On Mon, Dec 07, 2020 at 05:25:45PM +0000, Christoph Hellwig wrote: > On Mon, Dec 07, 2020 at 09:22:13AM -0800, Casey Schaufler wrote: > > Only security modules should ever look at what's in the security blob. > > In fact, you can't assume that the presence of a security blob > > (i.e. ...->s_security != NULL) implies "need_xattr", or any other > > state for the superblock. > > Maybe "strongly suggests that an xattr will be added" is the better > wording. Right, I did this knowing that only selinux and smack actually use sb->s_security so it's not 100% reliable. However, these are also the only two security modules that hook inode_init_security and create xattrs. So it seems like peeking at ->s_security here gives us a fairly reliable indicator that we're going to have to create xattrs on this new inode before we complete the create process... Cheers, Dave. -- Dave Chinner david@xxxxxxxxxxxxx
