On Tue, Nov 7, 2023 at 6:03 AM Roberto Sassu <roberto.sassu@xxxxxxxxxxxxxxx> wrote: > On Mon, 2023-11-06 at 17:53 -0500, Paul Moore wrote: > > Hi Roberto, > > > > I know you were looking at this over the summer[1], did you ever find > > a resolution to this? If not, what do you think of just dropping > > security xattr support on reiserfs? Normally that wouldn't be > > something we could consider, but given the likelihood that this hadn't > > been working in *years* (if ever), and reiserfs is deprecated, I think > > this is a viable option if there isn't an obvious fix. > > > > [1] https://lore.kernel.org/linux-security-module/CAHC9VhTM0a7jnhxpCyonepcfWbnG-OJbbLpjQi68gL2GVnKSRg@xxxxxxxxxxxxxx/ > > Hi Paul > > at the time, I did some investigation and came with a patch that > (likely) solves some of the problems: > > https://lore.kernel.org/linux-fsdevel/4aa799a0b87d4e2ecf3fa74079402074dc42b3c5.camel@xxxxxxxxxxxxxxx/#t Ah, thanks for the link, it looks like that was swallowed by my inbox. In general if you feel it is worth adding my email to a patch, you should probably also CC the LSM list. If nothing else there is a patchwork watching the LSM list that I use to make sure I don't miss/forget about patches. > I did a more advanced patch (to be validated), trying to fix the root > cause: > > https://lore.kernel.org/linux-fsdevel/ffde7908-be73-cc56-2646-72f4f94cb51b@xxxxxxxxxxxxxxx/ > > However, Jeff Mahoney (that did a lot of work in this area) suggested > that maybe we should not try invasive changes, as anyway reiserfs will > be removed from the kernel in 2025. I tend to agree with Jeff, which is one of the reasons I was suggesting simply removing LSM xattr support from reiserfs, although depending on what that involves it might be a big enough change that we are better off simply leaving it broken. I think we need to see what that patch would look like first. > It wouldn't be a problem to move the first patch forward. I worry that the first patch you mentioned above doesn't really solve anything, it only makes it the responsibility of the user to choose either A) a broken system where LSM xattrs don't work or B) a system that will likely deadlock/panic. I think I would rather revert the original commit and just leave the LSM xattrs broken than ask a user to make that choice. -- paul-moore.com
