From: Al Viro <viro-RmSDqhL/yNMiFSDQTTA3OLVCufUGDwFn@public.gmane.org>
To: "Mickaël Salaün" <mic-WFhQfpSGs3bR7s880joybQ@public.gmane.org>
Cc: linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
"Andy Lutomirski" <luto-kltTT9wpgjJwATOyAt5JVQ@public.gmane.org>,
"Arnd Bergmann" <arnd-r2nGTMty4D4@public.gmane.org>,
"Casey Schaufler" <casey-iSGtlc1asvQWG2LlvL+J4A@public.gmane.org>,
"Greg Kroah-Hartman"
<gregkh-hQyY1W1yCW8ekmWlsbkhG0B+6BGkLq7r@public.gmane.org>,
"James Morris" <jmorris-gx6/JNMH7DfYtjvyW6yDsg@public.gmane.org>,
"Jann Horn" <jann-XZ1E9jl8jIdeoWH0uzbU5w@public.gmane.org>,
"Jonathan Corbet" <corbet-T1hC0tSOHrs@public.gmane.org>,
"Kees Cook" <keescook-F7+t8E8rja9g9hUCZPvPmw@public.gmane.org>,
"Michael Kerrisk"
<mtk.manpages-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>,
"Mickaël Salaün"
<mickael.salaun-D9rjmswh09VWj0EZb7rXcA@public.gmane.org>,
"Serge E . Hallyn"
<serge-A9i7LUbDfNHQT0dZR+AlfA@public.gmane.org>,
"Shuah Khan" <shuah-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org>,
"Vincent Dagonneau"
<vincent.dagonneau-D9rjmswh09VWj0EZb7rXcA@public.gmane.org>,
kernel-hardening-ZwoEplunGu1jrUoiu81ncdBPR1lH4CV8@public.gmane.org,
linux-api-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
linux-arch-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
linux-doc-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
linux-fsdevel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
linux-kselftest-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
linux-security-module-u79uwXL29TasMV2rI37PzA@public.gmane.org
Subject: Re: [RFC PATCH v14 06/10] landlock: Add syscall implementation
Date: Tue, 17 Mar 2020 16:47:09 +0000 [thread overview]
Message-ID: <20200317164709.GA23230@ZenIV.linux.org.uk> (raw)
In-Reply-To: <20200224160215.4136-7-mic-WFhQfpSGs3bR7s880joybQ@public.gmane.org>
On Mon, Feb 24, 2020 at 05:02:11PM +0100, Mickaël Salaün wrote:
> +static int get_path_from_fd(u64 fd, struct path *path)
> + /*
> + * Only allows O_PATH FD: enable to restrict ambiant (FS) accesses
> + * without requiring to open and risk leaking or misuing a FD. Accept
> + * removed, but still open directory (S_DEAD).
> + */
> + if (!(f.file->f_mode & FMODE_PATH) || !f.file->f_path.mnt ||
^^^^^^^^^^^^^^^^^^^
Could you explain what that one had been be about? The underlined
subexpression is always false; was that supposed to check some
condition and if so, which one?
WARNING: multiple messages have this Message-ID (diff)
From: Al Viro <viro@zeniv.linux.org.uk>
To: "Mickaël Salaün" <mic@digikod.net>
Cc: linux-kernel@vger.kernel.org,
"Andy Lutomirski" <luto@amacapital.net>,
"Arnd Bergmann" <arnd@arndb.de>,
"Casey Schaufler" <casey@schaufler-ca.com>,
"Greg Kroah-Hartman" <gregkh@linuxfoundation.org>,
"James Morris" <jmorris@namei.org>, "Jann Horn" <jann@thejh.net>,
"Jonathan Corbet" <corbet@lwn.net>,
"Kees Cook" <keescook@chromium.org>,
"Michael Kerrisk" <mtk.manpages@gmail.com>,
"Mickaël Salaün" <mickael.salaun@ssi.gouv.fr>,
"Serge E . Hallyn" <serge@hallyn.com>,
"Shuah Khan" <shuah@kernel.org>,
"Vincent Dagonneau" <vincent.dagonneau@ssi.gouv.fr>,
kernel-hardening@lists.openwall.com, linux-api@vger.kernel.org,
linux-arch@vger.kernel.org, linux-doc@vger.kernel.org,
linux-fsdevel@vger.kernel.org, linux-kselftest@vger.kernel.org,
linux-security-module@vger.kernel.org, x86@kernel.org
Subject: Re: [RFC PATCH v14 06/10] landlock: Add syscall implementation
Date: Tue, 17 Mar 2020 16:47:09 +0000 [thread overview]
Message-ID: <20200317164709.GA23230@ZenIV.linux.org.uk> (raw)
Message-ID: <20200317164709.YTtf8tNJIx5W0M7wvbRgjxM8y7pJZUhy4i3ku3-fsqk@z> (raw)
In-Reply-To: <20200224160215.4136-7-mic@digikod.net>
On Mon, Feb 24, 2020 at 05:02:11PM +0100, Mickaël Salaün wrote:
> +static int get_path_from_fd(u64 fd, struct path *path)
> + /*
> + * Only allows O_PATH FD: enable to restrict ambiant (FS) accesses
> + * without requiring to open and risk leaking or misuing a FD. Accept
> + * removed, but still open directory (S_DEAD).
