You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
[x] fs/cachefiles/xattr.c
Doesn't retrieve posix acls.
[x] fs/cachefiles/xattr.c
Doesn't retrieve posix acls.
[x] fs/ksmbd/vfs.c: return vfs_getxattr(user_ns, dentry, xattr_name, NULL, 0);
Doesn't allow the retrieval of posix acls.
The xattrs it retrieves are restricted to user.* xattrs.
The specific helpers are ksmbd_vfs_getcasexattr() which is called to
retrieve XATTR_NAME_STREAM which is XATTR_USER_PREFIX + STREAM_PREFIX.
And ksmbd_vfs_getxattr() which is limited to XATTR_USER_PREFIX and calls to
retrieve XATTR_NAME_SD and XATTR_NAME_DOS_ATTRIBUTE.
[x] fs/ksmbd/vfs.c: xattr_len = vfs_getxattr(user_ns, dentry, xattr_name,
Doesn't allow the retrieval of posix acls.
The xattrs it retrieves are restricted to user.* xattrs.
[x] fs/nfsd/vfs.c: if (vfs_getxattr(&init_user_ns, dentry, NFSD_JUNCTION_XATTR_NAME,
Only retrieves NFSD_JUNCTION_XATTR_NAME.
[x] nfsd_getxattr()
[x] fs/nfsd/vfs.c: len = vfs_getxattr(&init_user_ns, dentry, name, NULL, 0);
Seems to just retrieve user.* xattr.
[x] fs/nfsd/vfs.c: len = vfs_getxattr(&init_user_ns, dentry, name, buf, len);
Seems to just retrieve user.* xattr.
[x] fs/xattr.c:vfs_getxattr(struct user_namespace *mnt_userns, struct dentry *dentry,
Irrelevant as it's just the definition.
[x] fs/xattr.c: error = vfs_getxattr(mnt_userns, d, kname, ctx->kvalue, ctx->size);
Irrelevant as this is just the syscall entrypoint where we already defer to vfs_get_acl().
[x] include/linux/xattr.h:ssize_t vfs_getxattr(struct user_namespace *, struct dentry *, const char *,
Irrelevant as it's just the declaration.
[x] security/commoncap.c: * return -EOPNOTSUPP, then vfs_getxattr() will call the i_op handler.
Irrelevant as vfs_getxattr() is just mentioned in a comment.
[x] security/integrity/evm/evm_crypto.c: user_space_size = vfs_getxattr(&init_user_ns, dentry,
Doesn't allow the retrieval of posix acls.
The xattrs it retrieves are restricted to security.* xattrs in
evm_calc_hmac_or_hash().
__vfs_getxattr()
[-] fs/ecryptfs/inode.c: rc = __vfs_getxattr(lower_dentry, lower_inode, name, value, size);
This is used to retrieve posix acls.
[x] fs/ecryptfs/mmap.c: size = __vfs_getxattr(lower_dentry, lower_inode, ECRYPTFS_XATTR_NAME,
Doesn't allow the retrieval of posix acls.
[x] fs/xattr.c:__vfs_getxattr(struct dentry *dentry, struct inode *inode, const char *name,
Irrelevant as it's just the definition.
[x] fs/xattr.c: error = __vfs_getxattr(dentry, inode, name, value, size);
Irrelevant as it's called by vfs_getxattr() and we audited these callchains
further above.
[x] include/linux/xattr.h:ssize_t __vfs_getxattr(struct dentry *, struct inode *, const char *, void *, size_t);
Irrelevant as it's just the declaration.
[x] security/commoncap.c: error = __vfs_getxattr(dentry, inode, XATTR_NAME_CAPS, NULL, 0);
Doesn't allow the retrieval of posix acls.
[x] security/commoncap.c: size = __vfs_getxattr((struct dentry *)dentry, inode,
Doesn't allow the retrieval of posix acls.
[x] security/integrity/evm/evm_main.c: error = __vfs_getxattr(dentry, inode, xattr->name, NULL, 0);
Doesn't allow the retrieval of posix acls.
