On May 13, 2025 Andrey Albershteyn <aalbersh@xxxxxxxxxx> wrote: > > Introduce new hooks for setting and getting filesystem extended > attributes on inode (FS_IOC_FSGETXATTR). > > Cc: selinux@xxxxxxxxxxxxxxx > Cc: Paul Moore <paul@xxxxxxxxxxxxxx> > > Signed-off-by: Andrey Albershteyn <aalbersh@xxxxxxxxxx> > --- > fs/file_attr.c | 19 ++++++++++++++++--- > include/linux/lsm_hook_defs.h | 2 ++ > include/linux/security.h | 16 ++++++++++++++++ > security/security.c | 30 ++++++++++++++++++++++++++++++ > 4 files changed, 64 insertions(+), 3 deletions(-) The only thing that gives me a slight pause is that on a set operation we are going to hit both the get and set LSM hooks, but since the code does call into the getter on a set operation this is arguably the right thing. Acked-by: Paul Moore <paul@xxxxxxxxxxxxxx> -- paul-moore.com
