From 15bf32398ad488c0df1cbaf16431422c87e4feea Mon Sep 17 00:00:00 2001 From: Vivek Goyal Date: Tue, 12 Oct 2021 09:23:07 -0400 Subject: security: Return xattr name from security_dentry_init_security() Right now security_dentry_init_security() only supports single security label and is used by SELinux only. There are two users of this hook, namely ceph and nfs. NFS does not care about xattr name. Ceph hardcodes the xattr name to security.selinux (XATTR_NAME_SELINUX). I am making changes to fuse/virtiofs to send security label to virtiofsd and I need to send xattr name as well. I also hardcoded the name of xattr to security.selinux. Stephen Smalley suggested that it probably is a good idea to modify security_dentry_init_security() to also return name of xattr so that we can avoid this hardcoding in the callers. This patch adds a new parameter "const char **xattr_name" to security_dentry_init_security() and LSM puts the name of xattr too if caller asked for it (xattr_name != NULL). Signed-off-by: Vivek Goyal Reviewed-by: Jeff Layton Reviewed-by: Christian Brauner Acked-by: James Morris [PM: fixed typos in the commit description] Signed-off-by: Paul Moore --- include/linux/lsm_hooks.h | 3 +++ 1 file changed, 3 insertions(+) (limited to 'include/linux/lsm_hooks.h') diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h index 528554e9b90c..0bada4df23fc 100644 --- a/include/linux/lsm_hooks.h +++ b/include/linux/lsm_hooks.h @@ -196,6 +196,9 @@ * @dentry dentry to use in calculating the context. * @mode mode used to determine resource type. * @name name of the last path component used to create file + * @xattr_name pointer to place the pointer to security xattr name. + * Caller does not have to free the resulting pointer. Its + * a pointer to static string. * @ctx pointer to place the pointer to the resulting context in. * @ctxlen point to place the length of the resulting context. * @dentry_create_files_as: -- cgit v1.2.3