On Fri, Apr 26, 2024, at 18:20, Christian Göttsche wrote:
> From: Christian Göttsche <cgzones@xxxxxxxxxxxxxx>
>
> Add the four syscalls setxattrat(), getxattrat(), listxattrat() and
> removexattrat(). Those can be used to operate on extended attributes,
> especially security related ones, either relative to a pinned directory
> or on a file descriptor without read access, avoiding a
> /proc/<pid>/fd/<fd> detour, requiring a mounted procfs.
>
> One use case will be setfiles(8) setting SELinux file contexts
> ("security.selinux") without race conditions and without a file
> descriptor opened with read access requiring SELinux read permission.
>
> Use the do_{name}at() pattern from fs/open.c.
>
> Pass the value of the extended attribute, its length, and for
> setxattrat(2) the command (XATTR_CREATE or XATTR_REPLACE) via an added
> struct xattr_args to not exceed six syscall arguments and not
> merging the AT_* and XATTR_* flags.
>
> Signed-off-by: Christian Göttsche <cgzones@xxxxxxxxxxxxxx>
> CC: x86@xxxxxxxxxx
> CC: linux-alpha@xxxxxxxxxxxxxxx
> CC: linux-kernel@xxxxxxxxxxxxxxx
> CC: linux-arm-kernel@xxxxxxxxxxxxxxxxxxx
> CC: linux-ia64@xxxxxxxxxxxxxxx
> CC: linux-m68k@xxxxxxxxxxxxxxxxxxxx
> CC: linux-mips@xxxxxxxxxxxxxxx
> CC: linux-parisc@xxxxxxxxxxxxxxx
> CC: linuxppc-dev@xxxxxxxxxxxxxxxx
> CC: linux-s390@xxxxxxxxxxxxxxx
> CC: linux-sh@xxxxxxxxxxxxxxx
> CC: sparclinux@xxxxxxxxxxxxxxx
> CC: linux-fsdevel@xxxxxxxxxxxxxxx
> CC: audit@xxxxxxxxxxxxxxx
> CC: linux-arch@xxxxxxxxxxxxxxx
> CC: linux-api@xxxxxxxxxxxxxxx
> CC: linux-security-module@xxxxxxxxxxxxxxx
> CC: selinux@xxxxxxxxxxxxxxx
I checked that the syscalls are all well-formed regarding
argument types, number of arguments and (absence of)
compat handling, and that they are wired up correctly
across architectures
I did not look at the actual implementation in detail.
Reviewed-by: Arnd Bergmann <arnd@xxxxxxxx>
