[PATCH v10 1/9] landlock: Add a place for flags to layer rules
Tingmao Wang
m at maowtm.org
Fri Jun 12 01:11:17 UTC 2026
On 6/8/26 23:40, Mickaël Salaün wrote:
> On Mon, Jun 01, 2026 at 01:00:35AM +0100, Tingmao Wang wrote:
>> [...]
>> diff --git a/security/landlock/access.h b/security/landlock/access.h
>> index c19d5bc13944..42d8b5134358 100644
>> --- a/security/landlock/access.h
>> +++ b/security/landlock/access.h
>> @@ -62,18 +62,39 @@ static_assert(sizeof(typeof_member(union access_masks_all, masks)) ==
>> sizeof(typeof_member(union access_masks_all, all)));
>>
>> /**
>> - * struct layer_access_masks - A boolean matrix of layers and access rights
>> - *
>> - * This has a bit for each combination of layer numbers and access rights.
>> - * During access checks, it is used to represent the access rights for each
>> - * layer which still need to be fulfilled. When all bits are 0, the access
>> - * request is considered to be fulfilled.
>> + * struct layer_mask - The unfulfilled access rights and rule flags for
>
> This struct could be used to store "fulfilled" access rights too. The
> previous description is more accurate. Please keep most of the previous
> description too and adjust as needed.
In v10 I attempted to move this description to the doc strings for the
fields, but happy to move back (done in v11).
More information about the Linux-security-module-archive
mailing list