[PATCH v3 3/3] landlock: transpose the layer masks data structure
Tingmao Wang
m at maowtm.org
Mon Apr 6 15:14:35 UTC 2026
On 2/6/26 15:11, Günther Noack wrote:
> [...]
> @@ -406,12 +375,12 @@ void landlock_log_denial(const struct landlock_cred_security *const subject,
> if (missing) {
> /* Gets the nearest domain that denies the request. */
> if (request->layer_masks) {
> - youngest_layer = get_denied_layer(
> - subject->domain, &missing, request->layer_masks,
> - request->layer_masks_size);
> + youngest_layer = get_denied_layer(subject->domain,
> + &missing,
> + request->layer_masks);
> } else {
> youngest_layer = get_layer_from_deny_masks(
> - &missing, request->all_existing_optional_access,
> + &missing, _LANDLOCK_ACCESS_FS_OPTIONAL,
Apologies for the post-merge review, but is this intentional?
request->all_existing_optional_access is only ever set to
_LANDLOCK_ACCESS_FS_OPTIONAL tho so this is not a bug, but I guess the
original code was intended to be generic.
More information about the Linux-security-module-archive
mailing list