> + */
> + if (!(f.file->f_mode & FMODE_PATH) || !f.file->f_path.mnt ||
^^^^^^^^^^^^^^^^^^^
Could you explain what that one had been be about? The underlined
subexpression is always false; was that supposed to check some
condition and if so, which one?
next prev parent reply other threads:[~2020-03-17 16:47 UTC|newest]
Thread overview: 71+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-02-24 16:02 [RFC PATCH v14 00/10] Landlock LSM Mickaël Salaün
2020-02-24 16:02 ` Mickaël Salaün
2020-02-24 16:02 ` [RFC PATCH v14 01/10] landlock: Add object and rule management Mickaël Salaün
2020-02-24 16:02 ` Mickaël Salaün
2020-02-25 20:49 ` Jann Horn
2020-02-25 20:49 ` Jann Horn
2020-02-26 15:31 ` Mickaël Salaün
2020-02-26 15:31 ` Mickaël Salaün
2020-02-26 20:24 ` Jann Horn
2020-02-26 20:24 ` Jann Horn
2020-02-27 16:46 ` Mickaël Salaün
2020-02-27 16:46 ` Mickaël Salaün
2020-02-24 16:02 ` [RFC PATCH v14 02/10] landlock: Add ruleset and domain management Mickaël Salaün
2020-02-24 16:02 ` Mickaël Salaün
2020-02-24 16:02 ` [RFC PATCH v14 03/10] landlock: Set up the security framework and manage credentials Mickaël Salaün
2020-02-24 16:02 ` Mickaël Salaün
2020-02-24 16:02 ` [RFC PATCH v14 04/10] landlock: Add ptrace restrictions Mickaël Salaün
2020-02-24 16:02 ` Mickaël Salaün
2020-02-24 16:02 ` [RFC PATCH v14 05/10] fs,landlock: Support filesystem access-control Mickaël Salaün
2020-02-24 16:02 ` Mickaël Salaün
2020-02-26 20:29 ` Jann Horn
2020-02-26 20:29 ` Jann Horn
2020-02-27 16:50 ` Mickaël Salaün
2020-02-27 16:50 ` Mickaël Salaün
2020-02-27 16:51 ` Jann Horn
2020-02-27 16:51 ` Jann Horn
2020-02-24 16:02 ` [RFC PATCH v14 06/10] landlock: Add syscall implementation Mickaël Salaün
2020-02-24 16:02 ` Mickaël Salaün
[not found] ` <20200224160215.4136-7-mic-WFhQfpSGs3bR7s880joybQ@public.gmane.org>
2020-03-17 16:47 ` Al Viro [this message]
2020-03-17 16:47 ` Al Viro
2020-03-17 17:51 ` Mickaël Salaün
2020-03-17 17:51 ` Mickaël Salaün
2020-02-24 16:02 ` [RFC PATCH v14 07/10] arch: Wire up landlock() syscall Mickaël Salaün
2020-02-24 16:02 ` Mickaël Salaün
2020-02-24 16:02 ` [RFC PATCH v14 08/10] selftests/landlock: Add initial tests Mickaël Salaün
2020-02-24 16:02 ` Mickaël Salaün
2020-02-24 16:02 ` [RFC PATCH v14 09/10] samples/landlock: Add a sandbox manager example Mickaël Salaün
2020-02-24 16:02 ` Mickaël Salaün
2020-02-24 16:02 ` [RFC PATCH v14 10/10] landlock: Add user and kernel documentation Mickaël Salaün
2020-02-24 16:02 ` Mickaël Salaün
2020-02-29 17:23 ` Randy Dunlap
2020-02-29 17:23 ` Randy Dunlap
[not found] ` <cc8da381-d3dc-3c0a-5afd-96824362b636-wEGCiKHe2LqWVfeAwA7xHQ@public.gmane.org>
2020-03-02 10:03 ` Mickaël Salaün
