Re: [PATCH v4 3/5] security: Allow all LSMs to provide xattrs for inode_init_security hook

From: Mimi Zohar
Date: Fri Nov 18 2022 - 10:33:53 EST


On Fri, 2022-11-18 at 10:32 +0100, Roberto Sassu wrote:
> > Smack uses multiple xattrs. All file system objects have a SMACK64
> > attribute, which is used for access control. A program file may have
> > a SMACK64EXEC attribute, which is the label the program will run with.
> > A library may have a SMACK64MMAP attribute to restrict loading. A
> > directory may have a SMACK64TRANSMUTE attribute, which modifies the
> > new object creation behavior.
> >
> > The point being that it may be more than a "nice idea" to support
> > multiple xattrs. It's not a hypothetical situation.
>
> Ok, that means that I have to change the number of xattrs reserved by
> Smack in patch 3.

Based on evm_config_default_xattrnames[], there are 4. There's the
original SMACK and these 3 additional ones.

Mimi