From: "Mickaël Salaün" <mic@digikod.net>
To: "Günther Noack" <gnoack3000@gmail.com>
Cc: linux-security-module@vger.kernel.org,
Tingmao Wang <m@maowtm.org>,
Samasth Norway Ananda <samasth.norway.ananda@oracle.com>
Subject: Re: [PATCH] landlock: Clarify documentation for the IOCTL access right
Date: Mon, 12 Jan 2026 17:07:50 +0100 [thread overview]
Message-ID: <20260112.Eik9che5Gee5@digikod.net> (raw)
In-Reply-To: <20260111175203.6545-2-gnoack3000@gmail.com>
On Sun, Jan 11, 2026 at 06:52:04PM +0100, Günther Noack wrote:
> Move the description of the LANDLOCK_ACCESS_FS_IOCTL_DEV access right
> together with the file access rights.
>
> This group of access rights applies to files (in this case device
> files), and they can be added to file or directory inodes using
> landlock_add_rule(2). The check for that works the same for all file
> access rights, including LANDLOCK_ACCESS_FS_IOCTL_DEV.
>
> Invoking ioctl(2) on directory FDs can not currently be restricted
> with Landlock. Having it grouped separately in the documentation is a
> remnant from earlier revisions of the LANDLOCK_ACCESS_FS_IOCTL_DEV
> patch set.
>
> Link: https://lore.kernel.org/all/20260108.Thaex5ruach2@digikod.net/
> Signed-off-by: Günther Noack <gnoack3000@gmail.com>
Thanks, applied.
> ---
> include/uapi/linux/landlock.h | 37 ++++++++++++++++-------------------
> 1 file changed, 17 insertions(+), 20 deletions(-)
>
> diff --git a/include/uapi/linux/landlock.h b/include/uapi/linux/landlock.h
> index eac65da687c1..fbd18cf60a88 100644
> --- a/include/uapi/linux/landlock.h
> +++ b/include/uapi/linux/landlock.h
> @@ -216,6 +216,23 @@ struct landlock_net_port_attr {
> * :manpage:`ftruncate(2)`, :manpage:`creat(2)`, or :manpage:`open(2)` with
> * ``O_TRUNC``. This access right is available since the third version of the
> * Landlock ABI.
> + * - %LANDLOCK_ACCESS_FS_IOCTL_DEV: Invoke :manpage:`ioctl(2)` commands on an opened
> + * character or block device.
> + *
> + * This access right applies to all `ioctl(2)` commands implemented by device
> + * drivers. However, the following common IOCTL commands continue to be
> + * invokable independent of the %LANDLOCK_ACCESS_FS_IOCTL_DEV right:
> + *
> + * * IOCTL commands targeting file descriptors (``FIOCLEX``, ``FIONCLEX``),
> + * * IOCTL commands targeting file descriptions (``FIONBIO``, ``FIOASYNC``),
> + * * IOCTL commands targeting file systems (``FIFREEZE``, ``FITHAW``,
> + * ``FIGETBSZ``, ``FS_IOC_GETFSUUID``, ``FS_IOC_GETFSSYSFSPATH``)
> + * * Some IOCTL commands which do not make sense when used with devices, but
> + * whose implementations are safe and return the right error codes
> + * (``FS_IOC_FIEMAP``, ``FICLONE``, ``FICLONERANGE``, ``FIDEDUPERANGE``)
> + *
> + * This access right is available since the fifth version of the Landlock
> + * ABI.
> *
> * Whether an opened file can be truncated with :manpage:`ftruncate(2)` or used
> * with `ioctl(2)` is determined during :manpage:`open(2)`, in the same way as
> @@ -275,26 +292,6 @@ struct landlock_net_port_attr {
> * If multiple requirements are not met, the ``EACCES`` error code takes
> * precedence over ``EXDEV``.
> *
> - * The following access right applies both to files and directories:
> - *
> - * - %LANDLOCK_ACCESS_FS_IOCTL_DEV: Invoke :manpage:`ioctl(2)` commands on an opened
> - * character or block device.
> - *
> - * This access right applies to all `ioctl(2)` commands implemented by device
> - * drivers. However, the following common IOCTL commands continue to be
> - * invokable independent of the %LANDLOCK_ACCESS_FS_IOCTL_DEV right:
> - *
> - * * IOCTL commands targeting file descriptors (``FIOCLEX``, ``FIONCLEX``),
> - * * IOCTL commands targeting file descriptions (``FIONBIO``, ``FIOASYNC``),
> - * * IOCTL commands targeting file systems (``FIFREEZE``, ``FITHAW``,
> - * ``FIGETBSZ``, ``FS_IOC_GETFSUUID``, ``FS_IOC_GETFSSYSFSPATH``)
> - * * Some IOCTL commands which do not make sense when used with devices, but
> - * whose implementations are safe and return the right error codes
> - * (``FS_IOC_FIEMAP``, ``FICLONE``, ``FICLONERANGE``, ``FIDEDUPERANGE``)
> - *
> - * This access right is available since the fifth version of the Landlock
> - * ABI.
> - *
> * .. warning::
> *
> * It is currently not possible to restrict some file-related actions
> --
> 2.52.0
>
>
prev parent reply other threads:[~2026-01-12 16:07 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-01-11 17:52 [PATCH] landlock: Clarify documentation for the IOCTL access right Günther Noack
2026-01-12 16:07 ` Mickaël Salaün [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260112.Eik9che5Gee5@digikod.net \
--to=mic@digikod.net \
--cc=gnoack3000@gmail.com \
--cc=linux-security-module@vger.kernel.org \
--cc=m@maowtm.org \
--cc=samasth.norway.ananda@oracle.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.