From: Justin Suess <utilityemal77@gmail.com>
To: Tingmao Wang <m@maowtm.org>
Cc: "Mickaël Salaün" <mic@digikod.net>,
"Günther Noack" <gnoack3000@gmail.com>, "Jan Kara" <jack@suse.cz>,
"Abhinav Saxena" <xandfury@gmail.com>,
linux-security-module@vger.kernel.org
Subject: Re: [PATCH v9 1/9] landlock: Add a place for flags to layer rules
Date: Thu, 28 May 2026 18:01:10 -0400 [thread overview]
Message-ID: <ahi4fYCiwYgr6S7I@suesslenovo> (raw)
In-Reply-To: <725de048a1756253dd2164c8f39b038e4e0ebdb5.1779843375.git.m@maowtm.org>
On Wed, May 27, 2026 at 02:01:11AM +0100, Tingmao Wang wrote:
> To avoid unnecessarily increasing the size of struct landlock_layer, we
> make the layer level a u8 and use the space to store the flags struct.
>
> struct layer_access_masks is renamed to struct layer_masks, and a new
> field is added to track whether a quiet flag rule is seen for each
> layer. Through use of bitfields, this does not increase the size of the
> struct.
>
> Cc: Justin Suess <utilityemal77@gmail.com>
> Assisted-by: GitHub Copilot:claude-opus-4.7 copilot-review
> Signed-off-by: Tingmao Wang <m@maowtm.org>
> Co-developed-by: Justin Suess <utilityemal77@gmail.com>
> Signed-off-by: Justin Suess <utilityemal77@gmail.com>
> ---
>
> Changes in v9:
> - Move a hunk from patch 2 to here
> - Fix comment and format
> - Renamed struct layer_access_masks to struct layer_masks, and moved the
> content of struct collected_rule_flags into this struct, getting rid
> of the extra struct collected_rule_flags and function parameters.
> This is following a discussion in [3]. The flag is now initialized in
> landlock_init_layer_masks as false.
> - Thus also removed now unnecessary layer_mask_t
>
> Changes in v8:
> - Rebase on top of mic/next
> - Add Co-developed-by: Justin Suess for handling this rebase initially
> - layer_mask_t was removed in [1] but we still need it for the
> collected_rule_flags. Rather than using raw u16, I've chosen to
> re-define it back in ruleset.h (it was in access.h).
>
> Changes in v7:
> - Take rule_flags separately from landlock_request in
> is_access_to_paths_allowed to avoid writing to the landlock_request
> variable if CONFIG_AUDIT is disabled (to enable compiler elision).
> - Due to the above change, we don't need rule_flags in landlock_request in
> this commit anymore (will be added later).
>
> Changes in v6:
> - Rebased to include the revised disconnected directory handling changes
> (without the "reverting" behaviour)
>
> Changes in v5:
> - Move rule_flags into landlock_request. This lets us get rid of the
> extra parameters to is_access_to_paths_allowed (and later on,
> landlock_log_denial), and thus less code changes.
>
> Changes in v3:
> - Comment changes, move local variables, simplify if branch
>
> Changes in v2:
> - Comment changes
> - Rebased to include disconnected directory handling changes on mic/next
> and add backing up of collected_rule_flags.
>
> [1]: https://lore.kernel.org/all/20260125195853.109967-1-gnoack3000@gmail.com/
> [2]: https://lore.kernel.org/all/20251221194301.247484-1-utilityemal77@gmail.com/
> [3]: https://lore.kernel.org/all/20260524.eFiz4hahrami@digikod.net/
>
> security/landlock/access.h | 35 +++++++--
> security/landlock/audit.c | 20 ++---
> security/landlock/audit.h | 2 +-
> security/landlock/domain.c | 19 ++---
> security/landlock/domain.h | 2 +-
> security/landlock/fs.c | 147 +++++++++++++++++++-----------------
> security/landlock/limits.h | 3 +
> security/landlock/net.c | 2 +-
> security/landlock/ruleset.c | 33 +++++---
> security/landlock/ruleset.h | 17 ++++-
> 10 files changed, 170 insertions(+), 110 deletions(-)
>
> diff --git a/security/landlock/access.h b/security/landlock/access.h
> index c19d5bc13944..3b8ba6c1300d 100644
> --- a/security/landlock/access.h
> +++ b/security/landlock/access.h
> @@ -62,18 +62,37 @@ static_assert(sizeof(typeof_member(union access_masks_all, masks)) ==
> sizeof(typeof_member(union access_masks_all, all)));
>
> /**
> - * struct layer_access_masks - A boolean matrix of layers and access rights
> + * struct layer_mask - The unfulfilled access rights and rule flags for
> + * a layer.
