On Thu, Sep 30, 2021 at 02:59:10PM -0400, Vivek Goyal wrote: > Right now security_dentry_init_security() only supports single security > label and is used by SELinux only. There are two users of of this hook, > namely ceph and nfs. > > NFS does not care about xattr name. Ceph hardcodes the xattr name to > security.selinux (XATTR_NAME_SELINUX). > > I am making changes to fuse/virtiofs to send security label to virtiofsd > and I need to send xattr name as well. I also hardcoded the name of > xattr to security.selinux. > > Stephen Smalley suggested that it probably is a good idea to modify > security_dentry_init_security() to also return name of xattr so that > we can avoid this hardcoding in the callers. > > This patch adds a new parameter "const char **xattr_name" to > security_dentry_init_security() and LSM puts the name of xattr > too if caller asked for it (xattr_name != NULL). Umm... Why not return the damn thing on success and ERR_PTR(-E...) on failure, instead of breeding extra arguments?
