From dc0876b9846d3d48bb8528332106d1b051578a02 Mon Sep 17 00:00:00 2001 From: Christian Brauner Date: Mon, 16 Feb 2026 14:32:07 +0100 Subject: xattr: support extended attributes on sockets Allow user.* extended attributes on sockets by adding S_IFSOCK to the xattr_permission() switch statement. Previously user.* xattrs were only permitted on regular files and directories. Symlinks and special files including sockets were rejected with -EPERM. Path-based AF_UNIX sockets have their inodes on the underlying filesystem (e.g. tmpfs) which already supports user.* xattrs through simple_xattrs. So for these the permission check was the only thing missing. For sockets in sockfs - everything created via socket() including abstract namespace AF_UNIX sockets - the preceding patch added simple_xattr storage with per-inode limits. With the permission check lifted here these sockets can now store user.* xattrs as well. This enables services to associate metadata with their sockets. For example, a service using Varlink for IPC can label its socket with user.varlink=1 allowing eBPF programs to selectively capture traffic and tools to discover IPC entrypoints by enumerating bound sockets via netlink. Similarly, protocol negotiation can be performed through xattrs such as indicating RFC 5424 structured syslog support on /dev/log. Link: https://patch.msgid.link/20260216-work-xattr-socket-v1-11-c2efa4f74cb7@kernel.org Acked-by: Darrick J. Wong Reviewed-by: Jan Kara Signed-off-by: Christian Brauner --- fs/xattr.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/fs/xattr.c b/fs/xattr.c index 5e559b1c651f..09ecbaaa1660 100644 --- a/fs/xattr.c +++ b/fs/xattr.c @@ -163,6 +163,8 @@ xattr_permission(struct mnt_idmap *idmap, struct inode *inode, if (inode_owner_or_capable(idmap, inode)) break; return -EPERM; + case S_IFSOCK: + break; default: return xattr_permission_error(mask); } -- cgit v1.2.3