[PATCH v9 4/9] landlock: Move log_fs_change_topology_dentry() above current_check_refer_path()

Justin Suess utilityemal77 at gmail.com
Sun Jun 21 03:52:17 UTC 2026 

In preparation for a new caller (the no-inherit topology-change check)
that sits earlier in fs.c, move log_fs_change_topology_dentry() above
current_check_refer_path() so that caller does not need a forward
declaration.  Reflow its signature to match log_fs_change_topology_path()
while moving it.

No functional change intended.

Signed-off-by: Justin Suess <utilityemal77 at gmail.com>
---

Notes:
    New patch in v9.
    
    Splits the code motion out of the implementation patch: moves
    log_fs_change_topology_dentry() above current_check_refer_path() so the
    new no-inherit topology-change check does not need a forward
    declaration. No functional change.

 security/landlock/fs.c | 28 ++++++++++++++--------------
 1 file changed, 14 insertions(+), 14 deletions(-)

diff --git a/security/landlock/fs.c b/security/landlock/fs.c
index fd829e06835d..34d1c245af92 100644
--- a/security/landlock/fs.c
+++ b/security/landlock/fs.c
@@ -1115,6 +1115,20 @@ collect_domain_accesses(const struct landlock_ruleset *const domain,
 	return ret;
 }
 
+static void
+log_fs_change_topology_dentry(const struct landlock_cred_security *const subject,
+			      size_t handle_layer, struct dentry *const dentry)
+{
+	landlock_log_denial(subject, &(struct landlock_request) {
+		.type = LANDLOCK_REQUEST_FS_CHANGE_TOPOLOGY,
+		.audit = {
+			.type = LSM_AUDIT_DATA_DENTRY,
+			.u.dentry = dentry,
+		},
+		.layer_plus_one = handle_layer + 1,
+	});
+}
+
 /**
  * current_check_refer_path - Check if a rename or link action is allowed
  *
@@ -1427,20 +1441,6 @@ log_fs_change_topology_path(const struct landlock_cred_security *const subject,
 	});
 }
 
-static void log_fs_change_topology_dentry(
-	const struct landlock_cred_security *const subject, size_t handle_layer,
-	struct dentry *const dentry)
-{
-	landlock_log_denial(subject, &(struct landlock_request) {
-		.type = LANDLOCK_REQUEST_FS_CHANGE_TOPOLOGY,
-		.audit = {
-			.type = LSM_AUDIT_DATA_DENTRY,
-			.u.dentry = dentry,
-		},
-		.layer_plus_one = handle_layer + 1,
-	});
-}
-
 /*
  * Because a Landlock security policy is defined according to the filesystem
  * topology (i.e. the mount namespace), changing it may grant access to files
-- 
2.54.0

More information about the Linux-security-module-archive mailing list