From: "Mickaël Salaün" <mic@digikod.net>
To: Christian Brauner <brauner@kernel.org>
Cc: linux-security-module@vger.kernel.org,
Christian Brauner <christian.brauner@ubuntu.com>
Subject: Re: [PATCH] security/landlock: use square brackets around "landlock-ruleset"
Date: Mon, 11 Oct 2021 16:38:55 +0200 [thread overview]
Message-ID: <06b6f249-06e6-f472-c74c-bb3ff6f4b4ee@digikod.net> (raw)
In-Reply-To: <20211011133704.1704369-1-brauner@kernel.org>
On 11/10/2021 15:37, Christian Brauner wrote:
> From: Christian Brauner <christian.brauner@ubuntu.com>
>
> Make the name of the anon inode fd "[landlock-ruleset]" instead of
> "landlock-ruleset". This is minor but most anon inode fds already
> carry square brackets around their name:
>
> [eventfd]
> [eventpoll]
> [fanotify]
> [fscontext]
> [io_uring]
> [pidfd]
> [signalfd]
> [timerfd]
> [userfaultfd]
>
> For the sake of consistency lets do the same for the landlock-ruleset anon
> inode fd that comes with landlock. We did the same in
> 1cdc415f1083 ("uapi, fsopen: use square brackets around "fscontext" [ver #2]")
> for the new mount api.
Before creating "landlock-ruleset" FD, I looked at other anonymous FD
and saw this kind of inconsistency. I don't get why we need to add extra
characters to names, those brackets seem useless. If it should be part
of the interface, why is it not enforced by anon_inode_getfd()?
There is a lot of other names that come without brackets (e.g. inotify,
bpf-*, btf, kvm-*, iio*). Do you plan to send patches for those too?
Changing such FD names could break user space because they may already
be exposed and used (e.g. through SELinux).
next prev parent reply other threads:[~2021-10-11 14:41 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-10-11 13:37 [PATCH] security/landlock: use square brackets around "landlock-ruleset" Christian Brauner
2021-10-11 14:38 ` Mickaël Salaün [this message]
2021-10-12 10:38 ` Christian Brauner
2021-10-12 18:11 ` Paul Moore
2021-10-12 20:38 ` Ondrej Mosnacek
2021-10-12 21:09 ` Paul Moore
2021-10-13 15:47 ` Mickaël Salaün
2021-10-15 9:10 ` Christian Brauner
2021-10-15 11:47 ` Mickaël Salaün
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=06b6f249-06e6-f472-c74c-bb3ff6f4b4ee@digikod.net \
--to=mic@digikod.net \
--cc=brauner@kernel.org \
--cc=christian.brauner@ubuntu.com \
--cc=linux-security-module@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).