> *
> - * This has a bit for each combination of layer numbers and access rights.
> - * During access checks, it is used to represent the access rights for each
> - * layer which still need to be fulfilled. When all bits are 0, the access
> - * request is considered to be fulfilled.
> + * During access checks, @access is used to represent the access rights
> + * for each layer which still need to be fulfilled. When all bits in
> + * @access is 0, the access request is allowed by this layer.
> + *
> + * @quiet is used to store whether we have encountered a rule with the
> + * quiet flag for this layer, which will be used to control audit logging.
> + */
> +struct layer_mask {
> + access_mask_t access:LANDLOCK_NUM_ACCESS_MAX;
> +#ifdef CONFIG_AUDIT
> + bool quiet:1;
> +#endif /* CONFIG_AUDIT */
> +};
From landlock-test-tools/docker-run.sh:
Warning: security/landlock/access.h:79 struct member 'access' not described in 'layer_mask'
Warning: security/landlock/access.h:79 struct member 'quiet' not described in 'layer_mask'
Warning: security/landlock/access.h:79 struct member 'access' not described in 'layer_mask'
Warning: security/landlock/access.h:79 struct member 'quiet' not described in 'layer_mask
Probably worth adding these.
Tested this out as a basis of my draft for next version of
the no inherit series and it works great, handles addition
of more flags and passes selftests with no issues.
Tested-by: Justin Suess <utilityemal77@gmail.com>
> [...]
next prev parent reply other threads:[~2026-05-28 22:01 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-05-27 1:01 [PATCH v9 0/9] Implement LANDLOCK_ADD_RULE_QUIET Tingmao Wang
2026-05-27 1:01 ` [PATCH v9 1/9] landlock: Add a place for flags to layer rules Tingmao Wang
2026-05-28 22:01 ` Justin Suess [this message]
2026-05-27 1:01 ` [PATCH v9 2/9] landlock: Add API support and docs for the quiet flags Tingmao Wang
2026-05-27 1:01 ` [PATCH v9 3/9] landlock: Suppress logging when quiet flag is present Tingmao Wang
2026-05-27 1:01 ` [PATCH v9 4/9] samples/landlock: Add quiet flag support to sandboxer Tingmao Wang
2026-05-29 2:34 ` Justin Suess
2026-05-27 1:01 ` [PATCH v9 5/9] selftests/landlock: Replace hard-coded 16 with a constant Tingmao Wang
2026-05-27 1:01 ` [PATCH v9 6/9] selftests/landlock: add tests for quiet flag with fs rules Tingmao Wang
2026-05-27 1:01 ` [PATCH v9 7/9] selftests/landlock: add tests for quiet flag with net rules Tingmao Wang
2026-05-27 1:01 ` [PATCH v9 8/9] selftests/landlock: Add tests for quiet flag with scope Tingmao Wang
2026-05-27 1:01 ` [PATCH v9 9/9] selftests/landlock: Add tests for invalid use of quiet flag Tingmao Wang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ahi4fYCiwYgr6S7I@suesslenovo \
--to=utilityemal77@gmail.com \
--cc=gnoack3000@gmail.com \
--cc=jack@suse.cz \
--cc=linux-security-module@vger.kernel.org \
--cc=m@maowtm.org \
--cc=mic@digikod.net \
--cc=xandfury@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox