[PATCH v4 1/4] landlock: Support file truncation

Günther Noack gnoack3000 at gmail.com
Wed Aug 17 16:31:35 UTC 2022


On Tue, Aug 16, 2022 at 09:20:06PM +0200, Mickaël Salaün wrote:
> On 14/08/2022 21:26, Günther Noack wrote:
> > diff --git a/Documentation/userspace-api/landlock.rst b/Documentation/userspace-api/landlock.rst
> > index b8ea59493964..6648e59fabe7 100644
> > --- a/Documentation/userspace-api/landlock.rst
> > +++ b/Documentation/userspace-api/landlock.rst
> > @@ -380,6 +380,16 @@ by the Documentation/admin-guide/cgroup-v1/memory.rst.
> >   Previous limitations
> >   ====================
> > +File truncation (ABI < 3)
> > +-------------------------
> > +
> > +File truncation could not be denied before the third Landlock ABI, so it is
> > +always allowed when using a kernel that only supports the first or second ABI.
> > +
> > +Starting with the Landlock ABI version 3, it is now possible to securely
> > +control truncation thanks to the new `LANDLOCK_ACCESS_FS_TRUNCATE` access
> > +right.
> > +
>
> This should be in the forth patch, below the file renaming and linking
> section.

Good point, moved.

> > diff --git a/include/uapi/linux/landlock.h b/include/uapi/linux/landlock.h
> > index 23df4e0e8ace..a2fef267bf34 100644
> > --- a/include/uapi/linux/landlock.h
> > +++ b/include/uapi/linux/landlock.h
> > @@ -95,8 +95,15 @@ struct landlock_path_beneath_attr {
> >    * A file can only receive these access rights:
> >    *
> >    * - %LANDLOCK_ACCESS_FS_EXECUTE: Execute a file.
> > - * - %LANDLOCK_ACCESS_FS_WRITE_FILE: Open a file with write access.
> > + * - %LANDLOCK_ACCESS_FS_WRITE_FILE: Open a file with write access. Note that
> > + *   you might additionally need the `LANDLOCK_ACCESS_FS_TRUNCATE` right in
> > + *   order to overwrite files with :manpage:`open(2)` using `O_TRUNC` or
> > + *   :manpage:`creat(2)`.
> >    * - %LANDLOCK_ACCESS_FS_READ_FILE: Open a file with read access.
> > + * - %LANDLOCK_ACCESS_FS_TRUNCATE: Truncate a file through file truncation APIs
> > + *   like :manpage:`truncate(2)`, :manpage:`ftruncate(2)`, or
>
> s/through file truncation APIs like/with/

Done.

>
>
> > + *   :manpage:`open(2)` with `O_TRUNC` or :manpage:`creat(2)`. This access right
>
> :manpage:`creat(2)`, or :manpage:`open(2)` using `O_TRUNC`.
>
> With only one "or".

Done.

Thanks for the attention to detail in the review!

—Günther

--



More information about the Linux-security-module-archive mailing list