From: "Günther Noack" <gnoack@google.com>
To: linux-security-module@vger.kernel.org,
"Mickaël Salaün" <mic@digikod.net>
Cc: "Jeff Xu" <jeffxu@google.com>,
"Jorge Lucangeli Obes" <jorgelo@chromium.org>,
"Allen Webb" <allenwebb@google.com>,
"Dmitry Torokhov" <dtor@google.com>,
"Paul Moore" <paul@paul-moore.com>,
"Konstantin Meskhidze" <konstantin.meskhidze@huawei.com>,
"Matt Bobrowski" <repnop@google.com>,
linux-fsdevel@vger.kernel.org,
"Günther Noack" <gnoack@google.com>
Subject: [PATCH v8 5/9] selftests/landlock: Test IOCTL support
Date: Fri, 8 Dec 2023 16:51:17 +0100 [thread overview]
Message-ID: <20231208155121.1943775-6-gnoack@google.com> (raw)
In-Reply-To: <20231208155121.1943775-1-gnoack@google.com>
Exercises Landlock's IOCTL feature in different combinations of
handling and permitting the rights LANDLOCK_ACCESS_FS_IOCTL,
LANDLOCK_ACCESS_FS_READ_FILE, LANDLOCK_ACCESS_FS_WRITE_FILE and
LANDLOCK_ACCESS_FS_READ_DIR, and in different combinations of using
files and directories.
Signed-off-by: Günther Noack <gnoack@google.com>
---
tools/testing/selftests/landlock/fs_test.c | 431 ++++++++++++++++++++-
1 file changed, 428 insertions(+), 3 deletions(-)
diff --git a/tools/testing/selftests/landlock/fs_test.c b/tools/testing/selftests/landlock/fs_test.c
index 192608c3e840..054779ef4527 100644
--- a/tools/testing/selftests/landlock/fs_test.c
+++ b/tools/testing/selftests/landlock/fs_test.c
@@ -9,6 +9,7 @@
#define _GNU_SOURCE
#include <fcntl.h>
+#include <linux/fs.h>
#include <linux/landlock.h>
#include <linux/magic.h>
#include <sched.h>
@@ -733,6 +734,9 @@ static int create_ruleset(struct __test_metadata *const _metadata,
}
for (i = 0; rules[i].path; i++) {
+ if (!rules[i].access)
+ continue;
+
add_path_beneath(_metadata, ruleset_fd, rules[i].access,
rules[i].path);
}
@@ -3441,7 +3445,7 @@ TEST_F_FORK(layout1, truncate_unhandled)
LANDLOCK_ACCESS_FS_WRITE_FILE;
int ruleset_fd;
- /* Enable Landlock. */
+ /* Enables Landlock. */
ruleset_fd = create_ruleset(_metadata, handled, rules);
ASSERT_LE(0, ruleset_fd);
@@ -3524,7 +3528,7 @@ TEST_F_FORK(layout1, truncate)
LANDLOCK_ACCESS_FS_TRUNCATE;
int ruleset_fd;
- /* Enable Landlock. */
+ /* Enables Landlock. */
ruleset_fd = create_ruleset(_metadata, handled, rules);
ASSERT_LE(0, ruleset_fd);
@@ -3750,7 +3754,7 @@ TEST_F_FORK(ftruncate, open_and_ftruncate)
};
int fd, ruleset_fd;
- /* Enable Landlock. */
+ /* Enables Landlock. */
ruleset_fd = create_ruleset(_metadata, variant->handled, rules);
ASSERT_LE(0, ruleset_fd);
enforce_ruleset(_metadata, ruleset_fd);
@@ -3827,6 +3831,16 @@ TEST_F_FORK(ftruncate, open_and_ftruncate_in_different_processes)
ASSERT_EQ(0, close(socket_fds[1]));
}
+/* Invokes the FS_IOC_GETFLAGS IOCTL and returns its errno or 0. */
+static int test_fs_ioc_getflags_ioctl(int fd)
+{
+ uint32_t flags;
+
+ if (ioctl(fd, FS_IOC_GETFLAGS, &flags) < 0)
+ return errno;
+ return 0;
+}
+
TEST(memfd_ftruncate)
{
int fd;
@@ -3843,6 +3857,417 @@ TEST(memfd_ftruncate)
ASSERT_EQ(0, close(fd));
}
+/* clang-format off */
+FIXTURE(ioctl) {};
+/* clang-format on */
+
+FIXTURE_SETUP(ioctl)
+{
+ prepare_layout(_metadata);
+ create_file(_metadata, file1_s1d1);
+}
+
+FIXTURE_TEARDOWN(ioctl)
+{
+ EXPECT_EQ(0, remove_path(file1_s1d1));
+ cleanup_layout(_metadata);
+}
+
+FIXTURE_VARIANT(ioctl)
+{
+ const __u64 handled;
+ const __u64 allowed;
+ const mode_t open_mode;
+ /*
+ * These are the expected IOCTL results for a representative IOCTL from
+ * each of the IOCTL groups. We only distinguish the 0 and EACCES
+ * results here, and treat other errors as 0.
