Re: [PATCH 3/7] security,overlayfs: Provide security hook for copy up of xattrs for overlay file

From: Vivek Goyal
Date: Mon Jul 11 2016 - 12:57:11 EST


On Mon, Jul 11, 2016 at 11:31:47AM -0400, Stephen Smalley wrote:
> On 07/08/2016 12:19 PM, Vivek Goyal wrote:
> > Provide a security hook which is called when xattrs of a file are being
> > copied up. This hook is called once for each xattr and LSM can return 0
> > to access the xattr, 1 to reject xattr, -EOPNOTSUPP if none of the lsms
> > claim to know xattr and a negative error code if something went terribly
> > wrong.
>
> 0 if the security module wants the xattr to be copied up, 1 if the
> security module wants the xattr to be discarded on the copy, -EOPNOTSUPP
> if the security module does not handle/manage the xattr, or a -errno
> upon an error.

Ok, will change the description.

>
> >
> > If 0 or -EOPNOTSUPP is returned, xattr will be copied up, if 1 is returned,
> > xattr will not be copied up and if negative error code is returned, copy up
> > will be aborted.
>
> Not sure I understand the benefit of the 0 vs -EOPNOTSUPP distinction.

I am not sure either. Casey wanted to have four states so I introduced it.

Thanks
Vivek