| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 11 Jul 2016 12:56:59 -0400 From: Vivek Goyal <vgoyal@...hat.com> To: Stephen Smalley <sds@...ho.nsa.gov> Cc: miklos@...redi.hu, pmoore@...hat.com, casey@...aufler-ca.com, linux-kernel@...r.kernel.org, linux-unionfs@...r.kernel.org, linux-security-module@...r.kernel.org, dwalsh@...hat.com, dhowells@...hat.com, viro@...IV.linux.org.uk, linux-fsdevel@...r.kernel.org Subject: Re: [PATCH 3/7] security,overlayfs: Provide security hook for copy up of xattrs for overlay file On Mon, Jul 11, 2016 at 11:31:47AM -0400, Stephen Smalley wrote: > On 07/08/2016 12:19 PM, Vivek Goyal wrote: > > Provide a security hook which is called when xattrs of a file are being > > copied up. This hook is called once for each xattr and LSM can return 0 > > to access the xattr, 1 to reject xattr, -EOPNOTSUPP if none of the lsms > > claim to know xattr and a negative error code if something went terribly > > wrong. > > 0 if the security module wants the xattr to be copied up, 1 if the > security module wants the xattr to be discarded on the copy, -EOPNOTSUPP > if the security module does not handle/manage the xattr, or a -errno > upon an error. Ok, will change the description. > > > > > If 0 or -EOPNOTSUPP is returned, xattr will be copied up, if 1 is returned, > > xattr will not be copied up and if negative error code is returned, copy up > > will be aborted. > > Not sure I understand the benefit of the 0 vs -EOPNOTSUPP distinction. I am not sure either. Casey wanted to have four states so I introduced it. Thanks Vivek
Powered by blists - more mailing lists