From: Francis Laniel <flaniel@linux.microsoft.com>
To: "Eric Paris" <eparis@redhat.com>,
"Paul Moore" <paul@paul-moore.com>,
"Günther Noack" <gnoack@google.com>,
"Serge E . Hallyn" <serge@hallyn.com>,
"Mickaël Salaün" <mic@digikod.net>
Cc: "Mickaël Salaün" <mic@digikod.net>,
"Ben Scarlato" <akhna@google.com>,
"Casey Schaufler" <casey@schaufler-ca.com>,
"Charles Zaffery" <czaffery@roblox.com>,
"James Morris" <jmorris@namei.org>,
"Jann Horn" <jannh@google.com>, "Jeff Xu" <jeffxu@google.com>,
"Jorge Lucangeli Obes" <jorgelo@google.com>,
"Kees Cook" <kees@kernel.org>,
"Konstantin Meskhidze" <konstantin.meskhidze@huawei.com>,
"Matt Bobrowski" <mattbobrowski@google.com>,
"Mikhail Ivanov" <ivanov.mikhail1@huawei-partners.com>,
"Praveen K Paladugu" <prapal@linux.microsoft.com>,
"Robert Salvet" <robert.salvet@roblox.com>,
"Shervin Oloumi" <enlightened@google.com>,
"Song Liu" <song@kernel.org>,
"Tahera Fahimi" <fahimitahera@gmail.com>,
audit@vger.kernel.org, linux-kernel@vger.kernel.org,
linux-security-module@vger.kernel.org
Subject: Re: [RFC PATCH v2 05/14] landlock: Move access types
Date: Fri, 25 Oct 2024 17:20:39 +0200 [thread overview]
Message-ID: <3020507.e9J7NaK4W3@pwmachine> (raw)
In-Reply-To: <20241022161009.982584-6-mic@digikod.net>
Le mardi 22 octobre 2024, 18:10:00 CEST Mickaël Salaün a écrit :
> Move ACCESS_FS_OPTIONAL, access_mask_t, struct access_mask, and struct
> access_masks_all to a dedicated access.h file.
>
> This file will be extended with a following commit, and it will help to
> avoid dependency loops.
>
> Cc: Günther Noack <gnoack@google.com>
> Signed-off-by: Mickaël Salaün <mic@digikod.net>
> Link: https://lore.kernel.org/r/20241022161009.982584-6-mic@digikod.net
> ---
>
> Changes since v1:
> * New patch
> ---
> security/landlock/access.h | 53 +++++++++++++++++++++++++++++++++++++
> security/landlock/fs.c | 1 +
> security/landlock/fs.h | 1 +
> security/landlock/ruleset.h | 31 +---------------------
> 4 files changed, 56 insertions(+), 30 deletions(-)
> create mode 100644 security/landlock/access.h
>
> diff --git a/security/landlock/access.h b/security/landlock/access.h
> new file mode 100644
> index 000000000000..2659fd9b4aaf
> --- /dev/null
> +++ b/security/landlock/access.h
> @@ -0,0 +1,53 @@
> +/* SPDX-License-Identifier: GPL-2.0-only */
> +/*
> + * Landlock LSM - Access types and helpers
> + *
> + * Copyright © 2016-2020 Mickaël Salaün <mic@digikod.net>
> + * Copyright © 2018-2020 ANSSI
> + * Copyright © 2024 Microsoft Corporation
> + */
> +
> +#ifndef _SECURITY_LANDLOCK_ACCESS_H
> +#define _SECURITY_LANDLOCK_ACCESS_H
> +
> +#include <uapi/linux/landlock.h>
> +
> +#include "limits.h"
> +
> +/* clang-format off */
> +#define ACCESS_FS_OPTIONAL ( \
> + LANDLOCK_ACCESS_FS_TRUNCATE | \
> + LANDLOCK_ACCESS_FS_IOCTL_DEV)
Nit: The patch message indicates this is moved from somewhere but I cannot find
deletion for it.
