| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20241113.he5shei2aiHo@digikod.net> Date: Wed, 13 Nov 2024 16:18:47 +0100 From: Mickaël Salaün <mic@...ikod.net> To: Francis Laniel <flaniel@...ux.microsoft.com> Cc: Eric Paris <eparis@...hat.com>, Paul Moore <paul@...l-moore.com>, Günther Noack <gnoack@...gle.com>, "Serge E . Hallyn" <serge@...lyn.com>, Ben Scarlato <akhna@...gle.com>, Casey Schaufler <casey@...aufler-ca.com>, Charles Zaffery <czaffery@...lox.com>, James Morris <jmorris@...ei.org>, Jann Horn <jannh@...gle.com>, Jeff Xu <jeffxu@...gle.com>, Jorge Lucangeli Obes <jorgelo@...gle.com>, Kees Cook <kees@...nel.org>, Konstantin Meskhidze <konstantin.meskhidze@...wei.com>, Matt Bobrowski <mattbobrowski@...gle.com>, Mikhail Ivanov <ivanov.mikhail1@...wei-partners.com>, Praveen K Paladugu <prapal@...ux.microsoft.com>, Robert Salvet <robert.salvet@...lox.com>, Shervin Oloumi <enlightened@...gle.com>, Song Liu <song@...nel.org>, Tahera Fahimi <fahimitahera@...il.com>, audit@...r.kernel.org, linux-kernel@...r.kernel.org, linux-security-module@...r.kernel.org Subject: Re: [RFC PATCH v2 05/14] landlock: Move access types On Fri, Oct 25, 2024 at 05:20:39PM +0200, Francis Laniel wrote: > Le mardi 22 octobre 2024, 18:10:00 CEST Mickaël Salaün a écrit : > > Move ACCESS_FS_OPTIONAL, access_mask_t, struct access_mask, and struct > > access_masks_all to a dedicated access.h file. > > > > This file will be extended with a following commit, and it will help to > > avoid dependency loops. > > > > Cc: Günther Noack <gnoack@...gle.com> > > Signed-off-by: Mickaël Salaün <mic@...ikod.net> > > Link: https://lore.kernel.org/r/20241022161009.982584-6-mic@digikod.net > > --- > > > > Changes since v1: > > * New patch > > --- > > security/landlock/access.h | 53 +++++++++++++++++++++++++++++++++++++ > > security/landlock/fs.c | 1 + > > security/landlock/fs.h | 1 + > > security/landlock/ruleset.h | 31 +--------------------- > > 4 files changed, 56 insertions(+), 30 deletions(-) > > create mode 100644 security/landlock/access.h > > > > diff --git a/security/landlock/access.h b/security/landlock/access.h > > new file mode 100644 > > index 000000000000..2659fd9b4aaf > > --- /dev/null > > +++ b/security/landlock/access.h > > @@ -0,0 +1,53 @@ > > +/* SPDX-License-Identifier: GPL-2.0-only */ > > +/* > > + * Landlock LSM - Access types and helpers > > + * > > + * Copyright © 2016-2020 Mickaël Salaün <mic@...ikod.net> > > + * Copyright © 2018-2020 ANSSI > > + * Copyright © 2024 Microsoft Corporation > > + */ > > + > > +#ifndef _SECURITY_LANDLOCK_ACCESS_H > > +#define _SECURITY_LANDLOCK_ACCESS_H > > + > > +#include <uapi/linux/landlock.h> > > + > > +#include "limits.h" > > + > > +/* clang-format off */ > > +#define ACCESS_FS_OPTIONAL ( \ > > + LANDLOCK_ACCESS_FS_TRUNCATE | \ > > + LANDLOCK_ACCESS_FS_IOCTL_DEV) > > Nit: The patch message indicates this is moved from somewhere but I cannot find > deletion for it. Correct, I'll move this define to the following patch introducing deny_masks_t.
Powered by blists - more mailing lists