On Mon, Mar 11, 2024 at 11:07 PM Eric Biggers <ebigg...@kernel.org> wrote: > On Mon, Mar 11, 2024 at 07:57:12PM -0700, Eric Biggers wrote: > > > > As I've said before, this commit message needs some work. It currently > > doesn't > > say anything about what the patch actually does. > > > > BTW, please make sure you're Cc'ing the fsverity mailing list > > (fsver...@lists.linux.dev), not fscrypt (linux-fscr...@vger.kernel.org). > > Also, I thought this patch was using a new LSM hook, but I now see that you're > actually abusing the existing security_inode_setsecurity() LSM hook. > Currently > that hook is called when an xattr is set. I don't see any precedent for > overloading it for other purposes.
I'm not really bothered by this, and if it proves to be a problem in the future we can swap it for a new hook; we don't include the LSM in-kernel API in any stable API guarantees. > This seems problematic, as it means that a > request to set an xattr with the name you chose ("fsverity.builtin-sig") will > be > interpreted by LSMs as the fsverity builtin signature. A dedicated LSM hook > may > be necessary to avoid issues with overloading the existing xattr hook like > this. Would you be more comfortable if the name was in an IPE related space, for example something like "ipe.fsverity-sig"? -- paul-moore.com