> +/* clang-format on */
> +
> +typedef u16 access_mask_t;
> +/* Makes sure all filesystem access rights can be stored. */
> +static_assert(BITS_PER_TYPE(access_mask_t) >= LANDLOCK_NUM_ACCESS_FS);
> +/* Makes sure all network access rights can be stored. */
> +static_assert(BITS_PER_TYPE(access_mask_t) >= LANDLOCK_NUM_ACCESS_NET);
> +/* Makes sure all scoped rights can be stored. */
> +static_assert(BITS_PER_TYPE(access_mask_t) >= LANDLOCK_NUM_SCOPE);
> +/* Makes sure for_each_set_bit() and for_each_clear_bit() calls are OK. */
> +static_assert(sizeof(unsigned long) >= sizeof(access_mask_t));
> +
> +/* Ruleset access masks. */
> +struct access_masks {
> + access_mask_t fs : LANDLOCK_NUM_ACCESS_FS;
> + access_mask_t net : LANDLOCK_NUM_ACCESS_NET;
> + access_mask_t scope : LANDLOCK_NUM_SCOPE;
> +};
> +
> +union access_masks_all {
> + struct access_masks masks;
> + u32 all;
> +};
> +
> +/* Makes sure all fields are covered. */
> +static_assert(sizeof(((union access_masks_all *)NULL)->masks) ==
> + sizeof(((union access_masks_all *)NULL)->all));
> +
> +typedef u16 layer_mask_t;
> +/* Makes sure all layers can be checked. */
> +static_assert(BITS_PER_TYPE(layer_mask_t) >= LANDLOCK_MAX_NUM_LAYERS);
> +
> +#endif /* _SECURITY_LANDLOCK_ACCESS_H */
> diff --git a/security/landlock/fs.c b/security/landlock/fs.c
> index 698a623a8184..e0e5775b75ae 100644
> --- a/security/landlock/fs.c
> +++ b/security/landlock/fs.c
> @@ -36,6 +36,7 @@
> #include <uapi/linux/fiemap.h>
> #include <uapi/linux/landlock.h>
>
> +#include "access.h"
> #include "common.h"
> #include "cred.h"
> #include "fs.h"
> diff --git a/security/landlock/fs.h b/security/landlock/fs.h
> index 1487e1f023a1..d445f411c26a 100644
> --- a/security/landlock/fs.h
> +++ b/security/landlock/fs.h
> @@ -13,6 +13,7 @@
> #include <linux/init.h>
> #include <linux/rcupdate.h>
>
> +#include "access.h"
> #include "ruleset.h"
> #include "setup.h"
>
> diff --git a/security/landlock/ruleset.h b/security/landlock/ruleset.h
> index e00edcb38c5b..7921bbe01344 100644
> --- a/security/landlock/ruleset.h
> +++ b/security/landlock/ruleset.h
> @@ -17,6 +17,7 @@
> #include <linux/workqueue.h>
> #include <uapi/linux/landlock.h>
>
> +#include "access.h"
> #include "limits.h"
> #include "object.h"
>
> @@ -30,36 +31,6 @@
> LANDLOCK_ACCESS_FS_REFER)
> /* clang-format on */
>
> -typedef u16 access_mask_t;
> -/* Makes sure all filesystem access rights can be stored. */
> -static_assert(BITS_PER_TYPE(access_mask_t) >= LANDLOCK_NUM_ACCESS_FS);
> -/* Makes sure all network access rights can be stored. */
> -static_assert(BITS_PER_TYPE(access_mask_t) >= LANDLOCK_NUM_ACCESS_NET);
> -/* Makes sure all scoped rights can be stored. */
> -static_assert(BITS_PER_TYPE(access_mask_t) >= LANDLOCK_NUM_SCOPE);
> -/* Makes sure for_each_set_bit() and for_each_clear_bit() calls are OK. */
> -static_assert(sizeof(unsigned long) >= sizeof(access_mask_t));
> -
> -/* Ruleset access masks. */
> -struct access_masks {
> - access_mask_t fs : LANDLOCK_NUM_ACCESS_FS;
> - access_mask_t net : LANDLOCK_NUM_ACCESS_NET;
> - access_mask_t scope : LANDLOCK_NUM_SCOPE;
> -};
> -
> -union access_masks_all {
> - struct access_masks masks;
> - u32 all;
> -};
> -
