<div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div dir="ltr"><div><div style="font-size:12.8px">Hello everyone,</div><div style="font-size:12.8px"><br></div><div style="font-size:12.8px">In security/security.c (see here:<a href="https://github.com/torvalds/linux/blob/835c92d43b29eb354abdbd5475308a474d7efdfa/security/security.c" target="_blank">https://github.com/torval<wbr>ds/linux/blob/835c92d43b29eb35<wbr>4abdbd5475308a474d7efdfa/<wbr>security/security.c</a>)</div><div style="font-size:12.8px"><br></div><div style="font-size:12.8px">Looking at this:</div><div style="font-size:12.8px"><br></div><div style="font-size:12.8px">int security_inode_listsecurity(st<wbr>ruct inode *inode, char *buffer, size_t buffer_size)</div><div style="font-size:12.8px">{</div><div style="font-size:12.8px"> if (unlikely(IS_PRIVATE(inode)))</div><div style="font-size:12.8px"> return 0;</div><div style="font-size:12.8px"> return call_int_hook(inode_listsecuri<wbr>ty, 0, inode, buffer, buffer_size);</div><div style="font-size:12.8px">}</div><div style="font-size:12.8px">One would expect all stacked security module to be called. However, when looking at this:</div><div style="font-size:12.8px"><br></div><div style="font-size:12.8px">#define call_int_hook(FUNC, IRC, ...) ({ \</div><div style="font-size:12.8px"> int RC = IRC; \</div><div style="font-size:12.8px"> do { \</div><div style="font-size:12.8px"> struct security_hook_list *P; \</div><div style="font-size:12.8px"> \</div><div style="font-size:12.8px"> list_for_each_entry(P, &security_hook_heads.FUNC, list) { \</div><div style="font-size:12.8px"> RC = P->hook.FUNC(__VA_ARGS__); \</div><div style="font-size:12.8px"> if (RC != 0) \</div><div style="font-size:12.8px"> break; \</div><div style="font-size:12.8px"> } \</div><div style="font-size:12.8px"> } while (0); \</div><div style="font-size:12.8px"> RC; \</div><div style="font-size:12.8px">})</div><div style="font-size:12.8px">If one of the module return a non-zero value, the other are not called. That means that the list of security of xattr is not built (or rather that it only contains the first module being called), as the lenght of inserted element is returned. Similarly for setsecurity and getsecurity, it seems that only one module will be called as if the given module does not support the security xattr, it returns -EOPNOTSUPP (instead I believe the next module being called, until one supporting the attribute is met).</div><div style="font-size:12.8px"><br></div><div style="font-size:12.8px">I am aware that LSM stacking is not fully supported yet:</div><div><span style="font-size:12.8px"><a href="https://lwn.net/Articles/635771/" target="_blank">https://lwn.net/Articles/<wbr>635771/</a></span><br></div><div><span style="font-size:12.8px"><a href="https://lwn.net/Articles/697259/" target="_blank">https://lwn.net/Articles/<wbr>697259/</a></span><br></div><div><span style="font-size:12.8px"><br></span></div><div><span style="font-size:12.8px">Here fix setsecurity and getsecurity: <a href="https://github.com/cschaufler/smack-next/blob/next/security/security.c" target="_blank">https://github.<wbr>com/cschaufler/smack-next/<wbr>blob/next/security/security.c</a>; but listsecurity would appear to still not behave as I would expect. However, I may be missing something.</span></div><div style="font-size:12.8px"><br></div><div style="font-size:12.8px">What is the rational here? I could change the code to support multiple security xattr, but don't want to do so before I am sure I understand why it was done like this. Any help is welcome.</div></div><div style="font-size:12.8px"><br></div><div style="font-size:12.8px">Thanks.</div><div style="font-size:12.8px">Thomas</div></div></div></div></div></div>
</div>