[PATCH] landlock/ruleset: Minor comments improvements

Tingmao Wang m at maowtm.org
Tue May 27 20:54:48 UTC 2025


Hi Mickaël,

This patch contains some small comment changes.  The first three I sort of
made along the way while working on / trying to understand landlock, and
the last one was from the hashtable patch but extracted here.

Signed-off-by: Tingmao Wang <m at maowtm.org>
---
 security/landlock/ruleset.c | 11 ++++++++++-
 security/landlock/ruleset.h |  2 +-
 2 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/security/landlock/ruleset.c b/security/landlock/ruleset.c
index ce7940efea51..2ed7043ed2f2 100644
--- a/security/landlock/ruleset.c
+++ b/security/landlock/ruleset.c
@@ -83,6 +83,10 @@ static void build_check_rule(void)
 		.num_layers = ~0,
 	};
 
+	/*
+	 * Check that .num_layers is large enough for at least
+	 * LANDLOCK_MAX_NUM_LAYERS layers
+	 */
 	BUILD_BUG_ON(rule.num_layers < LANDLOCK_MAX_NUM_LAYERS);
 }
 
@@ -290,6 +294,10 @@ static void build_check_layer(void)
 		.access = ~0,
 	};
 
+	/*
+	 * Check that .level and .access are large enough to contain their
+	 * expected max values.
+	 */
 	BUILD_BUG_ON(layer.level < LANDLOCK_MAX_NUM_LAYERS);
 	BUILD_BUG_ON(layer.access < LANDLOCK_MASK_ACCESS_FS);
 }
@@ -645,7 +653,8 @@ bool landlock_unmask_layers(const struct landlock_rule *const rule,
 
 		/*
 		 * Records in @layer_masks which layer grants access to each
-		 * requested access.
+		 * requested access (bit in layer mask cleared if layer grants
+		 * access).
 		 */
 		is_empty = true;
 		for_each_set_bit(access_bit, &access_req, masks_array_size) {
diff --git a/security/landlock/ruleset.h b/security/landlock/ruleset.h
index 5da9a64f5af7..dfd883a9a52a 100644
--- a/security/landlock/ruleset.h
+++ b/security/landlock/ruleset.h
@@ -27,7 +27,7 @@ struct landlock_hierarchy;
  */
 struct landlock_layer {
 	/**
-	 * @level: Position of this layer in the layer stack.
+	 * @level: Position of this layer in the layer stack. Starts from 1.
 	 */
 	u16 level;
 	/**

base-commit: a5806cd506af5a7c19bcd596e4708b5c464bfd21
-- 
2.49.0




More information about the Linux-security-module-archive mailing list