The xattrs it retrieves are restricted to security.* xattrs that are added
to the global evm_config_xattrnames list. This list is modifiable via
/sys/security/integrity/evm/evm_xattrs. The write to the "evm_xattrs" file
is restricted to the security.* namespace in evm_write_xattrs().
[x] security/integrity/evm/evm_main.c: rc = __vfs_getxattr(dentry, d_backing_inode(dentry),
Doesn't allow the retrieval of posix acls.
The xattrs it retrieves are restricted to security.* xattrs that are added
to the global evm_config_xattrnames list. This list is modifiable via
/sys/security/integrity/evm/evm_xattrs. The write to the "evm_xattrs" file
is restricted to the security.* namespace in evm_write_xattrs().
[x] security/integrity/evm/evm_main.c: rc = __vfs_getxattr(dentry,
Doesn't allow the retrieval of posix acls.
The xattrs it retrieves are restricted to security.* xattrs that are added
to the global evm_config_xattrnames list. This list is modifiable via
/sys/security/integrity/evm/evm_xattrs. The write to the "evm_xattrs" file
is restricted to the security.* namespace in evm_write_xattrs().
[x] security/selinux/hooks.c: rc = __vfs_getxattr(root, root_inode, XATTR_NAME_SELINUX, NULL, 0);
Doesn't allow the retrieval of posix acls.
[x] security/selinux/hooks.c: rc = __vfs_getxattr(dentry, inode, XATTR_NAME_SELINUX, context, len);
Doesn't allow the retrieval of posix acls.
[x] security/selinux/hooks.c: rc = __vfs_getxattr(dentry, inode, XATTR_NAME_SELINUX, NULL, 0);
Doesn't allow the retrieval of posix acls.
[x] security/selinux/hooks.c: rc = __vfs_getxattr(dentry, inode, XATTR_NAME_SELINUX,
Doesn't allow the retrieval of posix acls.
[x] smk_fetch()
[x] security/smack/smack_lsm.c: rc = __vfs_getxattr(dp, ip, name, buffer, SMK_LONGLABEL);
Doesn't allow the retrieval of posix acls.
[x] security/smack/smack_lsm.c: rc = __vfs_getxattr(dp, inode,
Doesn't allow the retrieval of posix acls.
vfs_getxattr_alloc()
[x] fs/xattr.c: * vfs_getxattr_alloc - allocate memory, if necessary, before calling getxattr
Irrelevant as it's just a comment.
[x] fs/xattr.c:vfs_getxattr_alloc(struct user_namespace *mnt_userns, struct dentry *dentry,
Irrelevant as it's just the definition.
[x] include/linux/xattr.h:ssize_t vfs_getxattr_alloc(struct user_namespace *mnt_userns,
Irrelevant as it's just the declaration.
[-] security/apparmor/domain.c: size = vfs_getxattr_alloc(&init_user_ns, d, profile->xattrs[i],
So this is crazy:
/* Find the "best" matching profile. Profiles must
* match the path and extended attributes (if any)
* associated with the file. A more specific path
* match will be preferred over a less specific one,
* and a match with more matching extended attributes
* will be preferred over one with fewer. If the best
* match has both the same level of path specificity
* and the same number of matching extended attributes
* as another profile, signal a conflict and refuse to
* match.
*/
basically AppArmor allows to match any xattr name and value. Using
vfs_getxattr_alloc() to compare them. This doesn't work for
system.posix_acl_{access,default} or security.capability or basically any
xattr that stores a value in binary format. For security.capability and
system.posix_acl_{access,default} it's even more problematic as they store
{g,u}id_t values which need to be mapped according to the fs_idmapping and
mnt_idmapping. For security.capability not even the fs_idmapping is taken
into account when calling vfs_getxattr_alloc().
[x] security/commoncap.c: * Note we are not called by vfs_getxattr_alloc(), but that is only called
Irrelevant as it's just a comment.
[x] security/commoncap.c: ret = (int)vfs_getxattr_alloc(mnt_userns, dentry, XATTR_NAME_CAPS,
Doesn't allow the retrieval of posix acls.
[x] security/integrity/evm/evm_crypto.c: size = vfs_getxattr_alloc(&init_user_ns, dentry, xattr->name,
Doesn't allow the retrieval of posix acls.
