On Fri, Apr 26, 2024, at 18:20, Christian Göttsche wrote:
From: Christian Göttsche <cgzones@xxxxxxxxxxxxxx>
Add the four syscalls setxattrat(), getxattrat(), listxattrat() and
removexattrat(). Those can be used to operate on extended attributes,
especially security related ones, either relative to a pinned directory
or on a file descriptor without read access, avoiding a
/proc/<pid>/fd/<fd> detour, requiring a mounted procfs.
One use case will be setfiles(8) setting SELinux file contexts
("security.selinux") without race conditions and without a file
descriptor opened with read access requiring SELinux read permission.
Use the do_{name}at() pattern from fs/open.c.
Pass the value of the extended attribute, its length, and for
setxattrat(2) the command (XATTR_CREATE or XATTR_REPLACE) via an added
struct xattr_args to not exceed six syscall arguments and not
merging the AT_* and XATTR_* flags.
Signed-off-by: Christian Göttsche <cgzones@xxxxxxxxxxxxxx>
CC: x86@xxxxxxxxxx
CC: linux-alpha@xxxxxxxxxxxxxxx
CC: linux-kernel@xxxxxxxxxxxxxxx
CC: linux-arm-kernel@xxxxxxxxxxxxxxxxxxx
CC: linux-ia64@xxxxxxxxxxxxxxx
CC: linux-m68k@xxxxxxxxxxxxxxxxxxxx
CC: linux-mips@xxxxxxxxxxxxxxx
CC: linux-parisc@xxxxxxxxxxxxxxx
CC: linuxppc-dev@xxxxxxxxxxxxxxxx
CC: linux-s390@xxxxxxxxxxxxxxx
CC: linux-sh@xxxxxxxxxxxxxxx
CC: sparclinux@xxxxxxxxxxxxxxx
CC: linux-fsdevel@xxxxxxxxxxxxxxx
CC: audit@xxxxxxxxxxxxxxx
CC: linux-arch@xxxxxxxxxxxxxxx
CC: linux-api@xxxxxxxxxxxxxxx
CC: linux-security-module@xxxxxxxxxxxxxxx
CC: selinux@xxxxxxxxxxxxxxx
I checked that the syscalls are all well-formed regarding
argument types, number of arguments and (absence of)
compat handling, and that they are wired up correctly
across architectures
I did not look at the actual implementation in detail.
Reviewed-by: Arnd Bergmann <arnd@xxxxxxxx>
