On Wed, Jul 1, 2026 at 8:55 AM Paul Moore <[email protected]> wrote: [...] > > kfunc bpf_init_inode_xattr(...) > { > /* sanity check params */ > if (!xattrs ...) > return -EINVAL; > > /* get value/len from bpf dynptr */ > > /* hook will check for LSM specific xattr count/limits, allocate, > copy value*/ > rc = security_lsmxattr_add(xattrs, LSM_ID_BPF, value, value_len); > if (rc) > return rc; > } > > David, if you like I can provide you a patch that implements the > security_lsmxattr_add() hook above if you aren't comfortable writing > that, but if you want to give it a shot that's all the better :) >
Makes sense, I can do it while I'm fixing the remaining issue flagged by sashiko. I'll route the LSM preparation patch containing struct lsm_xattrs and security_lsmxattr_add() through security and the kfunc and selftest through bpf. Does that work for you? Thanks, David

