[PATCH v2 1/2] landlock: Fix LOG_SUBDOMAINS_OFF inheritance across fork()
Günther Noack
gnoack3000 at gmail.com
Tue Apr 7 19:02:19 UTC 2026
On Tue, Apr 07, 2026 at 06:41:04PM +0200, Mickaël Salaün wrote:
> hook_cred_transfer() only copies the Landlock security blob when the
> source credential has a domain. This is inconsistent with
> landlock_restrict_self() which can set LOG_SUBDOMAINS_OFF on a
> credential without creating a domain (via the ruleset_fd=-1 path): the
> field is committed but not preserved across fork() because the child's
> prepare_creds() calls hook_cred_transfer() which skips the copy when
> domain is NULL.
>
> This breaks the documented use case where a process mutes subdomain logs
> before forking sandboxed children: the children lose the muting and
> their domains produce unexpected audit records.
>
> Fix this by unconditionally copying the Landlock credential blob.
As before, LGTM for both patches. Thanks for the fixes!
Reviewed-by: Günther Noack <gnoack3000 at gmail.com>
–Günther
More information about the Linux-security-module-archive
mailing list