[PATCH v33 07/12] landlock: Support filesystem access-control

James Morris jmorris at namei.org
Thu Apr 8 20:28:44 UTC 2021

On Wed, 7 Apr 2021, Mickaël Salaün wrote:

> Changes since v31:
> * Gracefully forbid reparenting by returning EXDEV in hook_path_link()
>   and hook_path_rename() (hinted by Al Viro).
> * Replace excessive WARN_ON_ONCE() with unlikely() in
>   hook_path_rename() and use ENOENT instead of EACCES.
> * Improve comment in unmask_layers() (pointed out by Al Viro).  Also use
>   filesystem "topology" instead of "layout", which seems more
>   appropriate.
> * Add access(2) to the documented list of unsupported syscall families.
> * Replace "option" with "flag" in hook_sb_mount() comment.

Good to see these changes.

Al: any further comments now on this patch?

James Morris
<jmorris at namei.org>

More information about the Linux-security-module-archive mailing list