Hi there,
the system call families getxattr() and setxattr() used to be
intercepted with requests GET_PERMISSIONS_DATA and
MODIFY_PERMISSIONS_DATA. Since extended attributes do much more than
Linux access control with ACLs, we needed a way to distinguish these
types of access.
I decided to introduce the new request types GET_XATTR and MODIFY_XATTR
for them, valid for all FD targets. The changes are in the kernel Git
repos for 6.6, 6.1, 5.15 and 5.10 as well as in the rsbac-admin repo for
administration. Older kernels remain unchanged.
Amon.
--
https://www.rsbac.org
GnuPG: E25D2F7B0C561382570DB487DC2A69DA870FE7FF 2018-03-20
