From: Al Viro <viro@zeniv.linux.org.uk>
To: "Mickaël Salaün" <mic@digikod.net>
Cc: linux-kernel@vger.kernel.org,
"Andy Lutomirski" <luto@amacapital.net>,
"Arnd Bergmann" <arnd@arndb.de>,
"Casey Schaufler" <casey@schaufler-ca.com>,
"Greg Kroah-Hartman" <gregkh@linuxfoundation.org>,
"James Morris" <jmorris@namei.org>, "Jann Horn" <jann@thejh.net>,
"Jonathan Corbet" <corbet@lwn.net>,
"Kees Cook" <keescook@chromium.org>,
"Michael Kerrisk" <mtk.manpages@gmail.com>,
"Mickaël Salaün" <mickael.salaun@ssi.gouv.fr>,
"Serge E . Hallyn" <serge@hallyn.com>,
"Shuah Khan" <shuah@kernel.org>,
"Vincent Dagonneau" <vincent.dagonneau@ssi.gouv.fr>,
kernel-hardening@lists.openwall.com, linux-api@vger.kernel.org,
linux-arch@vger.kernel.org, linux-doc@vger.kernel.org,
linux-fsdevel@vger.kernel.org, linux-kselftest@vger.kernel.org,
linux-security-module@vger.kernel.org, x86@kernel.org
Subject: Re: [RFC PATCH v14 06/10] landlock: Add syscall implementation
Date: Tue, 17 Mar 2020 16:47:09 +0000 [thread overview]
Message-ID: <20200317164709.GA23230@ZenIV.linux.org.uk> (raw)
In-Reply-To: <20200224160215.4136-7-mic@digikod.net>
On Mon, Feb 24, 2020 at 05:02:11PM +0100, Mickaël Salaün wrote:
> +static int get_path_from_fd(u64 fd, struct path *path)
> + /*
> + * Only allows O_PATH FD: enable to restrict ambiant (FS) accesses
> + * without requiring to open and risk leaking or misuing a FD. Accept
> + * removed, but still open directory (S_DEAD).
> + */
> + if (!(f.file->f_mode & FMODE_PATH) || !f.file->f_path.mnt ||
^^^^^^^^^^^^^^^^^^^
Could you explain what that one had been be about? The underlined
subexpression is always false; was that supposed to check some
condition and if so, which one?
WARNING: multiple messages have this Message-ID (diff)
From: Al Viro <viro-RmSDqhL/yNMiFSDQTTA3OLVCufUGDwFn@public.gmane.org>
To: "Mickaël Salaün" <mic-WFhQfpSGs3bR7s880joybQ@public.gmane.org>
Cc: linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
"Andy Lutomirski" <luto-kltTT9wpgjJwATOyAt5JVQ@public.gmane.org>,
"Arnd Bergmann" <arnd-r2nGTMty4D4@public.gmane.org>,
"Casey Schaufler" <casey-iSGtlc1asvQWG2LlvL+J4A@public.gmane.org>,
"Greg Kroah-Hartman"
<gregkh-hQyY1W1yCW8ekmWlsbkhG0B+6BGkLq7r@public.gmane.org>,
"James Morris" <jmorris-gx6/JNMH7DfYtjvyW6yDsg@public.gmane.org>,
"Jann Horn" <jann-XZ1E9jl8jIdeoWH0uzbU5w@public.gmane.org>,
"Jonathan Corbet" <corbet-T1hC0tSOHrs@public.gmane.org>,
"Kees Cook" <keescook-F7+t8E8rja9g9hUCZPvPmw@public.gmane.org>,
"Michael Kerrisk"
<mtk.manpages-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>,
"Mickaël Salaün"
<mickael.salaun-D9rjmswh09VWj0EZb7rXcA@public.gmane.org>,
"Serge E . Hallyn"
<serge-A9i7LUbDfNHQT0dZR+AlfA@public.gmane.org>,
"Shuah Khan" <shuah-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org>,
"Vincent Dagonneau"
<vincent.dagonneau-D9rjmswh09VWj0EZb7rXcA@public.gmane.org>,
kernel-hardening-ZwoEplunGu1jrUoiu81ncdBPR1lH4CV8@public.gmane.org,
linux-api-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
linux-arch-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
linux-doc-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
linux-fsdevel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
linux-kselftest-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
linux-security-module-u79uwXL29TasMV2rI37PzA@public.gmane.org
Subject: Re: [RFC PATCH v14 06/10] landlock: Add syscall implementation
Date: Tue, 17 Mar 2020 16:47:09 +0000 [thread overview]
Message-ID: <20200317164709.GA23230@ZenIV.linux.org.uk> (raw)
In-Reply-To: <20200224160215.4136-7-mic-WFhQfpSGs3bR7s880joybQ@public.gmane.org>
On Mon, Feb 24, 2020 at 05:02:11PM +0100, Mickaël Salaün wrote:
> +static int get_path_from_fd(u64 fd, struct path *path)
> + /*
> + * Only allows O_PATH FD: enable to restrict ambiant (FS) accesses
> + * without requiring to open and risk leaking or misuing a FD. Accept
> + * removed, but still open directory (S_DEAD).
