From: Christian Brauner <brauner@kernel.org>
To: linux-fsdevel@vger.kernel.org
Cc: Jeff Layton <jlayton@kernel.org>,
Josef Bacik <josef@toxicpanda.com>,
Alexander Viro <viro@zeniv.linux.org.uk>,
Jan Kara <jack@suse.cz>,
linux-kernel@vger.kernel.org, Hugh Dickins <hughd@google.com>,
linux-mm@kvack.org,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
Tejun Heo <tj@kernel.org>, Eric Dumazet <edumazet@google.com>,
Jakub Kicinski <kuba@kernel.org>, Jann Horn <jannh@google.com>,
netdev@vger.kernel.org, Christian Brauner <brauner@kernel.org>
Subject: [PATCH 11/14] xattr: support extended attributes on sockets
Date: Mon, 16 Feb 2026 14:32:07 +0100 [thread overview]
Message-ID: <20260216-work-xattr-socket-v1-11-c2efa4f74cb7@kernel.org> (raw)
In-Reply-To: <20260216-work-xattr-socket-v1-0-c2efa4f74cb7@kernel.org>
Allow user.* extended attributes on sockets by adding S_IFSOCK to the
xattr_permission() switch statement. Previously user.* xattrs were only
permitted on regular files and directories. Symlinks and special files
including sockets were rejected with -EPERM.
Path-based AF_UNIX sockets have their inodes on the underlying
filesystem (e.g. tmpfs) which already supports user.* xattrs through
simple_xattrs. So for these the permission check was the only thing
missing.
For sockets in sockfs - everything created via socket() including
abstract namespace AF_UNIX sockets - the preceding patch added
simple_xattr storage with per-inode limits. With the permission check
lifted here these sockets can now store user.* xattrs as well.
This enables services to associate metadata with their sockets. For
example, a service using Varlink for IPC can label its socket with
user.varlink=1 allowing eBPF programs to selectively capture traffic
and tools to discover IPC entrypoints by enumerating bound sockets via
netlink. Similarly, protocol negotiation can be performed through xattrs
such as indicating RFC 5424 structured syslog support on /dev/log.
Signed-off-by: Christian Brauner <brauner@kernel.org>
---
fs/xattr.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/fs/xattr.c b/fs/xattr.c
index 5e559b1c651f..09ecbaaa1660 100644
--- a/fs/xattr.c
+++ b/fs/xattr.c
@@ -163,6 +163,8 @@ xattr_permission(struct mnt_idmap *idmap, struct inode *inode,
if (inode_owner_or_capable(idmap, inode))
break;
return -EPERM;
+ case S_IFSOCK:
+ break;
default:
return xattr_permission_error(mask);
}
--
2.47.3
next prev parent reply other threads:[~2026-02-16 13:33 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-02-16 13:31 [PATCH 00/14] xattr: rework simple xattrs and support user.* xattrs " Christian Brauner
2026-02-16 13:31 ` [PATCH 01/14] xattr: add rcu_head and rhash_head to struct simple_xattr Christian Brauner
2026-02-16 13:31 ` [PATCH 02/14] xattr: add rhashtable-based simple_xattr infrastructure Christian Brauner
2026-02-16 13:31 ` [PATCH 03/14] shmem: adapt to rhashtable-based simple_xattrs with lazy allocation Christian Brauner
2026-02-16 13:32 ` [PATCH 04/14] kernfs: " Christian Brauner
2026-02-16 13:32 ` [PATCH 05/14] pidfs: adapt to rhashtable-based simple_xattrs Christian Brauner
2026-02-16 13:32 ` [PATCH 06/14] xattr: remove rbtree-based simple_xattr infrastructure Christian Brauner
2026-02-16 13:32 ` [PATCH 07/14] xattr: add xattr_permission_error() Christian Brauner
2026-02-16 13:32 ` [PATCH 08/14] xattr: switch xattr_permission() to switch statement Christian Brauner
2026-02-16 13:32 ` [PATCH 09/14] xattr: move user limits for xattrs to generic infra Christian Brauner
2026-02-21 0:03 ` Darrick J. Wong
2026-02-16 13:32 ` [PATCH 10/14] xattr,net: support limited amount of extended attributes on sockfs sockets Christian Brauner
2026-02-16 13:32 ` Christian Brauner [this message]
2026-02-16 13:32 ` [PATCH 12/14] selftests/xattr: path-based AF_UNIX socket xattr tests Christian Brauner
2026-02-16 13:32 ` [PATCH 13/14] selftests/xattr: sockfs " Christian Brauner
2026-02-16 13:32 ` [PATCH 14/14] selftests/xattr: test xattrs on various socket families Christian Brauner
2026-02-20 0:44 ` [PATCH 00/14] xattr: rework simple xattrs and support user.* xattrs on sockets Darrick J. Wong
2026-02-20 9:23 ` Christian Brauner
2026-02-21 0:14 ` Darrick J. Wong
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260216-work-xattr-socket-v1-11-c2efa4f74cb7@kernel.org \
--to=brauner@kernel.org \
--cc=edumazet@google.com \
--cc=gregkh@linuxfoundation.org \
--cc=hughd@google.com \
--cc=jack@suse.cz \
--cc=jannh@google.com \
--cc=jlayton@kernel.org \
--cc=josef@toxicpanda.com \
--cc=kuba@kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=netdev@vger.kernel.org \
--cc=tj@kernel.org \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox