On Jan 26, 2024 Ondrej Mosnacek <omosnace@xxxxxxxxxx> wrote: > > For these hooks the true "neutral" value is -EOPNOTSUPP, which is > currently what is returned when no LSM provides this hook and what LSMs > return when there is no security context set on the socket. Correct the > value in <linux/lsm_hooks.h> and adjust the dispatch functions in > security/security.c to avoid issues when the BPF LSM is enabled. > > Fixes: 98e828a0650f ("security: Refactor declaration of LSM hooks") > Signed-off-by: Ondrej Mosnacek <omosnace@xxxxxxxxxx> > --- > include/linux/lsm_hook_defs.h | 4 ++-- > security/security.c | 31 +++++++++++++++++++++++++++---- > 2 files changed, 29 insertions(+), 6 deletions(-) I was originally going to merge this via lsm/dev, but thinking about this some more today, and considering the other inode_getsecctx() fix, I think this patch should be marked for stable too. I'm going to merge this into lsm/stable-6.8 and assuming all the tests come back clean (which they should), I'll send this up to Linus tomorrow with the inode_getsecctx() fix. Thanks all! -- paul-moore.com