The xattrs it retrieves are restricted to security.* xattrs that are added
to the global evm_config_xattrnames list. This list is modifiable via
/sys/security/integrity/evm/evm_xattrs. The write to the "evm_xattrs" file
is restricted to the security.* namespace in evm_write_xattrs().
[x] security/integrity/evm/evm_crypto.c: rc = vfs_getxattr_alloc(&init_user_ns, dentry, XATTR_NAME_EVM,
Doesn't allow the retrieval of posix acls.
[x] security/integrity/evm/evm_main.c: rc = vfs_getxattr_alloc(&init_user_ns, dentry, XATTR_NAME_EVM,
Doesn't allow the retrieval of posix acls.
[x] security/integrity/evm/evm_main.c: rc = vfs_getxattr_alloc(&init_user_ns, dentry, xattr_name, &xattr_data,
Doesn't allow the retrieval of posix acls.
[x] security/integrity/ima/ima_appraise.c: ret = vfs_getxattr_alloc(&init_user_ns, dentry, XATTR_NAME_IMA,
Doesn't allow the retrieval of posix acls.
[x] security/integrity/ima/ima_template_lib.c: rc = vfs_getxattr_alloc(&init_user_ns, file_dentry(event_data->file),
Doesn't allow the retrieval of posix acls.
security_inode_getxattr()
[x] security/selinux/hooks.c: * Permission check is handled by selinux_inode_getxattr hook.
Irrelevant as it's just a comment.
[x] security/smack/smack_lsm.c: * smack_inode_getxattr - Smack check on getxattr
Irrelevant as it's just a comment.
[x] fs/xattr.c: error = security_inode_getxattr(dentry, name);
Irrelevant as it's just called from vfs_getxattr().
[x] include/linux/security.h:int security_inode_getxattr(struct dentry *dentry, const char *name);
Irrelevant as it's just the declaration.
[x] include/linux/security.h:static inline int security_inode_getxattr(struct dentry *dentry,
Irrelevant as it's just the declaration.
[x] kernel/bpf/bpf_lsm.c:BTF_ID(func, bpf_lsm_inode_getxattr)
Irrelevant as it's just the LSM hook definition.
[x] security/selinux/hooks.c: LSM_HOOK_INIT(inode_getxattr, selinux_inode_getxattr),
Irrelevant as it's just the LSM hook definition.
[x] security/smack/smack_lsm.c: LSM_HOOK_INIT(inode_getxattr, smack_inode_getxattr),
Irrelevant as it's just the LSM hook definition.
[x] security/security.c:int security_inode_getxattr(struct dentry *dentry, const char *name)
Irrelevant as it's just the LSM hook definition.
[-] security/selinux/hooks.c:static int selinux_inode_getxattr(struct dentry *dentry, const char *name)
Does place generic requirements on the hook.
[-] security/smack/smack_lsm.c:static int smack_inode_getxattr(struct dentry *dentry, const char *name)
Does place generic requirements on the hook.
vfs_setxattr()
[x] fs/cachefiles/xattr.c: ret = vfs_setxattr(&init_user_ns, dentry, cachefiles_xattr_cache,
Doesn't allow the setting of posix acls.
[x] fs/cachefiles/xattr.c: ret = vfs_setxattr(&init_user_ns, dentry, cachefiles_xattr_cache,
Doesn't allow the setting of posix acls.
[x] fs/ksmbd/vfs.c: err = vfs_setxattr(user_ns,
[x] ksmbd_vfs_setxattr()
Doesn't allow the setting of posix acls.
[x] ksmbd_vfs_set_dos_attrib_xattr()
Doesn't allow the setting of posix acls.
Only allows settings XATTR_NAME_DOS_ATTRIBUTE.
[x] smb2_rename()
Doesn't allow the setting of posix acls.
Only allows settings XATTR_NAME_STREAM.
[x] ksmbd_vfs_stream_write()
Doesn't allow the setting of posix acls.
Only allows settings XATTR_NAME_STREAM.
[x] ksmbd_vfs_set_sd_xattr()
Doesn't allow the setting of posix acls.
Only allows settings XATTR_NAME_SD.
