From: Paul Moore <paul@paul-moore.com>
To: mic@digikod.net, gnoack@google.com, Song Liu <song@kernel.org>,
linux-security-module@vger.kernel.org,
linux-fsdevel@vger.kernel.org, selinux@vger.kernel.org,
apparmor@lists.ubuntu.com
Cc: jmorris@namei.org, serge@hallyn.com, viro@zeniv.linux.org.uk,
brauner@kernel.org, jack@suse.cz, john.johansen@canonical.com,
stephen.smalley.work@gmail.com, omosnace@redhat.com,
takedakn@nttdata.co.jp, penguin-kernel@I-love.SAKURA.ne.jp,
herton@canonical.com, kernel-team@meta.com,
Song Liu <song@kernel.org>
Subject: Re: [PATCH v3 5/7] landlock: Convert from sb_mount to granular mount hooks
Date: Mon, 11 May 2026 15:52:46 -0400 [thread overview]
Message-ID: <eb3d42b49940d9ecdc4ef384989d8f8d@paul-moore.com> (raw)
In-Reply-To: <20260509015208.3853132-6-song@kernel.org>
On May 8, 2026 Song Liu <song@kernel.org> wrote:
>
> Replace hook_sb_mount() with granular mount hooks. Landlock denies
> all mount operations for sandboxed processes regardless of flags,
> so all new hooks share a common hook_mount_deny() helper. The
> mount_move hook reuses hook_move_mount().
>
> Code generated with the assistance of Claude, reviewed by human.
>
> Signed-off-by: Song Liu <song@kernel.org>
> ---
> security/landlock/fs.c | 40 ++++++++++++++++++++++++++++++++++++----
> 1 file changed, 36 insertions(+), 4 deletions(-)
Mickaël, Günther, are you okay with this patch?
--
paul-moore.com
next prev parent reply other threads:[~2026-05-11 19:52 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-05-09 1:52 [PATCH v3 0/7] lsm: Replace security_sb_mount with granular mount hooks Song Liu
2026-05-09 1:52 ` [PATCH v3 1/7] lsm: Add granular mount hooks to replace security_sb_mount Song Liu
2026-05-09 1:52 ` [PATCH v3 2/7] apparmor: Remove redundant MS_MGC_MSK stripping in apparmor_sb_mount Song Liu
2026-05-11 19:52 ` Paul Moore
2026-05-09 1:52 ` [PATCH v3 3/7] apparmor: Convert from sb_mount to granular mount hooks Song Liu
2026-05-11 19:52 ` Paul Moore
2026-05-09 1:52 ` [PATCH v3 4/7] selinux: " Song Liu
2026-05-09 1:52 ` [PATCH v3 5/7] landlock: " Song Liu
2026-05-11 19:52 ` Paul Moore [this message]
2026-05-09 1:52 ` [PATCH v3 6/7] tomoyo: " Song Liu
2026-05-11 19:52 ` Paul Moore
2026-05-12 11:01 ` Tetsuo Handa
2026-05-12 13:31 ` Paul Moore
2026-05-12 18:07 ` Song Liu
2026-05-09 1:52 ` [PATCH v3 7/7] lsm: Remove security_sb_mount and security_move_mount Song Liu
2026-05-11 19:52 ` Paul Moore
2026-05-11 21:06 ` Song Liu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=eb3d42b49940d9ecdc4ef384989d8f8d@paul-moore.com \
--to=paul@paul-moore.com \
--cc=apparmor@lists.ubuntu.com \
--cc=brauner@kernel.org \
--cc=gnoack@google.com \
--cc=herton@canonical.com \
--cc=jack@suse.cz \
--cc=jmorris@namei.org \
--cc=john.johansen@canonical.com \
--cc=kernel-team@meta.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=mic@digikod.net \
--cc=omosnace@redhat.com \
--cc=penguin-kernel@I-love.SAKURA.ne.jp \
--cc=selinux@vger.kernel.org \
--cc=serge@hallyn.com \
--cc=song@kernel.org \
--cc=stephen.smalley.work@gmail.com \
--cc=takedakn@nttdata.co.jp \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.