Re: [PATCH 11/14] xattr: support extended attributes on sockets

[Jan Kara]

On Mon 16-02-26 14:32:07, Christian Brauner wrote:
> Allow user.* extended attributes on sockets by adding S_IFSOCK to the
> xattr_permission() switch statement. Previously user.* xattrs were only
> permitted on regular files and directories. Symlinks and special files
> including sockets were rejected with -EPERM.
> 
> Path-based AF_UNIX sockets have their inodes on the underlying
> filesystem (e.g. tmpfs) which already supports user.* xattrs through
> simple_xattrs. So for these the permission check was the only thing
> missing.
> 
> For sockets in sockfs - everything created via socket() including
> abstract namespace AF_UNIX sockets - the preceding patch added
> simple_xattr storage with per-inode limits. With the permission check
> lifted here these sockets can now store user.* xattrs as well.
> 
> This enables services to associate metadata with their sockets. For
> example, a service using Varlink for IPC can label its socket with
> user.varlink=1 allowing eBPF programs to selectively capture traffic
> and tools to discover IPC entrypoints by enumerating bound sockets via
> netlink. Similarly, protocol negotiation can be performed through xattrs
> such as indicating RFC 5424 structured syslog support on /dev/log.
> 
> Signed-off-by: Christian Brauner <brauner@xxxxxxxxxx>

OK. Feel free to add:

Reviewed-by: Jan Kara <jack@xxxxxxx>

								Honza

> ---
>  fs/xattr.c | 2 ++
>  1 file changed, 2 insertions(+)
> 
> diff --git a/fs/xattr.c b/fs/xattr.c
> index 5e559b1c651f..09ecbaaa1660 100644
> --- a/fs/xattr.c
> +++ b/fs/xattr.c
> @@ -163,6 +163,8 @@ xattr_permission(struct mnt_idmap *idmap, struct inode *inode,
>  			if (inode_owner_or_capable(idmap, inode))
>  				break;
>  			return -EPERM;
> +		case S_IFSOCK:
> +			break;
>  		default:
>  			return xattr_permission_error(mask);
>  		}
> 
> -- 
> 2.47.3
> 
-- 
Jan Kara <jack@xxxxxxxx>
SUSE Labs, CR