> -/* Makes sure all fields are covered. */
> -static_assert(sizeof(((union access_masks_all *)NULL)->masks) ==
> - sizeof(((union access_masks_all *)NULL)->all));
> -
> -typedef u16 layer_mask_t;
> -/* Makes sure all layers can be checked. */
> -static_assert(BITS_PER_TYPE(layer_mask_t) >= LANDLOCK_MAX_NUM_LAYERS);
> -
> /**
> * struct landlock_layer - Access rights for a given layer
> */
next prev parent reply other threads:[~2024-10-25 15:20 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-10-22 16:09 [RFC PATCH v2 00/14] Landlock audit support Mickaël Salaün
2024-10-22 16:09 ` [RFC PATCH v2 01/14] lsm: Only build lsm_audit.c if CONFIG_AUDIT is set Mickaël Salaün
2024-10-23 0:07 ` Paul Moore
2024-10-23 18:51 ` Guenter Roeck
2024-10-23 21:21 ` Paul Moore
2024-10-22 16:09 ` [RFC PATCH v2 02/14] lsm: Add audit_log_lsm_data() helper Mickaël Salaün
2024-10-23 0:07 ` Paul Moore
2024-10-24 16:30 ` Paul Moore
2024-10-22 16:09 ` [RFC PATCH v2 03/14] landlock: Factor out check_access_path() Mickaël Salaün
2024-10-22 16:09 ` [RFC PATCH v2 04/14] landlock: Add unique ID generator Mickaël Salaün
2024-10-25 15:18 ` Francis Laniel
2024-11-13 15:18 ` Mickaël Salaün
2024-10-22 16:10 ` [RFC PATCH v2 05/14] landlock: Move access types Mickaël Salaün
2024-10-25 15:20 ` Francis Laniel [this message]
2024-11-13 15:18 ` Mickaël Salaün
2024-10-22 16:10 ` [RFC PATCH v2 06/14] landlock: Move domain hierarchy management Mickaël Salaün
2024-10-22 16:10 ` [RFC PATCH v2 07/14] landlock: Log ptrace denials Mickaël Salaün
2024-10-22 16:10 ` [RFC PATCH v2 08/14] landlock: Log domain properties and release Mickaël Salaün
2024-10-22 16:10 ` [RFC PATCH v2 09/14] landlock: Log mount-related denials Mickaël Salaün
2024-10-22 16:10 ` [RFC PATCH v2 10/14] landlock: Log file-related denials Mickaël Salaün
2024-10-25 15:23 ` Francis Laniel
2024-11-13 15:21 ` Mickaël Salaün
2024-10-22 16:10 ` [RFC PATCH v2 11/14] landlock: Log truncate and ioctl denials Mickaël Salaün
2024-10-22 16:10 ` [RFC PATCH v2 12/14] landlock: Log TCP bind and connect denials Mickaël Salaün
2024-10-25 15:25 ` Francis Laniel
2024-11-13 15:21 ` Mickaël Salaün
2024-10-22 16:10 ` [RFC PATCH v2 13/14] landlock: Log scoped denials Mickaël Salaün
2024-10-22 16:10 ` [RFC PATCH v2 14/14] landlock: Control log events with LANDLOCK_RESTRICT_SELF_LOGLESS Mickaël Salaün
2024-10-22 16:18 ` [RFC PATCH v2 00/14] Landlock audit support Mickaël Salaün
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3020507.e9J7NaK4W3@pwmachine \
--to=flaniel@linux.microsoft.com \
--cc=akhna@google.com \
--cc=audit@vger.kernel.org \
--cc=casey@schaufler-ca.com \
--cc=czaffery@roblox.com \
--cc=enlightened@google.com \
--cc=eparis@redhat.com \
--cc=fahimitahera@gmail.com \
--cc=gnoack@google.com \
--cc=ivanov.mikhail1@huawei-partners.com \
--cc=jannh@google.com \
--cc=jeffxu@google.com \
--cc=jmorris@namei.org \
--cc=jorgelo@google.com \
--cc=kees@kernel.org \
--cc=konstantin.meskhidze@huawei.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=mattbobrowski@google.com \
--cc=mic@digikod.net \
--cc=paul@paul-moore.com \
--cc=prapal@linux.microsoft.com \
--cc=robert.salvet@roblox.com \
--cc=serge@hallyn.com \
--cc=song@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.