[PATCH v12 02/12] landlock: Allow filesystem layout changes for domains without such rule type
Konstantin Meskhidze (A)
konstantin.meskhidze at huawei.com
Tue Oct 10 02:17:11 UTC 2023
10/2/2023 11:26 PM, Mickaël Salaün пишет:
> Please change the subject to "landlock: Allow FS topology changes for
> domains without such rule type" to be consistent with the documentation.
>
Got it. Thanks.
>
> On Wed, Sep 20, 2023 at 05:26:30PM +0800, Konstantin Meskhidze wrote:
>> From: Mickaël Salaün <mic at digikod.net>
>>
>> Allow mount point and root directory changes when there is no filesystem
>> rule tied to the current Landlock domain. This doesn't change anything
>> for now because a domain must have at least a (filesystem) rule, but
>> this will change when other rule types will come. For instance, a
>> domain only restricting the network should have no impact on filesystem
>> restrictions.
>>
>> Add a new get_current_fs_domain() helper to quickly check filesystem
>> rule existence for all filesystem LSM hooks.
>>
>> Remove unnecessary inlining.
>>
>> Signed-off-by: Mickaël Salaün <mic at digikod.net>
> .
More information about the Linux-security-module-archive
mailing list