lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <5a229249-fd4a-76ee-ec94-5f29ca3a245c@huawei.com> Date: Tue, 12 Apr 2022 11:38:33 +0300 From: Konstantin Meskhidze <konstantin.meskhidze@...wei.com> To: Mickaël Salaün <mic@...ikod.net> CC: <willemdebruijn.kernel@...il.com>, <linux-security-module@...r.kernel.org>, <netdev@...r.kernel.org>, <netfilter-devel@...r.kernel.org>, <yusongping@...wei.com>, <artem.kuzin@...wei.com>, <anton.sirazetdinov@...wei.com> Subject: Re: [RFC PATCH v4 08/15] landlock: add support network rules 4/11/2022 7:20 PM, Mickaël Salaün пишет: > > On 11/04/2022 15:44, Konstantin Meskhidze wrote: >> >> >> 4/8/2022 7:30 PM, Mickaël Salaün пишет: > > [...] > > >>>> struct landlock_ruleset *landlock_create_ruleset(const struct >>>> landlock_access_mask *access_mask_set) >>>> { >>>> struct landlock_ruleset *new_ruleset; >>>> >>>> /* Informs about useless ruleset. */ >>>> - if (!access_mask_set->fs) >>>> + if (!access_mask_set->fs && !access_mask_set->net) >>>> return ERR_PTR(-ENOMSG); >>>> new_ruleset = create_ruleset(1); >>>> - if (!IS_ERR(new_ruleset)) >>> >>> This is better: >>> >>> if (IS_ERR(new_ruleset)) >>> return new_ruleset; >>> if (access_mask_set->fs) >>> ... >> >> I dont get this condition. Do you mean that we return new_ruleset >> anyway no matter what the masks's values are? So its possible to have >> 0 masks values, is't it? > > No, the logic is correct but it would be simpler to exit as soon as > there is a ruleset error, you don't need to duplicate > "IS_ERR(new_ruleset) &&": > > if (IS_ERR(new_ruleset)) > return new_ruleset; > if (access_mask_set->fs) > landlock_set_fs_access_mask(new_ruleset, access_mask_set, 0); > if (access_mask_set->net) > landlock_set_net_access_mask(new_ruleset, access_mask_set, 0); > return new_ruleset; > Ok. I got it. Thank you. > .
Powered by blists - more mailing lists