landlock: Add support for chmod and chown system calls families
Jeffrey Bencteux
jeff at bencteux.fr
Mon Apr 13 19:51:08 UTC 2026
Hi Günther,
On Mon, Apr 13, 2026 at 02:36:43PM +0200, Günther Noack wrote:
> Before you start your investigation completely from scratch,
> did you see the prior work on this topic?
>
> * https://github.com/landlock-lsm/linux/issues/11
> * https://lore.kernel.org/all/20220822114701.26975-1-xiujianfeng@huawei.com/
I missed it, thanks for pointing it out.
> That specific patchset was unfortunately abandoned at the time, but I
> suspect that some of the discussion still applies for your patchset as
> well?
Indeed, my feeling it that Xiu's patchset is more elaborate than mine.
> In my understanding, it was in the end blocked on a LSM hook change.
> (If this is needed, a common approach for doing that hook change is to
> add it to the same patch series as one of the earliest commits.)
To my understanding, it is too. The implementation of
LANDLOCK_ACCESS_FS_(READ|WRITE)_METADATA are tied to several LSM hooks
changes (currently working with dentry/inode and not struct path as
arguments as discussed here:
https://lore.kernel.org/all/df99abcc-e7ec-ad34-27fa-25abee28a300@digikod.net
More information about the Linux-security-module-archive
mailing list