On 2025-03-24 20:27:02, Mickaël Salaün wrote: > On Fri, Mar 21, 2025 at 05:32:25PM -0400, Paul Moore wrote: > > On Mar 21, 2025 Andrey Albershteyn <aalbe...@redhat.com> wrote: > > > > > > Introduce new hooks for setting and getting filesystem extended > > > attributes on inode (FS_IOC_FSGETXATTR). > > > > > > Cc: seli...@vger.kernel.org > > > Cc: Paul Moore <p...@paul-moore.com> > > > > > > Signed-off-by: Andrey Albershteyn <aalbe...@kernel.org> > > > --- > > > fs/ioctl.c | 7 ++++++- > > > include/linux/lsm_hook_defs.h | 4 ++++ > > > include/linux/security.h | 16 ++++++++++++++++ > > > security/security.c | 32 ++++++++++++++++++++++++++++++++ > > > 4 files changed, 58 insertions(+), 1 deletion(-) > > > > Thanks Andrey, one small change below, but otherwise this looks pretty > > good. If you feel like trying to work up the SELinux implementation but > > need some assitance please let me know, I'll be happy to help :) > > > > > diff --git a/fs/ioctl.c b/fs/ioctl.c > > > index > > > 638a36be31c14afc66a7fd6eb237d9545e8ad997..4434c97bc5dff5a3e8635e28745cd99404ff353e > > > 100644 > > > --- a/fs/ioctl.c > > > +++ b/fs/ioctl.c > > > @@ -525,10 +525,15 @@ EXPORT_SYMBOL(fileattr_fill_flags); > > > int vfs_fileattr_get(struct dentry *dentry, struct fileattr *fa) > > > { > > > struct inode *inode = d_inode(dentry); > > > + int error; > > > > > > if (!inode->i_op->fileattr_get) > > > return -ENOIOCTLCMD; > > > > > > + error = security_inode_getfsxattr(inode, fa); > > > + if (error) > > > + return error; > > > + > > > return inode->i_op->fileattr_get(dentry, fa); > > > } > > > EXPORT_SYMBOL(vfs_fileattr_get); > > > @@ -692,7 +697,7 @@ int vfs_fileattr_set(struct mnt_idmap *idmap, struct > > > dentry *dentry, > > > fa->flags |= old_ma.flags & ~FS_COMMON_FL; > > > } > > > err = fileattr_set_prepare(inode, &old_ma, fa); > > > - if (!err) > > > + if (!err && !security_inode_setfsxattr(inode, fa)) > > > err = inode->i_op->fileattr_set(idmap, dentry, fa); > > > } > > > inode_unlock(inode); > > > > I don't believe we want to hide or otherwise drop the LSM return code as > > that could lead to odd behavior, e.g. returning 0/success despite not > > having executed the fileattr_set operation. > > Yes, this should look something like this: > > err = fileattr_set_prepare(inode, &old_ma, fa); > if (err) > goto out; > err = security_inode_setfsxattr(dentry, fa); > if (err) > goto out; > err = inode->i_op->fileattr_set(idmap, dentry, fa); > if (err) > goto out; > > > > > -- > > paul-moore.com > > >
Sure, thanks for noticing, will switch to dentries and handle error code it in v5 -- - Andrey