On Fri, Dec 04, 2020 at 08:44:26AM +1100, Dave Chinner wrote: > > > + if ((IS_ENABLED(CONFIG_SECURITY) && dir->i_sb->s_security) || > > > + default_acl || acl) > > > + need_xattr = true; > > > + > > > + error = xfs_create(XFS_I(dir), &name, mode, rdev, > > > + need_xattr, &ip); > > > > It might be wort to factor the condition into a little helper. Also > > I think we also have security labels for O_TMPFILE inodes, so it might > > be worth plugging into that path as well. > > Yeah, a helper is a good idea - I just wanted to get some feedback > first on whether it's a good idea to peek directly at > i_sb->s_security or whether there is some other way of knowing ahead > of time that a security xattr is going to be created. I couldn't > find one, but that doesn't mean such an interface doesn't exist in > all the twisty passages of the LSM layers... I've added the relevant list, maybe someone there has an opinion.
