On Wed, Jul 1, 2026 at 6:58 PM David Windsor <[email protected]> wrote: > On Wed, Jul 1, 2026 at 8:55 AM Paul Moore <[email protected]> wrote: > [...] > > > > kfunc bpf_init_inode_xattr(...) > > { > > /* sanity check params */ > > if (!xattrs ...) > > return -EINVAL; > > > > /* get value/len from bpf dynptr */ > > > > /* hook will check for LSM specific xattr count/limits, allocate, > > copy value*/ > > rc = security_lsmxattr_add(xattrs, LSM_ID_BPF, value, value_len); > > if (rc) > > return rc; > > } > > > > David, if you like I can provide you a patch that implements the > > security_lsmxattr_add() hook above if you aren't comfortable writing > > that, but if you want to give it a shot that's all the better :) > > Makes sense, I can do it while I'm fixing the remaining issue flagged > by sashiko. > > I'll route the LSM preparation patch containing struct lsm_xattrs and > security_lsmxattr_add() through security and the kfunc and selftest > through bpf. Does that work for you?
Yep. -- paul-moore.com