[x] smb2_set_ea()
Doesn't allow the setting of posix acls.
Only allows settings XATTR_NAME_USER_PREFIX.
[x] smb2_set_stream_name_xattr()
Doesn't allow the setting of posix acls.
Only allows settings XATTR_NAME_STREAM.
[-] fs/overlayfs/overlayfs.h: int err = vfs_setxattr(ovl_upper_mnt_userns(ofs), dentry, name,
[ ] ovl_do_setxattr()
[DONE] ovl_copy_xattr()
Does allow setting posix acls so needs to be changed but seems
straightforward.
[x] ovl_copy_up_meta_inode_data()
Doesn't allow the setting of posix acls.
Only allows settings XATTR_NAME_CAPS.
[DONE] ovl_set_upper_acl()
Does allow setting posix acls so needs to be changed but seems
straightforward.
[ ] ovl_xattr_set()
Does allow setting posix acls so needs to be changed.
[x] ovl_setxattr()
Doesn't allow the setting of posix acls.
Only allow setting overlayfs specific xattrs.
[x] fs/xattr.c:vfs_setxattr(struct user_namespace *mnt_userns, struct dentry *dentry,
Irrelevant as it's just the definition.
[x] fs/xattr.c: return vfs_setxattr(mnt_userns, dentry, ctx->kname->name, ctx->kvalue,
Irrelevant as it's just the call from do_setxattr().
[x] include/linux/xattr.h:int vfs_setxattr(struct user_namespace *, struct dentry *, const char *,
Irrelevant as it's just the declaration.
__vfs_setxattr()
[x] fs/btrfs/xattr.c: * smack_d_instantiate(), which in turn calls __vfs_setxattr() to
Irrelevant as it's just a comment.
[x] fs/ecryptfs/crypto.c: rc = __vfs_setxattr(&init_user_ns, lower_dentry, lower_inode,
Doesn't allow the setting of posix acls.
Only allows setting ECRYPTFS_XATTR_NAME.
[x] fs/ecryptfs/mmap.c: rc = __vfs_setxattr(&init_user_ns, lower_dentry, lower_inode,
Doesn't allow the setting of posix acls.
Only allows setting ECRYPTFS_XATTR_NAME.
[x] fs/xattr.c:__vfs_setxattr(struct user_namespace *mnt_userns, struct dentry *dentry,
irrelevant as it's just the definition.
[x] fs/xattr.c: error = __vfs_setxattr(mnt_userns, dentry, inode, name, value,
Irrelevant as it's just called from vfs_setxattr().
[x] include/linux/xattr.h:int __vfs_setxattr(struct user_namespace *, struct dentry *, struct inode *,
Irrelevant as it's just the declaration.
[x] security/smack/smack_lsm.c: rc = __vfs_setxattr(&init_user_ns, dp, inode,
Doesn't allow the setting of posix acls.
Only allows setting XATTR_NAME_SMACKTRANSMUTE.
__vfs_setxattr_noperm()
[x] fs/xattr.c:int __vfs_setxattr_noperm(struct user_namespace *mnt_userns,
irrelevant as it's just the definition.
[x] fs/xattr.c: error = __vfs_setxattr_noperm(mnt_userns, dentry, name, value,
irrelevant as it's just the called from __vfs_setxattr_locked().
[x] include/linux/xattr.h:int __vfs_setxattr_noperm(struct user_namespace *, struct dentry *,
irrelevant as it's just the declaration.
[x] security/integrity/evm/evm_crypto.c: rc = __vfs_setxattr_noperm(&init_user_ns, dentry,
Doesn't allow the setting of posix acls.
Only allows setting XATTR_NAME_EVM.
[x] security/integrity/evm/evm_main.c: * __vfs_setxattr_noperm(). The caller of which has taken the inode's
irrelevant as it's just a comment.
[x] security/integrity/ima/ima_appraise.c: rc = __vfs_setxattr_noperm(&init_user_ns, dentry, XATTR_NAME_IMA,
Doesn't allow the setting of posix acls.
Only allows setting XATTR_NAME_IMA.
[x] security/selinux/hooks.c: return __vfs_setxattr_noperm(&init_user_ns, dentry, XATTR_NAME_SELINUX,
Doesn't allow the setting of posix acls.
