From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9B7E9C32792 for ; Mon, 22 Aug 2022 21:25:42 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S238060AbiHVVZl (ORCPT ); Mon, 22 Aug 2022 17:25:41 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51130 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S238191AbiHVVZk (ORCPT ); Mon, 22 Aug 2022 17:25:40 -0400 Received: from smtp-42a8.mail.infomaniak.ch (smtp-42a8.mail.infomaniak.ch [IPv6:2001:1600:4:17::42a8]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 8070D4F1B7 for ; Mon, 22 Aug 2022 14:25:38 -0700 (PDT) Received: from smtp-3-0001.mail.infomaniak.ch (unknown [10.4.36.108]) by smtp-3-3000.mail.infomaniak.ch (Postfix) with ESMTPS id 4MBQPr6Lb2zMpvsm; Mon, 22 Aug 2022 23:25:36 +0200 (CEST) Received: from ns3096276.ip-94-23-54.eu (unknown [23.97.221.149]) by smtp-3-0001.mail.infomaniak.ch (Postfix) with ESMTPA id 4MBQPr0l8Kzlh8TC; Mon, 22 Aug 2022 23:25:36 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=digikod.net; s=20191114; t=1661203536; bh=bl79jSnYmOqsqEwfzn/3uZdbexw5tt9nsmEid8rJbl8=; h=Date:To:Cc:References:From:Subject:In-Reply-To:From; b=t/KVRMzqA/JAYEXensgt6ob2cKG3uu+fhvhZ90HhNlZtT+mwvoS4DG2U/v/zaNV4U ineELGdGS0yxHXN/HGZIybSx0VJwhHrkagdZNVPtuKaHFbgHg5Q5y7mWVAsUIFJwJG wxeREv/Nn8boCIfXhdJiJhcKLCfWAUJgtnqIzfbE= Message-ID: <68629a11-93c1-d7ab-ad3d-0fdbde1a35e3@digikod.net> Date: Mon, 22 Aug 2022 23:25:35 +0200 MIME-Version: 1.0 User-Agent: Content-Language: en-US To: Xiu Jianfeng , paul@paul-moore.com, jmorris@namei.org, serge@hallyn.com, shuah@kernel.org, corbet@lwn.net Cc: linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-doc@vger.kernel.org References: <20220822114701.26975-1-xiujianfeng@huawei.com> <20220822114701.26975-6-xiujianfeng@huawei.com> From: =?UTF-8?Q?Micka=c3=abl_Sala=c3=bcn?= Subject: Re: [PATCH -next 5/5] landlock: update chmod and chown support in document In-Reply-To: <20220822114701.26975-6-xiujianfeng@huawei.com> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Precedence: bulk List-ID: On 22/08/2022 13:47, Xiu Jianfeng wrote: > update LANDLOCK_ACCESS_FS_{CHMOD, CHOWN} support and add abi change > in the document. > > Signed-off-by: Xiu Jianfeng > --- > Documentation/userspace-api/landlock.rst | 8 +++++++- > 1 file changed, 7 insertions(+), 1 deletion(-) > > diff --git a/Documentation/userspace-api/landlock.rst b/Documentation/userspace-api/landlock.rst > index 2509c2fbf98f..05ab338db529 100644 > --- a/Documentation/userspace-api/landlock.rst > +++ b/Documentation/userspace-api/landlock.rst > @@ -61,7 +61,9 @@ the need to be explicit about the denied-by-default access rights. > LANDLOCK_ACCESS_FS_MAKE_BLOCK | > LANDLOCK_ACCESS_FS_MAKE_SYM | > LANDLOCK_ACCESS_FS_REFER | > - LANDLOCK_ACCESS_FS_TRUNCATE, > + LANDLOCK_ACCESS_FS_TRUNCATE | > + LANDLOCK_ACCESS_FS_CHMOD | > + LANDLOCK_ACCESS_FS_CHOWN > }; > > Because we may not know on which kernel version an application will be > @@ -90,6 +92,10 @@ the ABI. > case 2: > /* Removes LANDLOCK_ACCESS_FS_TRUNCATE for ABI < 3 */ > ruleset_attr.handled_access_fs &= ~LANDLOCK_ACCESS_FS_TRUNCATE; There is a missing fall-through attribute here. > + case 3: > + /* Removes LANDLOCK_ACCESS_FS_{CHMOD, CHOWN} for ABI < 4 */ > + ruleset_attr.handled_access_fs &= ~(LANDLOCK_ACCESS_FS_CHMOD | > + LANDLOCK_ACCESS_FS_CHOWN); > } > > This enables to create an inclusive ruleset that will contain our rules.