On Fri, Apr 26, 2024, at 18:20, Christian Göttsche wrote: > From: Christian Göttsche <cgzo...@googlemail.com> > > Add the four syscalls setxattrat(), getxattrat(), listxattrat() and > removexattrat(). Those can be used to operate on extended attributes, > especially security related ones, either relative to a pinned directory > or on a file descriptor without read access, avoiding a > /proc/<pid>/fd/<fd> detour, requiring a mounted procfs. > > One use case will be setfiles(8) setting SELinux file contexts > ("security.selinux") without race conditions and without a file > descriptor opened with read access requiring SELinux read permission. > > Use the do_{name}at() pattern from fs/open.c. > > Pass the value of the extended attribute, its length, and for > setxattrat(2) the command (XATTR_CREATE or XATTR_REPLACE) via an added > struct xattr_args to not exceed six syscall arguments and not > merging the AT_* and XATTR_* flags. > > Signed-off-by: Christian Göttsche <cgzo...@googlemail.com> > CC: x...@kernel.org > CC: linux-al...@vger.kernel.org > CC: linux-ker...@vger.kernel.org > CC: linux-arm-ker...@lists.infradead.org > CC: linux-i...@vger.kernel.org > CC: linux-m...@lists.linux-m68k.org > CC: linux-m...@vger.kernel.org > CC: linux-par...@vger.kernel.org > CC: linuxppc-...@lists.ozlabs.org > CC: linux-s...@vger.kernel.org > CC: linux...@vger.kernel.org > CC: sparcli...@vger.kernel.org > CC: linux-fsde...@vger.kernel.org > CC: audit@vger.kernel.org > CC: linux-a...@vger.kernel.org > CC: linux-...@vger.kernel.org > CC: linux-security-mod...@vger.kernel.org > CC: seli...@vger.kernel.org
I checked that the syscalls are all well-formed regarding argument types, number of arguments and (absence of) compat handling, and that they are wired up correctly across architectures I did not look at the actual implementation in detail. Reviewed-by: Arnd Bergmann <a...@arndb.de>