Only allows setting XATTR_NAME_SELINUX.
[x] security/smack/smack_lsm.c: return __vfs_setxattr_noperm(&init_user_ns, dentry, XATTR_NAME_SMACK,
Doesn't allow the setting of posix acls.
Only allows setting XATTR_NAME_SMACK.
__vfs_setxattr_locked()
[-] fs/ecryptfs/inode.c: rc = __vfs_setxattr_locked(&init_user_ns, lower_dentry, name, value, size, flags, NULL);
This is used to set posix acls.
[x] fs/nfsd/vfs.c: ret = __vfs_setxattr_locked(&init_user_ns, fhp->fh_dentry, name, buf,
Seems to just set user.* xattr.
[x] fs/xattr.c: * __vfs_setxattr_locked - set an extended attribute while holding the inode
irrelevant as it's just a comment.
[x] fs/xattr.c:__vfs_setxattr_locked(struct user_namespace *mnt_userns, struct dentry *dentry,
irrelevant as it's just the declaration.
[x] fs/xattr.c:EXPORT_SYMBOL_GPL(__vfs_setxattr_locked);
irrelevant as it's just a symbol export.
[x] fs/xattr.c: error = __vfs_setxattr_locked(mnt_userns, dentry, name, value, size,
Irrelevant as it's just called from vfs_setxattr().
[x] include/linux/xattr.h:int __vfs_setxattr_locked(struct user_namespace *, struct dentry *,
irrelevant as it's just the declaration.
security_inode_setxattr()
[x] commoncap.c: * cap_inode_setxattr - Determine whether an xattr may be altered
irrelevant as it's just a comment.
[x] integrity/evm/evm_main.c: * implements evm_inode_setxattr, evm_inode_post_setxattr,
irrelevant as it's just a comment.
[x] integrity/evm/evm_main.c: * evm_inode_setxattr - protect the EVM extended attribute
irrelevant as it's just a comment.
[x] smack/smack_lsm.c: * smack_inode_setxattr - Smack check for setting xattrs
irrelevant as it's just a comment.
[x] selinux/hooks.c: LSM_HOOK_INIT(inode_setxattr, selinux_inode_setxattr),
Irrelevant as this is just the LSM hook definition.
[x] smack/smack_lsm.c: LSM_HOOK_INIT(inode_setxattr, smack_inode_setxattr),
Irrelevant as this is just the LSM hook definition.
[x] commoncap.c:int cap_inode_setxattr(struct dentry *dentry, const char *name,
Doesn't restrict posix acls.
Only deals with XATTR_SECURITY_PREFIX.
[x] selinux/hooks.c: rc = cap_inode_setxattr(dentry, name, value, size, flags);
Doesn't restrict posix acls.
Only deals with XATTR_SECURITY_PREFIX.
This is just cap_inode_setxattr() being called from selinux_inode_setxattr().
[x] smack/smack_lsm.c: rc = cap_inode_setxattr(dentry, name, value, size, flags);
Doesn't restrict posix acls.
Only deals with XATTR_SECURITY_PREFIX.
This is just cap_inode_setxattr() being called from smack_inode_setxattr().
[x] security.c:int security_inode_setxattr(struct user_namespace *mnt_userns,
This is just the generic LSM hook.
[x] security.c: return evm_inode_setxattr(mnt_userns, dentry, name, value, size);
This is just being called from security_inode_setxattr().
[x] security.c: ret = cap_inode_setxattr(dentry, name, value, size, flags);
This is just being called from security_inode_setxattr().
Doesn't restrict posix acls.
Only deals with XATTR_SECURITY_PREFIX.
[x] security.c: ret = ima_inode_setxattr(dentry, name, value, size);
This is just being called from security_inode_setxattr().
[x] integrity/ima/ima_appraise.c:int ima_inode_setxattr(struct dentry *dentry, const char *xattr_name,
IMA accidently operates on posix acls. I've explained the bug and requested
for it to be fixed in:
https://lore.kernel.org/linux-integrity/20220817163152.g3ejdtzmp5df6m2x@wittgenstein
[-] selinux/hooks.c:static int selinux_inode_setxattr(struct user_namespace *mnt_userns,
Doesn't restrict posix acls but needs to be called as it calls
dentry_has_perm().
