From: "Mickaël Salaün" <mic@digikod.net>
To: James Morris <jmorris@namei.org>, "Serge E . Hallyn" <serge@hallyn.com>
Cc: "Mickaël Salaün" <mic@digikod.net>,
"Jann Horn" <jannh@google.com>,
"Kees Cook" <keescook@chromium.org>,
"Konstantin Meskhidze" <konstantin.meskhidze@huawei.com>,
"Nathan Chancellor" <nathan@kernel.org>,
"Nick Desaulniers" <ndesaulniers@google.com>,
"Paul Moore" <paul@paul-moore.com>,
"Shuah Khan" <shuah@kernel.org>,
linux-api@vger.kernel.org, linux-kernel@vger.kernel.org,
linux-security-module@vger.kernel.org,
"Mickaël Salaün" <mic@linux.microsoft.com>
Subject: [PATCH v1 1/7] landlock: Fix landlock_add_rule(2) documentation
Date: Mon, 21 Feb 2022 16:53:05 +0100 [thread overview]
Message-ID: <20220221155311.166278-2-mic@digikod.net> (raw)
In-Reply-To: <20220221155311.166278-1-mic@digikod.net>
From: Mickaël Salaün <mic@linux.microsoft.com>
It is not mandatory to pass a file descriptor obtained with the O_PATH
flag. Also, replace rule's accesses with ruleset's accesses.
Signed-off-by: Mickaël Salaün <mic@linux.microsoft.com>
Link: https://lore.kernel.org/r/20220221155311.166278-2-mic@digikod.net
---
include/uapi/linux/landlock.h | 5 +++--
security/landlock/syscalls.c | 7 +++----
2 files changed, 6 insertions(+), 6 deletions(-)
diff --git a/include/uapi/linux/landlock.h b/include/uapi/linux/landlock.h
index b3d952067f59..c0390e318a65 100644
--- a/include/uapi/linux/landlock.h
+++ b/include/uapi/linux/landlock.h
@@ -60,8 +60,9 @@ struct landlock_path_beneath_attr {
*/
__u64 allowed_access;
/**
- * @parent_fd: File descriptor, open with ``O_PATH``, which identifies
- * the parent directory of a file hierarchy, or just a file.
+ * @parent_fd: File descriptor, preferably opened with ``O_PATH``,
+ * which identifies the parent directory of a file hierarchy, or just a
+ * file.
*/
__s32 parent_fd;
/*
diff --git a/security/landlock/syscalls.c b/security/landlock/syscalls.c
index 32396962f04d..fd4b24022a06 100644
--- a/security/landlock/syscalls.c
+++ b/security/landlock/syscalls.c
@@ -290,14 +290,13 @@ static int get_path_from_fd(const s32 fd, struct path *const path)
*
* - EOPNOTSUPP: Landlock is supported by the kernel but disabled at boot time;
* - EINVAL: @flags is not 0, or inconsistent access in the rule (i.e.
- * &landlock_path_beneath_attr.allowed_access is not a subset of the rule's
- * accesses);
+ * &landlock_path_beneath_attr.allowed_access is not a subset of the
+ * ruleset handled accesses);
* - ENOMSG: Empty accesses (e.g. &landlock_path_beneath_attr.allowed_access);
* - EBADF: @ruleset_fd is not a file descriptor for the current thread, or a
* member of @rule_attr is not a file descriptor as expected;
* - EBADFD: @ruleset_fd is not a ruleset file descriptor, or a member of
- * @rule_attr is not the expected file descriptor type (e.g. file open
- * without O_PATH);
+ * @rule_attr is not the expected file descriptor type;
* - EPERM: @ruleset_fd has no write access to the underlying ruleset;
* - EFAULT: @rule_attr inconsistency.
*/
--
2.35.1
next prev parent reply other threads:[~2022-02-21 15:43 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-02-21 15:53 [PATCH v1 0/7] Minor Landlock fixes and new tests Mickaël Salaün
2022-02-21 15:53 ` Mickaël Salaün [this message]
2022-02-21 15:53 ` [PATCH v1 2/7] landlock: Fix landlock_add_rule(2) signature Mickaël Salaün
2022-02-26 21:26 ` Alejandro Colomar (man-pages)
2022-02-28 7:59 ` Mickaël Salaün
2022-02-21 15:53 ` [PATCH v1 3/7] selftest/landlock: Make tests build with old libc Mickaël Salaün
2022-02-21 15:53 ` [PATCH v1 4/7] selftest/landlock: Extend tests for minimal valid attribute size Mickaël Salaün
2022-02-21 15:53 ` [PATCH v1 5/7] selftest/landlock: Add tests for unknown access rights Mickaël Salaün
2022-02-21 15:53 ` [PATCH v1 6/7] selftest/landlock: Extend access right tests to directories Mickaël Salaün
2022-02-21 15:53 ` [PATCH v1 7/7] selftest/landlock: Fully test file rename with "remove" access Mickaël Salaün
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220221155311.166278-2-mic@digikod.net \
--to=mic@digikod.net \
--cc=jannh@google.com \
--cc=jmorris@namei.org \
--cc=keescook@chromium.org \
--cc=konstantin.meskhidze@huawei.com \
--cc=linux-api@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=mic@linux.microsoft.com \
--cc=nathan@kernel.org \
--cc=ndesaulniers@google.com \
--cc=paul@paul-moore.com \
--cc=serge@hallyn.com \
--cc=shuah@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox