diff options
| author | Stephen Smalley <stephen.smalley.work@gmail.com> | 2025-12-03 14:57:28 -0500 |
|---|---|---|
| committer | Anna Schumaker <anna.schumaker@oracle.com> | 2026-02-09 13:39:39 -0500 |
| commit | fdc0396b3cc05dc9b678627af23c3fdc7dbe930e (patch) | |
| tree | 6b77fac7828887624816042cf533980fb017191f /tools | |
| parent | 42e7c876b182da65723700f6bc507a8aecb10d3b (diff) | |
nfs: unify security_inode_listsecurity() calls
commit 243fea134633 ("NFSv4.2: fix listxattr to return selinux
security label") introduced a direct call to
security_inode_listsecurity() in nfs4_listxattr(). However,
nfs4_listxattr() already indirectly called
security_inode_listsecurity() via nfs4_listxattr_nfs4_label() if
CONFIG_NFS_V4_SECURITY_LABEL is enabled and the server has the
NFS_CAP_SECURITY_LABEL capability enabled. This duplication was fixed
by commit 9acb237deff7 ("NFSv4.2: another fix for listxattr") by
making the second call conditional on NFS_CAP_SECURITY_LABEL not being
set by the server. However, the combination of the two changes
effectively makes one call to security_inode_listsecurity() in every
case - which is the desired behavior since getxattr() always returns a
security xattr even if it has to synthesize one. Further, the two
different calls produce different xattr name ordering between
security.* and user.* xattr names. Unify the two separate calls into a
single call and get rid of nfs4_listxattr_nfs4_label() altogether.
Link: https://lore.kernel.org/selinux/CAEjxPJ6e8z__=MP5NfdUxkOMQ=EnUFSjWFofP4YPwHqK=Ki5nw@mail.gmail.com/
Signed-off-by: Stephen Smalley <stephen.smalley.work@gmail.com>
Signed-off-by: Anna Schumaker <anna.schumaker@oracle.com>
Diffstat (limited to 'tools')
0 files changed, 0 insertions, 0 deletions