From: James Morris <jmorris@namei.org>
To: "Mickaël Salaün" <mic@digikod.net>
Cc: linux-kernel@vger.kernel.org, "Al Viro" <viro@zeniv.linux.org.uk>,
"Andy Lutomirski" <luto@amacapital.net>,
"Arnd Bergmann" <arnd@arndb.de>,
"Casey Schaufler" <casey@schaufler-ca.com>,
"Jann Horn" <jannh@google.com>,
"Jonathan Corbet" <corbet@lwn.net>,
"Kees Cook" <keescook@chromium.org>,
"Michael Kerrisk" <mtk.manpages@gmail.com>,
"Mickaël Salaün" <mickael.salaun@ssi.gouv.fr>,
"Serge E . Hallyn" <serge@hallyn.com>,
"Shuah Khan" <shuah@kernel.org>,
"Vincent Dagonneau" <vincent.dagonneau@ssi.gouv.fr>,
kernel-hardening@lists.openwall.com, linux-api@vger.kernel.org,
linux-arch@vger.kernel.org, linux-doc@vger.kernel.org,
linux-fsdevel@vger.kernel.org, linux-kselftest@vger.kernel.org,
linux-security-module@vger.kernel.org, x86@kernel.org
Subject: Re: [PATCH v17 05/10] fs,landlock: Support filesystem access-control
Date: Thu, 14 May 2020 13:37:49 +1000 (AEST) [thread overview]
Message-ID: <alpine.LRH.2.21.2005141335280.30052@namei.org> (raw)
In-Reply-To: <20200511192156.1618284-6-mic@digikod.net>
[-- Attachment #1: Type: text/plain, Size: 699 bytes --]
On Mon, 11 May 2020, Mickaël Salaün wrote:
> diff --git a/include/linux/fs.h b/include/linux/fs.h
> index 45cc10cdf6dd..2276642f8e05 100644
> --- a/include/linux/fs.h
> +++ b/include/linux/fs.h
> @@ -1517,6 +1517,11 @@ struct super_block {
> /* Pending fsnotify inode refs */
> atomic_long_t s_fsnotify_inode_refs;
>
> +#ifdef CONFIG_SECURITY_LANDLOCK
> + /* References to Landlock underlying objects */
> + atomic_long_t s_landlock_inode_refs;
> +#endif
> +
This needs to be converted to the LSM API via superblock blob stacking.
See Casey's old patch:
https://lore.kernel.org/linux-security-module/20190829232935.7099-2-casey@schaufler-ca.com/
--
James Morris
<jmorris@namei.org>
next prev parent reply other threads:[~2020-05-14 3:38 UTC|newest]
Thread overview: 35+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-05-11 19:21 [PATCH v17 00/10] Landlock LSM Mickaël Salaün
2020-05-11 19:21 ` Mickaël Salaün
2020-05-11 19:21 ` [PATCH v17 01/10] landlock: Add object management Mickaël Salaün
2020-05-11 19:21 ` Mickaël Salaün
2020-05-11 19:21 ` [PATCH v17 02/10] landlock: Add ruleset and domain management Mickaël Salaün
2020-05-11 19:21 ` Mickaël Salaün
2020-05-14 3:09 ` James Morris
2020-05-14 10:27 ` Mickaël Salaün
2020-05-11 19:21 ` [PATCH v17 03/10] landlock: Set up the security framework and manage credentials Mickaël Salaün
2020-05-11 19:21 ` Mickaël Salaün
2020-05-11 19:21 ` [PATCH v17 04/10] landlock: Add ptrace restrictions Mickaël Salaün
2020-05-11 19:21 ` Mickaël Salaün
2020-05-11 19:21 ` [PATCH v17 05/10] fs,landlock: Support filesystem access-control Mickaël Salaün
2020-05-11 19:21 ` Mickaël Salaün
2020-05-14 3:37 ` James Morris [this message]
2020-05-14 10:39 ` Mickaël Salaün
2020-05-14 10:39 ` Mickaël Salaün
2020-05-14 10:39 ` Mickaël Salaün
2020-05-14 15:58 ` Casey Schaufler
2020-05-14 18:46 ` Mickaël Salaün
2020-05-14 17:31 ` James Morris
2020-05-14 18:49 ` Mickaël Salaün
2020-05-14 19:37 ` James Morris
2020-05-11 19:21 ` [PATCH v17 06/10] landlock: Add syscall implementation Mickaël Salaün
2020-05-11 19:21 ` Mickaël Salaün
2020-05-11 19:21 ` [PATCH v17 07/10] arch: Wire up landlock() syscall Mickaël Salaün
2020-05-11 19:21 ` Mickaël Salaün
2020-05-11 19:21 ` [PATCH v17 08/10] selftests/landlock: Add initial tests Mickaël Salaün
2020-05-11 19:21 ` Mickaël Salaün
2020-05-11 19:21 ` [PATCH v17 09/10] samples/landlock: Add a sandbox manager example Mickaël Salaün
2020-05-11 19:21 ` Mickaël Salaün
2020-05-11 19:21 ` [PATCH v17 10/10] landlock: Add user and kernel documentation Mickaël Salaün
2020-05-11 19:21 ` Mickaël Salaün
2020-05-11 21:54 ` [PATCH v17 00/10] Landlock LSM Mickaël Salaün
2020-05-11 21:54 ` Mickaël Salaün
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=alpine.LRH.2.21.2005141335280.30052@namei.org \
--to=jmorris@namei.org \
--cc=arnd@arndb.de \
--cc=casey@schaufler-ca.com \
--cc=corbet@lwn.net \
--cc=jannh@google.com \
--cc=keescook@chromium.org \
--cc=kernel-hardening@lists.openwall.com \
--cc=linux-api@vger.kernel.org \
--cc=linux-arch@vger.kernel.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-kselftest@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=luto@amacapital.net \
--cc=mic@digikod.net \
--cc=mickael.salaun@ssi.gouv.fr \
--cc=mtk.manpages@gmail.com \
--cc=serge@hallyn.com \
--cc=shuah@kernel.org \
--cc=vincent.dagonneau@ssi.gouv.fr \
--cc=viro@zeniv.linux.org.uk \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.