiofsd > and I need to send xattr name as well. I also hardcoded the name of > xattr to security.selinux. > > Stephen Smalley suggested that it probably is a good idea to modify > security_dentry_init_security() to also return name of xattr so that > we can avoid this hardcoding in the callers. > > This patch adds a new parameter "const char **xattr_name" to > security_dentry_init_security() and LSM puts the name of xattr > too if caller asked for it (xattr_name != NULL). > > Signed-off-by: Vivek Goyal > Reviewed-by: Jeff Layton > --- > > Changes since v1: > - Updated comment to make it clear caller does not have to free the > xattr_name. (Jeff Layton). > - Captured Jeff's Reviewed-by ack. > > I have tested this patch with virtiofs and compile tested for ceph and nfs. > > NFS changes are trivial. Looking for an ack from NFS maintainers. > > --- > fs/ceph/xattr.c | 3 +-- > fs/nfs/nfs4proc.c | 3 ++- > include/linux/lsm_hook_defs.h | 3 ++- > include/linux/lsm_hooks.h | 3 +++ > include/linux/security.h | 6 ++++-- > security/security.c | 7 ++++--- > security/selinux/hooks.c | 6 +++++- > 7 files changed, 21 insertions(+), 10 deletions(-) This looks fine to me and considering the trivial nature of the NFS changes I'm okay with merging this without an explicit ACK from the NFS folks. Similarly, I generally dislike merging new functionality once we hit -rc6, but this is trivial enough that I think it's okay; I'm merging this into selinux/next now, thanks everyone. -- paul moore www.paul-moore.com