[PATCH] landlock/ruleset: Minor comments improvements

Mickaël Salaün mic at digikod.net
Tue Jul 22 12:52:45 UTC 2025 

I squash with patch with the fs.c one.  They are now in my -next tree.
Thanks!

On Tue, May 27, 2025 at 09:54:48PM +0100, Tingmao Wang wrote:
> Hi Mickaël,
> 
> This patch contains some small comment changes.  The first three I sort of
> made along the way while working on / trying to understand landlock, and
> the last one was from the hashtable patch but extracted here.
> 
> Signed-off-by: Tingmao Wang <m at maowtm.org>
> ---
>  security/landlock/ruleset.c | 11 ++++++++++-
>  security/landlock/ruleset.h |  2 +-
>  2 files changed, 11 insertions(+), 2 deletions(-)
> 
> diff --git a/security/landlock/ruleset.c b/security/landlock/ruleset.c
> index ce7940efea51..2ed7043ed2f2 100644
> --- a/security/landlock/ruleset.c
> +++ b/security/landlock/ruleset.c
> @@ -83,6 +83,10 @@ static void build_check_rule(void)
>  		.num_layers = ~0,
>  	};
>  
> +	/*
> +	 * Check that .num_layers is large enough for at least
> +	 * LANDLOCK_MAX_NUM_LAYERS layers
> +	 */
>  	BUILD_BUG_ON(rule.num_layers < LANDLOCK_MAX_NUM_LAYERS);
>  }
>  
> @@ -290,6 +294,10 @@ static void build_check_layer(void)
>  		.access = ~0,
>  	};
>  
> +	/*
> +	 * Check that .level and .access are large enough to contain their
> +	 * expected max values.
> +	 */
>  	BUILD_BUG_ON(layer.level < LANDLOCK_MAX_NUM_LAYERS);
>  	BUILD_BUG_ON(layer.access < LANDLOCK_MASK_ACCESS_FS);
>  }
> @@ -645,7 +653,8 @@ bool landlock_unmask_layers(const struct landlock_rule *const rule,
>  
>  		/*
>  		 * Records in @layer_masks which layer grants access to each
> -		 * requested access.
> +		 * requested access (bit in layer mask cleared if layer grants
> +		 * access).
>  		 */
>  		is_empty = true;
>  		for_each_set_bit(access_bit, &access_req, masks_array_size) {
> diff --git a/security/landlock/ruleset.h b/security/landlock/ruleset.h
> index 5da9a64f5af7..dfd883a9a52a 100644
> --- a/security/landlock/ruleset.h
> +++ b/security/landlock/ruleset.h
> @@ -27,7 +27,7 @@ struct landlock_hierarchy;
>   */
>  struct landlock_layer {
>  	/**
> -	 * @level: Position of this layer in the layer stack.
> +	 * @level: Position of this layer in the layer stack. Starts from 1.
>  	 */
>  	u16 level;
>  	/**
> 
> base-commit: a5806cd506af5a7c19bcd596e4708b5c464bfd21
> -- 
> 2.49.0
> 
>

More information about the Linux-security-module-archive mailing list