[-] smack/smack_lsm.c:static int smack_inode_setxattr(struct user_namespace *mnt_userns,
Doesn't restrict posix acls but needs to be called as it checks generic
permissions.
[-] integrity/evm/evm_main.c:int evm_inode_setxattr(struct user_namespace *mnt_userns, struct dentry *dentry,
-> evm_protect_xattr()
-> evm_protected_xattr()
-> evm_protected_xattr_common()
-> evm_xattr_change()
-> evm_xattr_acl_change()
-> posix_acl_from_xattr(void * -> struct posix_acl)
-> posix_acl_update_mode()
This operates on posix acls in a sane way. It converts from the uapi
struct to the kernel internal struct posix_acl to check the inode's
mode against the mode in the posix acl.
security_inode_post_setxattr()
[x] security/integrity/evm/evm_main.c: * implements evm_inode_setxattr, evm_inode_post_setxattr,
Irrelevant as it's just a comment.
[x] security/integrity/evm/evm_main.c: * evm_inode_post_setxattr - update 'security.evm' to reflect the changes
Irrelevant as it's just a comment.
[x] security/smack/smack_lsm.c: * smack_inode_post_setxattr - Apply the Smack update approved above
Irrelevant as it's just a comment.
[x] include/linux/evm.h:extern void evm_inode_post_setxattr(struct dentry *dentry,
Irrelevant as it's just the declaration.
[x] include/linux/evm.h:static inline void evm_inode_post_setxattr(struct dentry *dentry,
Irrelevant as it's just the declaration.
[x] include/linux/security.h:void security_inode_post_setxattr(struct dentry *dentry, const char *name,
Irrelevant as it's just the declaration.
[x] include/linux/security.h:static inline void security_inode_post_setxattr(struct dentry *dentry,
Irrelevant as it's just the declaration.
[x] kernel/bpf/bpf_lsm.c:BTF_ID(func, bpf_lsm_inode_post_setxattr)
Irrelevant as it's just the LSM hook definition.
[x] security/selinux/hooks.c: LSM_HOOK_INIT(inode_post_setxattr, selinux_inode_post_setxattr),
Irrelevant as it's just the LSM hook definition.
[x] security/smack/smack_lsm.c: LSM_HOOK_INIT(inode_post_setxattr, smack_inode_post_setxattr),
Irrelevant as it's just the LSM hook definition.
[x] fs/xattr.c: security_inode_post_setxattr(dentry, name, value,
Irrelevant as this is just called in __vfs_setxattr_noperm().
[x] security/security.c:void security_inode_post_setxattr(struct dentry *dentry, const char *name,
Irrelevant as this is just the main LSM function which calls the individual hooks.
[x] security/security.c: evm_inode_post_setxattr(dentry, name, value, size);
Irrelevant as this is just being called from security_inode_post_setxattr().
[x] security/selinux/hooks.c:static void selinux_inode_post_setxattr(struct dentry *dentry, const char *name,
Doesn't deal with posix acls.
Only deals with XATTR_NAME_SELINUX.
[x] security/smack/smack_lsm.c:static void smack_inode_post_setxattr(struct dentry *dentry, const char *name,
Doesn't deal with posix acls.
Only deals with XATTR_NAME_SMACK*.
[-] security/integrity/evm/evm_main.c:void evm_inode_post_setxattr(struct dentry *dentry, const char *xattr_name,
-> evm_update_evmxattr()
-> evm_calc_hmac()
-> evm_calc_hmac_or_hash()
Doesn't operate on posix acls.
The xattrs it operates on are restricted to security.* xattrs that
are added to the global evm_config_xattrnames list. This list is
modifiable via /sys/security/integrity/evm/evm_xattrs. The write to
the "evm_xattrs" file is restricted to the security.* namespace in
evm_write_xattrs().
But the hmac is still updated so we need to call
evm_update_evmxattr() in vfs_set_acl().
vfs_removexattr()
[x] security/integrity/evm/evm_main.c: * vfs_removexattr() which takes the i_mutex.
