diff options
| author | Stephen Smalley <stephen.smalley.work@gmail.com> | 2025-12-03 14:57:28 -0500 |
|---|---|---|
| committer | Paul Moore <paul@paul-moore.com> | 2026-01-06 17:13:16 -0500 |
| commit | 4f099d09400a190abc12ad3d8fd4e94ebeed57ca (patch) | |
| tree | d1ca4085d965ce69da6cdfe01ffb7e6cabc611d0 /rust | |
| parent | 1c0860d4415d52f3ad1c8e0a15c1272869278a06 (diff) | |
| download | linux-4f099d09400a190abc12ad3d8fd4e94ebeed57ca.tar.gz linux-4f099d09400a190abc12ad3d8fd4e94ebeed57ca.zip | |
nfs: unify security_inode_listsecurity() calls
commit 243fea134633 ("NFSv4.2: fix listxattr to return selinux
security label") introduced a direct call to
security_inode_listsecurity() in nfs4_listxattr(). However,
nfs4_listxattr() already indirectly called
security_inode_listsecurity() via nfs4_listxattr_nfs4_label() if
CONFIG_NFS_V4_SECURITY_LABEL is enabled and the server has the
NFS_CAP_SECURITY_LABEL capability enabled. This duplication was fixed
by commit 9acb237deff7 ("NFSv4.2: another fix for listxattr") by
making the second call conditional on NFS_CAP_SECURITY_LABEL not being
set by the server. However, the combination of the two changes
effectively makes one call to security_inode_listsecurity() in every
case - which is the desired behavior since getxattr() always returns a
security xattr even if it has to synthesize one. Further, the two
different calls produce different xattr name ordering between
security.* and user.* xattr names. Unify the two separate calls into a
single call and get rid of nfs4_listxattr_nfs4_label() altogether.
Link: https://lore.kernel.org/selinux/CAEjxPJ6e8z__=MP5NfdUxkOMQ=EnUFSjWFofP4YPwHqK=Ki5nw@mail.gmail.com/
Signed-off-by: Stephen Smalley <stephen.smalley.work@gmail.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
Diffstat (limited to 'rust')
0 files changed, 0 insertions, 0 deletions