[PATCH v3 5/7] landlock: Convert from sb_mount to granular mount hooks
Paul Moore
paul at paul-moore.com
Mon May 11 19:52:46 UTC 2026
On May 8, 2026 Song Liu <song at kernel.org> wrote:
>
> Replace hook_sb_mount() with granular mount hooks. Landlock denies
> all mount operations for sandboxed processes regardless of flags,
> so all new hooks share a common hook_mount_deny() helper. The
> mount_move hook reuses hook_move_mount().
>
> Code generated with the assistance of Claude, reviewed by human.
>
> Signed-off-by: Song Liu <song at kernel.org>
> ---
> security/landlock/fs.c | 40 ++++++++++++++++++++++++++++++++++++----
> 1 file changed, 36 insertions(+), 4 deletions(-)
Mickaël, Günther, are you okay with this patch?
--
paul-moore.com
More information about the Linux-security-module-archive
mailing list