> + */
> + if (!(f.file->f_mode & FMODE_PATH) || !f.file->f_path.mnt ||
^^^^^^^^^^^^^^^^^^^
Could you explain what that one had been be about? The underlined
subexpression is always false; was that supposed to check some
condition and if so, which one?
next prev parent reply other threads:[~2020-03-17 16:48 UTC|newest]
Thread overview: 68+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-02-24 16:02 [RFC PATCH v14 00/10] Landlock LSM Mickaël Salaün
2020-02-24 16:02 ` Mickaël Salaün
2020-02-24 16:02 ` [RFC PATCH v14 01/10] landlock: Add object and rule management Mickaël Salaün
2020-02-24 16:02 ` Mickaël Salaün
2020-02-25 20:49 ` Jann Horn
2020-02-25 20:49 ` Jann Horn
2020-02-26 15:31 ` Mickaël Salaün
2020-02-26 15:31 ` Mickaël Salaün
2020-02-26 20:24 ` Jann Horn
2020-02-26 20:24 ` Jann Horn
2020-02-27 16:46 ` Mickaël Salaün
2020-02-27 16:46 ` Mickaël Salaün
2020-02-24 16:02 ` [RFC PATCH v14 02/10] landlock: Add ruleset and domain management Mickaël Salaün
2020-02-24 16:02 ` Mickaël Salaün
2020-02-24 16:02 ` [RFC PATCH v14 03/10] landlock: Set up the security framework and manage credentials Mickaël Salaün
2020-02-24 16:02 ` [RFC PATCH v14 04/10] landlock: Add ptrace restrictions Mickaël Salaün
2020-02-24 16:02 ` [RFC PATCH v14 05/10] fs,landlock: Support filesystem access-control Mickaël Salaün
2020-02-26 20:29 ` Jann Horn
2020-02-26 20:29 ` Jann Horn
2020-02-27 16:50 ` Mickaël Salaün
2020-02-27 16:50 ` Mickaël Salaün
2020-02-27 16:51 ` Jann Horn
2020-02-27 16:51 ` Jann Horn
2020-02-24 16:02 ` [RFC PATCH v14 06/10] landlock: Add syscall implementation Mickaël Salaün
2020-02-24 16:02 ` Mickaël Salaün
2020-03-17 16:47 ` Al Viro [this message]
2020-03-17 16:47 ` Al Viro
2020-03-17 17:51 ` Mickaël Salaün
2020-03-17 17:51 ` Mickaël Salaün
2020-02-24 16:02 ` [RFC PATCH v14 07/10] arch: Wire up landlock() syscall Mickaël Salaün
2020-02-24 16:02 ` Mickaël Salaün
2020-02-29 10:12 ` kbuild test robot
2020-02-29 10:12 ` kbuild test robot
2020-02-24 16:02 ` [RFC PATCH v14 08/10] selftests/landlock: Add initial tests Mickaël Salaün
2020-02-24 16:02 ` [RFC PATCH v14 09/10] samples/landlock: Add a sandbox manager example Mickaël Salaün
2020-02-24 16:02 ` Mickaël Salaün
2020-02-24 16:02 ` [RFC PATCH v14 10/10] landlock: Add user and kernel documentation Mickaël Salaün
2020-02-29 17:23 ` Randy Dunlap
2020-02-29 17:23 ` Randy Dunlap
2020-03-02 10:03 ` Mickaël Salaün
2020-03-02 10:03 ` Mickaël Salaün
2020-02-25 18:49 ` [RFC PATCH v14 00/10] Landlock LSM J Freyensee
2020-02-25 18:49 ` J Freyensee
2020-02-26 15:34 ` Mickaël Salaün
2020-02-26 15:34 ` Mickaël Salaün
2020-02-27 4:20 ` [RFC PATCH v14 01/10] landlock: Add object and rule management Hillf Danton
2020-02-27 17:01 ` Mickaël Salaün
2020-02-27 17:01 ` Mickaël Salaün
2020-03-09 23:44 ` [RFC PATCH v14 00/10] Landlock LSM Jann Horn
2020-03-09 23:44 ` Jann Horn
2020-03-11 23:38 ` Mickaël Salaün
2020-03-11 23:38 ` Mickaël Salaün
2020-03-17 16:19 ` Jann Horn
2020-03-17 16:19 ` Jann Horn
2020-03-17 17:50 ` Mickaël Salaün
2020-03-17 17:50 ` Mickaël Salaün
2020-03-17 19:45 ` Jann Horn
2020-03-17 19:45 ` Jann Horn
2020-03-18 12:06 ` Mickaël Salaün
2020-03-18 12:06 ` Mickaël Salaün
2020-03-18 23:33 ` Jann Horn
2020-03-18 23:33 ` Jann Horn
2020-03-19 16:58 ` Mickaël Salaün
2020-03-19 16:58 ` Mickaël Salaün
2020-03-19 21:17 ` Jann Horn
2020-03-19 21:17 ` Jann Horn
2020-03-30 18:26 ` Mickaël Salaün
2020-03-30 18:26 ` Mickaël Salaün
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200317164709.GA23230@ZenIV.linux.org.uk \
--to=viro@zeniv.linux.org.uk \
--cc=arnd@arndb.de \
--cc=casey@schaufler-ca.com \
--cc=corbet@lwn.net \
--cc=gregkh@linuxfoundation.org \
--cc=jann@thejh.net \
--cc=jmorris@namei.org \
--cc=keescook@chromium.org \
--cc=kernel-hardening@lists.openwall.com \
--cc=linux-api@vger.kernel.org \
--cc=linux-arch@vger.kernel.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-kselftest@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=luto@amacapital.net \
--cc=mic@digikod.net \
--cc=mickael.salaun@ssi.gouv.fr \
--cc=mtk.manpages@gmail.com \
--cc=serge@hallyn.com \
--cc=shuah@kernel.org \
--cc=vincent.dagonneau@ssi.gouv.fr \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.