mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git
synced 2025-01-16 05:26:07 +00:00
6140be90ec
Add the four syscalls setxattrat(), getxattrat(), listxattrat() and
removexattrat(). Those can be used to operate on extended attributes,
especially security related ones, either relative to a pinned directory
or on a file descriptor without read access, avoiding a
/proc/<pid>/fd/<fd> detour, requiring a mounted procfs.
One use case will be setfiles(8) setting SELinux file contexts
("security.selinux") without race conditions and without a file
descriptor opened with read access requiring SELinux read permission.
Use the do_{name}at() pattern from fs/open.c.
Pass the value of the extended attribute, its length, and for
setxattrat(2) the command (XATTR_CREATE or XATTR_REPLACE) via an added
struct xattr_args to not exceed six syscall arguments and not
merging the AT_* and XATTR_* flags.
[AV: fixes by Christian Brauner folded in, the entire thing rebased on
top of {filename,file}_...xattr() primitives, treatment of empty
pathnames regularized. As the result, AT_EMPTY_PATH+NULL handling
is cheap, so f...(2) can use it]
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Link: https://lore.kernel.org/r/20240426162042.191916-1-cgoettsche@seltendoof.de
Reviewed-by: Arnd Bergmann <arnd@arndb.de>
Reviewed-by: Christian Brauner <brauner@kernel.org>
CC: x86@kernel.org
CC: linux-alpha@vger.kernel.org
CC: linux-kernel@vger.kernel.org
CC: linux-arm-kernel@lists.infradead.org
CC: linux-ia64@vger.kernel.org
CC: linux-m68k@lists.linux-m68k.org
CC: linux-mips@vger.kernel.org
CC: linux-parisc@vger.kernel.org
CC: linuxppc-dev@lists.ozlabs.org
CC: linux-s390@vger.kernel.org
CC: linux-sh@vger.kernel.org
CC: sparclinux@vger.kernel.org
CC: linux-fsdevel@vger.kernel.org
CC: audit@vger.kernel.org
CC: linux-arch@vger.kernel.org
CC: linux-api@vger.kernel.org
CC: linux-security-module@vger.kernel.org
CC: selinux@vger.kernel.org
[brauner: slight tweaks]
Signed-off-by: Christian Brauner <brauner@kernel.org>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
93 lines
3.1 KiB
C
93 lines
3.1 KiB
C
/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
|
|
/*
|
|
File: linux/xattr.h
|
|
|
|
Extended attributes handling.
|
|
|
|
Copyright (C) 2001 by Andreas Gruenbacher <a.gruenbacher@computer.org>
|
|
Copyright (c) 2001-2002 Silicon Graphics, Inc. All Rights Reserved.
|
|
Copyright (c) 2004 Red Hat, Inc., James Morris <jmorris@redhat.com>
|
|
Copyright (c) 2020 Jan (janneke) Nieuwenhuizen <janneke@gnu.org>
|
|
*/
|
|
|
|
#include <linux/libc-compat.h>
|
|
#include <linux/types.h>
|
|
|
|
#ifndef _UAPI_LINUX_XATTR_H
|
|
#define _UAPI_LINUX_XATTR_H
|
|
|
|
#if __UAPI_DEF_XATTR
|
|
#define __USE_KERNEL_XATTR_DEFS
|
|
|
|
#define XATTR_CREATE 0x1 /* set value, fail if attr already exists */
|
|
#define XATTR_REPLACE 0x2 /* set value, fail if attr does not exist */
|
|
|
|
struct xattr_args {
|
|
__aligned_u64 __user value;
|
|
__u32 size;
|
|
__u32 flags;
|
|
};
|
|
#endif
|
|
|
|
/* Namespaces */
|
|
#define XATTR_OS2_PREFIX "os2."
|
|
#define XATTR_OS2_PREFIX_LEN (sizeof(XATTR_OS2_PREFIX) - 1)
|
|
|
|
#define XATTR_MAC_OSX_PREFIX "osx."
|
|
#define XATTR_MAC_OSX_PREFIX_LEN (sizeof(XATTR_MAC_OSX_PREFIX) - 1)
|
|
|
|
#define XATTR_BTRFS_PREFIX "btrfs."
