Linux Security Module listsecurity (and security xattr hooks) only one called?

Greg KH greg at kroah.com
Tue Sep 6 08:12:57 EDT 2016 

On Tue, Sep 06, 2016 at 07:05:54AM -0400, Pasquier, Thomas wrote:
> Hello everyone,
> 
> In security/security.c (see here:https://github.com/torvalds/linux/blob/
> 835c92d43b29eb354abdbd5475308a474d7efdfa/security/security.c)
> 
> Looking at this:
> 
> int security_inode_listsecurity(struct inode *inode, char *buffer, size_t
> buffer_size)
> {
>     if (unlikely(IS_PRIVATE(inode)))
>         return 0;
>     return call_int_hook(inode_listsecurity, 0, inode, buffer, buffer_size);
> }
> One would expect all stacked security module to be called. However, when
> looking at this:
> 
> #define call_int_hook(FUNC, IRC, ...) ({            \
>     int RC = IRC;                       \
>     do {                            \
>         struct security_hook_list *P;           \
>                                 \
>         list_for_each_entry(P, &security_hook_heads.FUNC, list) { \
>             RC = P->hook.FUNC(__VA_ARGS__);     \
>             if (RC != 0)                \
>                 break;              \
>         }                       \
>     } while (0);                        \
>     RC;                         \
> })
> If one of the module return a non-zero value, the other are not called. That
> means that the list of security of xattr is not built (or rather that it only
> contains the first module being called), as the lenght of inserted element is
> returned. Similarly for setsecurity and getsecurity, it seems that only one
> module will be called as if the given module does not support the security
> xattr, it returns -EOPNOTSUPP (instead I believe the next module being called,
> until one supporting the attribute is met).
> 
> I am aware that LSM stacking is not fully supported yet:
> https://lwn.net/Articles/635771/
> https://lwn.net/Articles/697259/
> 
> Here fix setsecurity and getsecurity: https://github.com/cschaufler/smack-next/
> blob/next/security/security.c; but listsecurity would appear to still not
> behave as I would expect. However, I may be missing something.
> 
> What is the rational here? I could change the code to support multiple security
> xattr, but don't want to do so before I am sure I understand why it was done
> like this. Any help is welcome.

Why not ask on the linux-security mailing list where the developers of
this code live?

good luck!

greg k-h

More information about the Kernelnewbies mailing list