diff options
author | Vivek Goyal <vgoyal@redhat.com> | 2021-10-12 09:23:07 -0400 |
---|---|---|
committer | Paul Moore <paul@paul-moore.com> | 2021-10-20 08:17:08 -0400 |
commit | 15bf32398ad488c0df1cbaf16431422c87e4feea (patch) | |
tree | 987fb67442d6622e4646760cca87b15b459acfa1 /fs/io-wq.c | |
parent | 1c73213ba991d26a91282e775d1f5a60e41e5184 (diff) | |
download | lwn-15bf32398ad488c0df1cbaf16431422c87e4feea.tar.gz lwn-15bf32398ad488c0df1cbaf16431422c87e4feea.zip |
security: Return xattr name from security_dentry_init_security()
Right now security_dentry_init_security() only supports single security
label and is used by SELinux only. There are two users of this hook,
namely ceph and nfs.
NFS does not care about xattr name. Ceph hardcodes the xattr name to
security.selinux (XATTR_NAME_SELINUX).
I am making changes to fuse/virtiofs to send security label to virtiofsd
and I need to send xattr name as well. I also hardcoded the name of
xattr to security.selinux.
Stephen Smalley suggested that it probably is a good idea to modify
security_dentry_init_security() to also return name of xattr so that
we can avoid this hardcoding in the callers.
This patch adds a new parameter "const char **xattr_name" to
security_dentry_init_security() and LSM puts the name of xattr
too if caller asked for it (xattr_name != NULL).
Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
Reviewed-by: Jeff Layton <jlayton@kernel.org>
Reviewed-by: Christian Brauner <christian.brauner@ubuntu.com>
Acked-by: James Morris <jamorris@linux.microsoft.com>
[PM: fixed typos in the commit description]
Signed-off-by: Paul Moore <paul@paul-moore.com>
Diffstat (limited to 'fs/io-wq.c')
0 files changed, 0 insertions, 0 deletions