From: "Mickaël Salaün" <mic@digikod.net>
To: James Morris <jmorris@namei.org>, Jann Horn <jannh@google.com>,
"Serge E . Hallyn" <serge@hallyn.com>,
Kees Cook <keescook@chromium.org>
Cc: "Al Viro" <viro@zeniv.linux.org.uk>,
"Andrew Morton" <akpm@linux-foundation.org>,
"Andy Lutomirski" <luto@amacapital.net>,
"Anton Ivanov" <anton.ivanov@cambridgegreys.com>,
"Arnd Bergmann" <arnd@arndb.de>,
"Casey Schaufler" <casey@schaufler-ca.com>,
"David Howells" <dhowells@redhat.com>,
"Jeff Dike" <jdike@addtoit.com>,
"Jonathan Corbet" <corbet@lwn.net>,
"Michael Kerrisk" <mtk.manpages@gmail.com>,
"Richard Weinberger" <richard@nod.at>,
"Shuah Khan" <shuah@kernel.org>,
"Vincent Dagonneau" <vincent.dagonneau@ssi.gouv.fr>,
kernel-hardening@lists.openwall.com, linux-api@vger.kernel.org,
linux-arch@vger.kernel.org, linux-doc@vger.kernel.org,
linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org,
linux-kselftest@vger.kernel.org,
linux-security-module@vger.kernel.org, x86@kernel.org,
"Mickaël Salaün" <mic@linux.microsoft.com>
Subject: Re: [PATCH v31 01/12] landlock: Add object management
Date: Wed, 24 Mar 2021 20:34:19 +0100 [thread overview]
Message-ID: <3908b240-8a4b-9bd7-bb5f-b59eaed7cb1f@digikod.net> (raw)
In-Reply-To: <20210324191520.125779-2-mic@digikod.net>
On 24/03/2021 20:15, Mickaël Salaün wrote:
[...]
> diff --git a/security/landlock/object.h b/security/landlock/object.h
> new file mode 100644
> index 000000000000..3e5d5b6941c3
> --- /dev/null
> +++ b/security/landlock/object.h
> @@ -0,0 +1,91 @@
> +/* SPDX-License-Identifier: GPL-2.0-only */
> +/*
> + * Landlock LSM - Object management
> + *
> + * Copyright © 2016-2020 Mickaël Salaün <mic@digikod.net>
> + * Copyright © 2018-2020 ANSSI
> + */
> +
> +#ifndef _SECURITY_LANDLOCK_OBJECT_H
> +#define _SECURITY_LANDLOCK_OBJECT_H
> +
> +#include <linux/compiler_types.h>
> +#include <linux/refcount.h>
> +#include <linux/spinlock.h>
> +
> +struct landlock_object;
> +
> +/**
> + * struct landlock_object_underops - Operations on an underlying object
> + */
> +struct landlock_object_underops {
> + /**
> + * @release: Releases the underlying object (e.g. iput() for an inode).
> + */
> + void (*release)(struct landlock_object *const object)
> + __releases(object->lock);
> +};
> +
> +/**
> + * struct landlock_object - Security blob tied to a kernel object
> + *
> + * The goal of this structure is to enable to tie a set of ephemeral access
> + * rights (pertaining to different domains) to a kernel object (e.g an inode)
> + * in a safe way. This implies to handle concurrent use and modification.
> + *
> + * The lifetime of a &struct landlock_object depends of the rules referring to
You should read "depends on"…
next prev parent reply other threads:[~2021-03-24 19:34 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-03-24 19:15 [PATCH v31 00/12] Landlock LSM Mickaël Salaün
2021-03-24 19:15 ` [PATCH v31 01/12] landlock: Add object management Mickaël Salaün
2021-03-24 19:34 ` Mickaël Salaün [this message]
2021-03-24 19:15 ` [PATCH v31 02/12] landlock: Add ruleset and domain management Mickaël Salaün
2021-03-24 19:15 ` [PATCH v31 03/12] landlock: Set up the security framework and manage credentials Mickaël Salaün
2021-03-24 19:15 ` [PATCH v31 04/12] landlock: Add ptrace restrictions Mickaël Salaün
2021-03-24 19:15 ` [PATCH v31 05/12] LSM: Infrastructure management of the superblock Mickaël Salaün
2021-03-24 19:15 ` [PATCH v31 06/12] fs,security: Add sb_delete hook Mickaël Salaün
2021-03-24 19:15 ` [PATCH v31 07/12] landlock: Support filesystem access-control Mickaël Salaün
2021-03-31 17:33 ` Mickaël Salaün
2021-03-31 17:50 ` Kees Cook
2021-04-01 2:14 ` Al Viro
2021-04-01 17:12 ` Mickaël Salaün
2021-03-24 19:15 ` [PATCH v31 08/12] landlock: Add syscall implementations Mickaël Salaün
2021-03-24 19:15 ` [PATCH v31 09/12] arch: Wire up Landlock syscalls Mickaël Salaün
2021-03-24 19:15 ` [PATCH v31 10/12] selftests/landlock: Add user space tests Mickaël Salaün
2021-03-26 4:30 ` Kees Cook
2021-03-24 19:15 ` [PATCH v31 11/12] samples/landlock: Add a sandbox manager example Mickaël Salaün
2021-03-24 19:15 ` [PATCH v31 12/12] landlock: Add user and kernel documentation Mickaël Salaün
2021-03-26 4:30 ` Kees Cook
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3908b240-8a4b-9bd7-bb5f-b59eaed7cb1f@digikod.net \
--to=mic@digikod.net \
--cc=akpm@linux-foundation.org \
--cc=anton.ivanov@cambridgegreys.com \
--cc=arnd@arndb.de \
--cc=casey@schaufler-ca.com \
--cc=corbet@lwn.net \
--cc=dhowells@redhat.com \
--cc=jannh@google.com \
--cc=jdike@addtoit.com \
--cc=jmorris@namei.org \
--cc=keescook@chromium.org \
--cc=kernel-hardening@lists.openwall.com \
--cc=linux-api@vger.kernel.org \
--cc=linux-arch@vger.kernel.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-kselftest@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=luto@amacapital.net \
--cc=mic@linux.microsoft.com \
--cc=mtk.manpages@gmail.com \
--cc=richard@nod.at \
--cc=serge@hallyn.com \
--cc=shuah@kernel.org \
--cc=vincent.dagonneau@ssi.gouv.fr \
--cc=viro@zeniv.linux.org.uk \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.