Irrelevant as it's just a comment.
[x] fs/xattr.c:EXPORT_SYMBOL_GPL(vfs_removexattr);
Irrelevant as it's just a symbol export.
[x] fs/cachefiles/xattr.c: ret = vfs_removexattr(&init_user_ns, dentry, cachefiles_xattr_cache);
Doesn't operate on posix acls.
[x] include/linux/xattr.h:int vfs_removexattr(struct user_namespace *, struct dentry *, const char *);
Irrelevant as it's just the declaration.
[x] fs/xattr.c:vfs_removexattr(struct user_namespace *mnt_userns, struct dentry *dentry,
Irrelevant as it's just the definition.
[x] fs/xattr.c: return vfs_removexattr(mnt_userns, d, kname);
Irrelevant as it's just called from removexattr().
[-] fs/ksmbd/vfs.c: return vfs_removexattr(user_ns, dentry, attr_name);
[-] ksmbd_vfs_remove_xattr()
[x] smb2_set_ea()
Doesn't operate on posix acls.
Only allows settings XATTR_NAME_USER_PREFIX.
[x] smb2_remove_smb_xattrs()
Doesn't operate on posix acls.
Only operates on XATTR_USEE_PREFIX, DOS_ATTRIBUTE_PREFIX, STREAM_PREFIX.
[x] ksmbd_vfs_remove_sd_xattrs()
Doesn't operate on posix acls.
Only operates on XATTR_NAME_SD.
[DONE] ksmbd_vfs_remove_acl_xattrs()
Operates on posix acls. Should be switched to vfs_remove_acl().
[x] __ksmbd_inode_close()
Doesn't operate on posix acls.
Only operates on stream xattr.
[ ] fs/overlayfs/overlayfs.h: int err = vfs_removexattr(ovl_upper_mnt_userns(ofs), dentry, name);
[x] ovl_removexattr()
Doesn't operate on posix acls.
[DONE] ovl_do_removexattr()
[DONE] ovl_xattr_set()
Operates on posix acls.
Operates on posix acls. Should be switched to vfs_remove_acl().
[DONE] ovl_workdir_create()
Operates on posix acls. Should be switched to vfs_remove_acl().
__vfs_removexattr_locked()
[x] fs/xattr.c: * __vfs_removexattr_locked - set an extended attribute while holding the inode
Irrelevant as it's just a comment.
[x] fs/xattr.c:EXPORT_SYMBOL_GPL(__vfs_removexattr_locked);
Irrelevant as it's just a symbol export.
[x] include/linux/xattr.h:int __vfs_removexattr_locked(struct user_namespace *, struct dentry *,
Irrelevant as it's just the declaration.
[x] fs/xattr.c:__vfs_removexattr_locked(struct user_namespace *mnt_userns,
Irrelevant as it's just the definition.
[x] fs/xattr.c: error = __vfs_removexattr_locked(mnt_userns, dentry,
Irrelevant as it's just called from vfs_removexattr().
[x] fs/nfsd/vfs.c: ret = __vfs_removexattr_locked(&init_user_ns, fhp->fh_dentry,
Doesn't operate on posix acls.
Only operates on user.* xattrs.
__vfs_removexattr()
[x] include/linux/xattr.h:int __vfs_removexattr(struct user_namespace *, struct dentry *, const char *);
Irrelevant as it's just the declaration.
[x] fs/xattr.c:__vfs_removexattr(struct user_namespace *mnt_userns, struct dentry *dentry,
Irrelevant as it's just the definition.
[x] fs/xattr.c: error = __vfs_removexattr(mnt_userns, dentry, name);
Irrelevant as it's just called from __vfs_removexattr_locked().
[x] security/commoncap.c: error = __vfs_removexattr(mnt_userns, dentry, XATTR_NAME_CAPS);
Doesn't operate on posix acls.
Only operates on security.capability xattrs.
[x] security/integrity/evm/evm_crypto.c: rc = __vfs_removexattr(&init_user_ns, dentry, XATTR_NAME_EVM);
Doesn't operate on posix acls.
Only operates on XATTR_NAME_EVM.