|
|
#define XATTR_BTRFS_PREFIX_LEN (sizeof(XATTR_BTRFS_PREFIX) - 1)
|
|
|
|
#define XATTR_HURD_PREFIX "gnu."
|
|
#define XATTR_HURD_PREFIX_LEN (sizeof(XATTR_HURD_PREFIX) - 1)
|
|
|
|
#define XATTR_SECURITY_PREFIX "security."
|
|
#define XATTR_SECURITY_PREFIX_LEN (sizeof(XATTR_SECURITY_PREFIX) - 1)
|
|
|
|
#define XATTR_SYSTEM_PREFIX "system."
|
|
#define XATTR_SYSTEM_PREFIX_LEN (sizeof(XATTR_SYSTEM_PREFIX) - 1)
|
|
|
|
#define XATTR_TRUSTED_PREFIX "trusted."
|
|
#define XATTR_TRUSTED_PREFIX_LEN (sizeof(XATTR_TRUSTED_PREFIX) - 1)
|
|
|
|
#define XATTR_USER_PREFIX "user."
|
|
#define XATTR_USER_PREFIX_LEN (sizeof(XATTR_USER_PREFIX) - 1)
|
|
|
|
/* Security namespace */
|
|
#define XATTR_EVM_SUFFIX "evm"
|
|
#define XATTR_NAME_EVM XATTR_SECURITY_PREFIX XATTR_EVM_SUFFIX
|
|
|
|
#define XATTR_IMA_SUFFIX "ima"
|
|
#define XATTR_NAME_IMA XATTR_SECURITY_PREFIX XATTR_IMA_SUFFIX
|
|
|
|
#define XATTR_SELINUX_SUFFIX "selinux"
|
|
#define XATTR_NAME_SELINUX XATTR_SECURITY_PREFIX XATTR_SELINUX_SUFFIX
|
|
|
|
#define XATTR_SMACK_SUFFIX "SMACK64"
|
|
#define XATTR_SMACK_IPIN "SMACK64IPIN"
|
|
#define XATTR_SMACK_IPOUT "SMACK64IPOUT"
|
|
#define XATTR_SMACK_EXEC "SMACK64EXEC"
|
|
#define XATTR_SMACK_TRANSMUTE "SMACK64TRANSMUTE"
|
|
#define XATTR_SMACK_MMAP "SMACK64MMAP"
|
|
#define XATTR_NAME_SMACK XATTR_SECURITY_PREFIX XATTR_SMACK_SUFFIX
|
|
#define XATTR_NAME_SMACKIPIN XATTR_SECURITY_PREFIX XATTR_SMACK_IPIN
|
|
#define XATTR_NAME_SMACKIPOUT XATTR_SECURITY_PREFIX XATTR_SMACK_IPOUT
|
|
#define XATTR_NAME_SMACKEXEC XATTR_SECURITY_PREFIX XATTR_SMACK_EXEC
|
|
#define XATTR_NAME_SMACKTRANSMUTE XATTR_SECURITY_PREFIX XATTR_SMACK_TRANSMUTE
|
|
#define XATTR_NAME_SMACKMMAP XATTR_SECURITY_PREFIX XATTR_SMACK_MMAP
|
|
|
|
#define XATTR_APPARMOR_SUFFIX "apparmor"
|
|
#define XATTR_NAME_APPARMOR XATTR_SECURITY_PREFIX XATTR_APPARMOR_SUFFIX
|
|
|
|
#define XATTR_CAPS_SUFFIX "capability"
|
|
#define XATTR_NAME_CAPS XATTR_SECURITY_PREFIX XATTR_CAPS_SUFFIX
|
|
|
|
#define XATTR_POSIX_ACL_ACCESS "posix_acl_access"
|
|
#define XATTR_NAME_POSIX_ACL_ACCESS XATTR_SYSTEM_PREFIX XATTR_POSIX_ACL_ACCESS
|
|
#define XATTR_POSIX_ACL_DEFAULT "posix_acl_default"
|
|
#define XATTR_NAME_POSIX_ACL_DEFAULT XATTR_SYSTEM_PREFIX XATTR_POSIX_ACL_DEFAULT
|
|
|
|
|
|
#endif /* _UAPI_LINUX_XATTR_H */
|