2020-03-02 10:03 ` Mickaël Salaün
[not found] ` <20200224160215.4136-1-mic-WFhQfpSGs3bR7s880joybQ@public.gmane.org>
2020-02-25 18:49 ` [RFC PATCH v14 00/10] Landlock LSM J Freyensee
2020-02-25 18:49 ` J Freyensee
2020-02-26 15:34 ` Mickaël Salaün
2020-02-26 15:34 ` Mickaël Salaün
2020-02-27 4:20 ` [RFC PATCH v14 01/10] landlock: Add object and rule management Hillf Danton
[not found] ` <20200227042002.3032-1-hdanton-k+cT0dCbe1g@public.gmane.org>
2020-02-27 17:01 ` Mickaël Salaün
2020-02-27 17:01 ` Mickaël Salaün
2020-03-09 23:44 ` [RFC PATCH v14 00/10] Landlock LSM Jann Horn
2020-03-09 23:44 ` Jann Horn
2020-03-11 23:38 ` Mickaël Salaün
2020-03-11 23:38 ` Mickaël Salaün
2020-03-17 16:19 ` Jann Horn
2020-03-17 16:19 ` Jann Horn
2020-03-17 17:50 ` Mickaël Salaün
2020-03-17 17:50 ` Mickaël Salaün
2020-03-17 19:45 ` Jann Horn
2020-03-17 19:45 ` Jann Horn
2020-03-18 12:06 ` Mickaël Salaün
2020-03-18 12:06 ` Mickaël Salaün
2020-03-18 23:33 ` Jann Horn
2020-03-18 23:33 ` Jann Horn
2020-03-19 16:58 ` Mickaël Salaün
2020-03-19 16:58 ` Mickaël Salaün
2020-03-19 21:17 ` Jann Horn
2020-03-19 21:17 ` Jann Horn
2020-03-30 18:26 ` Mickaël Salaün
2020-03-30 18:26 ` Mickaël Salaün
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200317164709.GA23230@ZenIV.linux.org.uk \
--to=viro-rmsdqhl/ynmifsdqtta3olvcufugdwfn@public.gmane.org \
--cc=arnd-r2nGTMty4D4@public.gmane.org \
--cc=casey-iSGtlc1asvQWG2LlvL+J4A@public.gmane.org \
--cc=corbet-T1hC0tSOHrs@public.gmane.org \
--cc=gregkh-hQyY1W1yCW8ekmWlsbkhG0B+6BGkLq7r@public.gmane.org \
--cc=jann-XZ1E9jl8jIdeoWH0uzbU5w@public.gmane.org \
--cc=jmorris-gx6/JNMH7DfYtjvyW6yDsg@public.gmane.org \
--cc=keescook-F7+t8E8rja9g9hUCZPvPmw@public.gmane.org \
--cc=kernel-hardening-ZwoEplunGu1jrUoiu81ncdBPR1lH4CV8@public.gmane.org \
--cc=linux-api-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=linux-arch-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=linux-doc-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=linux-fsdevel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=linux-kselftest-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=linux-security-module-u79uwXL29TasMV2rI37PzA@public.gmane.org \
--cc=luto-kltTT9wpgjJwATOyAt5JVQ@public.gmane.org \
--cc=mic-WFhQfpSGs3bR7s880joybQ@public.gmane.org \
--cc=mickael.salaun-D9rjmswh09VWj0EZb7rXcA@public.gmane.org \
--cc=mtk.manpages-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org \
--cc=serge-A9i7LUbDfNHQT0dZR+AlfA@public.gmane.org \
--cc=shuah-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org \
--cc=vincent.dagonneau-D9rjmswh09VWj0EZb7rXcA@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).