[PATCH v6 3/9] landlock: Control pathname UNIX domain socket resolution by path
Mickaël Salaün
mic at digikod.net
Wed Mar 18 16:26:20 UTC 2026
On Wed, Mar 18, 2026 at 04:05:59PM +0100, Sebastian Andrzej Siewior wrote:
> On 2026-03-18 10:14:52 [-0400], Justin Suess wrote:
> > Sebastian,
> Justin,
>
> > In short: dom_other is a pointer to a landlock-owned refcounted struct.
> …
> >
> > But we copy the domain pointer, which points to a landlock allocated
> > and controlled object.
>
> and this is not going away while we are here and preempted after
> dropping the lock? (if the landlock policy is updated/ changed/ …)
I agree with Sebastian, this is a bug, see my original proposal:
https://lore.kernel.org/all/20260217.lievaS8eeng8@digikod.net/
More information about the Linux-security-module-archive
mailing list