On May 13, 2025 Andrey Albershteyn <aalbe...@redhat.com> wrote: > > Introduce new hooks for setting and getting filesystem extended > attributes on inode (FS_IOC_FSGETXATTR). > > Cc: seli...@vger.kernel.org > Cc: Paul Moore <p...@paul-moore.com> > > Signed-off-by: Andrey Albershteyn <aalbe...@kernel.org> > --- > fs/file_attr.c | 19 ++++++++++++++++--- > include/linux/lsm_hook_defs.h | 2 ++ > include/linux/security.h | 16 ++++++++++++++++ > security/security.c | 30 ++++++++++++++++++++++++++++++ > 4 files changed, 64 insertions(+), 3 deletions(-)
The only thing that gives me a slight pause is that on a set operation we are going to hit both the get and set LSM hooks, but since the code does call into the getter on a set operation this is arguably the right thing. Acked-by: Paul Moore <p...@paul-moore.com> -- paul-moore.com
