On Tue, Jan 25, 2022 at 08:54:24AM -0500, Vivek Goyal wrote: > On Tue, Jan 25, 2022 at 05:54:57AM -0500, Jeff Layton wrote: > > [..] > > - /* > > - * FIXME: Make security_dentry_init_security() generic. Currently > > - * It only supports single security module and only selinux has > > - * dentry_init_security hook. > > - */ > > I think this comment is still very valid. security_dentry_init_security() > still supports only single security module. It does not have the > capability to deal with two modules trying to return security context. > > All my patch did was that instead of SELinux, now another LSM could > return security context and also return xattr name for the security > context. But it did nothing to allow multiple LSMs to return their > own security contexts. Yeah, that still doesn't work. Your patch did however help uncover what is a but in the current security_dentry_init_security() implementation afaict. Ceph was on the safe side so far because it always initialized name unconditionally because it knew that only selinux was relevant for this.
