git.baikalelectronics.ru Git - kernel.git/commit

author	Vivek Goyal <vgoyal@redhat.com>
	Tue, 12 Oct 2021 13:23:07 +0000 (09:23 -0400)
committer	Paul Moore <paul@paul-moore.com>
	Wed, 20 Oct 2021 12:17:08 +0000 (08:17 -0400)
commit	633891010b8df4a6495097ea1b491653071f3943
tree	987fb67442d6622e4646760cca87b15b459acfa1	tree \| snapshot
parent	5fb4e63545eecbd4edafd57eeb689b51ce662bba	commit \| diff

security: Return xattr name from security_dentry_init_security()

Right now security_dentry_init_security() only supports single security
label and is used by SELinux only. There are two users of this hook,
namely ceph and nfs.

NFS does not care about xattr name. Ceph hardcodes the xattr name to
security.selinux (XATTR_NAME_SELINUX).

I am making changes to fuse/virtiofs to send security label to virtiofsd
and I need to send xattr name as well. I also hardcoded the name of
xattr to security.selinux.

Stephen Smalley suggested that it probably is a good idea to modify
security_dentry_init_security() to also return name of xattr so that
we can avoid this hardcoding in the callers.

This patch adds a new parameter "const char **xattr_name" to
security_dentry_init_security() and LSM puts the name of xattr
too if caller asked for it (xattr_name != NULL).

Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
Reviewed-by: Jeff Layton <jlayton@kernel.org>
Reviewed-by: Christian Brauner <christian.brauner@ubuntu.com>
Acked-by: James Morris <jamorris@linux.microsoft.com>
[PM: fixed typos in the commit description]
Signed-off-by: Paul Moore <paul@paul-moore.com>

fs/ceph/xattr.c		diff \| blob \| history
fs/nfs/nfs4proc.c		diff \| blob \| history
include/linux/lsm_hook_defs.h		diff \| blob \| history
include/linux/lsm_hooks.h		diff \| blob \| history
include/linux/security.h		diff \| blob \| history
security/security.c		diff \| blob \| history
security/selinux/hooks.c		diff \| blob \| history