Re: [PATCH v8 4/6] security: Allow all LSMs to provide xattrs for inode_init_security hook

From: Paul Moore
Date: Fri Mar 24 2023 - 10:17:31 EST


On Thu, Mar 23, 2023 at 9:01 PM Casey Schaufler <casey@xxxxxxxxxxxxxxxx> wrote:
> On 3/23/2023 5:09 PM, Paul Moore wrote:
> > On Tue, Mar 14, 2023 at 4:19 AM Roberto Sassu
> > <roberto.sassu@xxxxxxxxxxxxxxx> wrote:

...

> >> diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h
> >> index c2be66c669a..75a2f85b49d 100644
> >> --- a/include/linux/lsm_hooks.h
> >> +++ b/include/linux/lsm_hooks.h
> >> @@ -63,6 +63,7 @@ struct lsm_blob_sizes {
> >> int lbs_ipc;
> >> int lbs_msg_msg;
> >> int lbs_task;
> >> + int lbs_xattr; /* number of xattr slots in new_xattrs array */
> >
> > No need for the comment, we don't do it for the other fields.
>
> I asked for the comment. lbs_xattr is the number of entries, which is
> different from the other fields. The other fields contain blob sizes in
> bytes. Inconsistent behavior should be noted.

Fair enough. Since that's the case, let's encode something in the
field name itself so that every user has a slight reminder that it is
a count and not a size. How about 'lbs_xattr_count' or similar?

--
paul-moore.com