[DONE] fs/ecryptfs/inode.c: rc = __vfs_removexattr(&init_user_ns, lower_dentry, name);
This is used to operate on posix acls.
security_inode_removexattr()
[x] include/linux/evm.h:extern int evm_inode_removexattr(struct user_namespace *mnt_userns,
Irrelevant as it's just the declaration.
[x] include/linux/evm.h:static inline int evm_inode_removexattr(struct user_namespace *mnt_userns,
Irrelevant as it's just the declaration.
[x] include/linux/ima.h:extern int ima_inode_removexattr(struct dentry *dentry, const char *xattr_name);
Irrelevant as it's just the declaration.
[x] include/linux/ima.h:static inline int ima_inode_removexattr(struct dentry *dentry,
Irrelevant as it's just the declaration.
[x] include/linux/security.h:int cap_inode_removexattr(struct user_namespace *mnt_userns,
Irrelevant as it's just the declaration.
[x] include/linux/security.h:int security_inode_removexattr(struct user_namespace *mnt_userns,
Irrelevant as it's just the declaration.
[x] include/linux/security.h:static inline int security_inode_removexattr(struct user_namespace *mnt_userns,
Irrelevant as it's just the declaration.
[x] security/commoncap.c: * cap_inode_removexattr - Determine whether an xattr may be removed
Irrelevant as it's just a comment.
[x] security/integrity/evm/evm_main.c: * evm_inode_removexattr, evm_verifyxattr, and evm_inode_set_acl.
Irrelevant as it's just a comment.
[x] security/integrity/evm/evm_main.c: * evm_inode_removexattr - protect the EVM extended attribute
Irrelevant as it's just a comment.
[x] security/smack/smack_lsm.c: * smack_inode_removexattr - Smack check on removexattr
Irrelevant as it's just a comment.
[x] security/selinux/hooks.c: LSM_HOOK_INIT(inode_removexattr, selinux_inode_removexattr),
Irrelevant as it's just a symbol export.
[x] security/smack/smack_lsm.c: LSM_HOOK_INIT(inode_removexattr, smack_inode_removexattr),
Irrelevant as it's just a symbol export.
[x] include/linux/security.h: return cap_inode_removexattr(mnt_userns, dentry, name);
Irrelevant as it's just called from security_inode_removexattr().
[x] security/security.c: ret = cap_inode_removexattr(mnt_userns, dentry, name);
Irrelevant as it's just called from security_inode_removexattr().
[x] fs/xattr.c: error = security_inode_removexattr(mnt_userns, dentry, name);
Irrelevant as it's just called from __vfs_removexattr_locked().
[x] security/commoncap.c:int cap_inode_removexattr(struct user_namespace *mnt_userns,
Doesn't operate on posix acls.
Only operates on security.* xattrs.
[x] security/selinux/hooks.c: int rc = cap_inode_removexattr(mnt_userns, dentry, name);
Irrelevant as it's just called from selinux_inode_removexattr()
[x] security/smack/smack_lsm.c: rc = cap_inode_removexattr(mnt_userns, dentry, name);
Irrelevant as it's just called from smack_inode_removexattr()
[x] security/security.c: ret = ima_inode_removexattr(dentry, name);
Irrelevant as it's just called from security_inode_removexattr().
[x] security/security.c: return evm_inode_removexattr(mnt_userns, dentry, name);
Irrelevant as it's just called from security_inode_removexattr().
[-] security/security.c:int security_inode_removexattr(struct user_namespace *mnt_userns,
[-] security/integrity/ima/ima_appraise.c:int ima_inode_removexattr(struct dentry *dentry, const char *xattr_name)
Doesn't operate on posix acls but updates internal state.
[-] security/integrity/evm/evm_main.c:int evm_inode_removexattr(struct user_namespace *mnt_userns,
Doesn't operate on posix acls but updates internal state.
[-] security/selinux/hooks.c:static int selinux_inode_removexattr(struct user_namespace *mnt_userns,
Doesn't operate on posix acls but performs permission checking.
[-] security/smack/smack_lsm.c:static int smack_inode_removexattr(struct user_namespace *mnt_userns,
Doesn't operate on posix acls but performs permission checking.
