[RFC PATCH 5/6] landlock/access: Improve explanation on the deny_masks_t
Mickaël Salaün
mic at digikod.net
Fri Sep 19 16:04:11 UTC 2025
Looks good, I'll take it.
On Tue, Sep 09, 2025 at 01:06:39AM +0100, Tingmao Wang wrote:
> Not really related to this series, but just something which took me a
> while to realize, and would probably be helpful as a comment.
Please just describe the change in the main commit message and move this
kind of explanation bellow a "---", just after your SoB. This is useful
for review and avoid unrelated information when picking a patch out of
this context.
>
> Signed-off-by: Tingmao Wang <m at maowtm.org>
> ---
> security/landlock/access.h | 6 ++++--
> 1 file changed, 4 insertions(+), 2 deletions(-)
>
> diff --git a/security/landlock/access.h b/security/landlock/access.h
> index 7961c6630a2d..5e2285575479 100644
> --- a/security/landlock/access.h
> +++ b/security/landlock/access.h
> @@ -67,8 +67,10 @@ typedef u16 layer_mask_t;
> static_assert(BITS_PER_TYPE(layer_mask_t) >= LANDLOCK_MAX_NUM_LAYERS);
>
> /*
> - * Tracks domains responsible of a denied access. This is required to avoid
> - * storing in each object the full layer_masks[] required by update_request().
> + * Tracks domains responsible of a denied access, stored in the form of
> + * two 4-bit layer numbers packed into a byte (one for each optional
> + * access). This is required to avoid storing in each object the full
> + * layer_masks[] required by update_request().
> */
> typedef u8 deny_masks_t;
>
> --
> 2.51.0
>
>
More information about the Linux-security-module-archive
mailing list