[PATCH] security/landlock: use square brackets around "landlock-ruleset"
Mickaël Salaün
mic at digikod.net
Mon Oct 11 14:38:55 UTC 2021
On 11/10/2021 15:37, Christian Brauner wrote:
> From: Christian Brauner <christian.brauner at ubuntu.com>
>
> Make the name of the anon inode fd "[landlock-ruleset]" instead of
> "landlock-ruleset". This is minor but most anon inode fds already
> carry square brackets around their name:
>
> [eventfd]
> [eventpoll]
> [fanotify]
> [fscontext]
> [io_uring]
> [pidfd]
> [signalfd]
> [timerfd]
> [userfaultfd]
>
> For the sake of consistency lets do the same for the landlock-ruleset anon
> inode fd that comes with landlock. We did the same in
> 1cdc415f1083 ("uapi, fsopen: use square brackets around "fscontext" [ver #2]")
> for the new mount api.
Before creating "landlock-ruleset" FD, I looked at other anonymous FD
and saw this kind of inconsistency. I don't get why we need to add extra
characters to names, those brackets seem useless. If it should be part
of the interface, why is it not enforced by anon_inode_getfd()?
There is a lot of other names that come without brackets (e.g. inotify,
bpf-*, btf, kvm-*, iio*). Do you plan to send patches for those too?
Changing such FD names could break user space because they may already
be exposed and used (e.g. through SELinux).
More information about the Linux-security-module-archive
mailing list