[PATCH v4 00/10] Implement LANDLOCK_ADD_RULE_QUIET
Justin Suess
utilityemal77 at gmail.com
Sun Nov 23 17:01:03 UTC 2025
I had a question in regards to the quiet flag in how it
should interact with my proposed flag LANDLOCK_ADD_RULE_NO_INHERIT.
Should this flag block inheritence of the LANDLOCK_ADD_RULE_QUIET flag?
It seems to me it should block inheritence of this flag, so you can
create more fine grained audit-suppression rules.
So for example you could quiet logs on /a/b with the exception of /a/b/c
by setting LANDLOCK_ADD_RULE_NO_INHERIT on /a/b/c.
If so, as we add more flags, should this be a general policy that
LANDLOCK_ADD_RULE_NO_INHERIT blocks access right inheritence AND flag
inheritence? With the obvious exception of LANDLOCK_ADD_RULE_NO_INHERIT
itself.
Alternatives could be a new flag to control whether NO_INHERIT also
suppresses flag inheritence.
Or simply having LANDLOCK_ADD_RULE_NO_INHERIT continue to only apply to
access masks.
The latest version of LANDLOCK_ADD_RULE_NO_INHERIT is below for
convienence.
v3:
https://lore.kernel.org/linux-security-module/20251120222346.1157004-1-utilityemal77@gmail.com/T/#t
Kind Regards,
Justin Suess
More information about the Linux-security-module-archive
mailing list