git.ipfire.org Git - thirdparty/kernel/linux.git/commit

author	Christian Brauner <brauner@kernel.org>
	Mon, 16 Feb 2026 13:32:07 +0000 (14:32 +0100)
committer	Christian Brauner <brauner@kernel.org>
	Mon, 2 Mar 2026 10:06:42 +0000 (11:06 +0100)
commit	dc0876b9846d3d48bb8528332106d1b051578a02
tree	7d64a82fccd9256add6dbc67384f2ad02ae8be95	tree \| snapshot
parent	b6d6ab1b6dd2ead98f8915e47895ea4014ac3cb2	commit \| diff

xattr: support extended attributes on sockets

Allow user.* extended attributes on sockets by adding S_IFSOCK to the
xattr_permission() switch statement. Previously user.* xattrs were only
permitted on regular files and directories. Symlinks and special files
including sockets were rejected with -EPERM.

Path-based AF_UNIX sockets have their inodes on the underlying
filesystem (e.g. tmpfs) which already supports user.* xattrs through
simple_xattrs. So for these the permission check was the only thing
missing.

For sockets in sockfs - everything created via socket() including
abstract namespace AF_UNIX sockets - the preceding patch added
simple_xattr storage with per-inode limits. With the permission check
lifted here these sockets can now store user.* xattrs as well.

This enables services to associate metadata with their sockets. For
example, a service using Varlink for IPC can label its socket with
user.varlink=1 allowing eBPF programs to selectively capture traffic
and tools to discover IPC entrypoints by enumerating bound sockets via
netlink. Similarly, protocol negotiation can be performed through xattrs
such as indicating RFC 5424 structured syslog support on /dev/log.

Link: https://patch.msgid.link/20260216-work-xattr-socket-v1-11-c2efa4f74cb7@kernel.org
Acked-by: Darrick J. Wong <djwong@kernel.org>
Reviewed-by: Jan Kara <jack@suse.cz>
Signed-off-by: Christian Brauner <brauner@kernel.org>