+ */
+ const int expected_fioqsize_result; /* G1 */
+ const int expected_fibmap_result; /* G2 */
+ const int expected_fionread_result; /* G3 */
+ const int expected_fs_ioc_zero_range_result; /* G4 */
+ const int expected_fs_ioc_getflags_result; /* other */
+};
+
+/* clang-format off */
+FIXTURE_VARIANT_ADD(ioctl, handled_i_allowed_none) {
+ /* clang-format on */
+ .handled = LANDLOCK_ACCESS_FS_IOCTL,
+ .allowed = 0,
+ .open_mode = O_RDWR,
+ .expected_fioqsize_result = EACCES,
+ .expected_fibmap_result = EACCES,
+ .expected_fionread_result = EACCES,
+ .expected_fs_ioc_zero_range_result = EACCES,
+ .expected_fs_ioc_getflags_result = EACCES,
+};
+
+/* clang-format off */
+FIXTURE_VARIANT_ADD(ioctl, handled_i_allowed_i) {
+ /* clang-format on */
+ .handled = LANDLOCK_ACCESS_FS_IOCTL,
+ .allowed = LANDLOCK_ACCESS_FS_IOCTL,
+ .open_mode = O_RDWR,
+ .expected_fioqsize_result = 0,
+ .expected_fibmap_result = 0,
+ .expected_fionread_result = 0,
+ .expected_fs_ioc_zero_range_result = 0,
+ .expected_fs_ioc_getflags_result = 0,
+};
+
+/* clang-format off */
+FIXTURE_VARIANT_ADD(ioctl, unhandled) {
+ /* clang-format on */
+ .handled = LANDLOCK_ACCESS_FS_EXECUTE,
+ .allowed = LANDLOCK_ACCESS_FS_EXECUTE,
+ .open_mode = O_RDWR,
+ .expected_fioqsize_result = 0,
+ .expected_fibmap_result = 0,
+ .expected_fionread_result = 0,
+ .expected_fs_ioc_zero_range_result = 0,
+ .expected_fs_ioc_getflags_result = 0,
+};
+
+/* clang-format off */
+FIXTURE_VARIANT_ADD(ioctl, handled_rwd_allowed_r) {
+ /* clang-format on */
+ .handled = LANDLOCK_ACCESS_FS_READ_FILE |
+ LANDLOCK_ACCESS_FS_WRITE_FILE | LANDLOCK_ACCESS_FS_READ_DIR,
+ .allowed = LANDLOCK_ACCESS_FS_READ_FILE,
+ .open_mode = O_RDONLY,
+ /* If LANDLOCK_ACCESS_FS_IOCTL is not handled, all IOCTLs work. */
+ .expected_fioqsize_result = 0,
+ .expected_fibmap_result = 0,
+ .expected_fionread_result = 0,
+ .expected_fs_ioc_zero_range_result = 0,
+ .expected_fs_ioc_getflags_result = 0,
+};
+
+/* clang-format off */
+FIXTURE_VARIANT_ADD(ioctl, handled_rwd_allowed_w) {
+ /* clang-format on */
+ .handled = LANDLOCK_ACCESS_FS_READ_FILE |
+ LANDLOCK_ACCESS_FS_WRITE_FILE | LANDLOCK_ACCESS_FS_READ_DIR,
+ .allowed = LANDLOCK_ACCESS_FS_WRITE_FILE,
+ .open_mode = O_WRONLY,
+ /* If LANDLOCK_ACCESS_FS_IOCTL is not handled, all IOCTLs work. */
+ .expected_fioqsize_result = 0,
+ .expected_fibmap_result = 0,
+ .expected_fionread_result = 0,
+ .expected_fs_ioc_zero_range_result = 0,
+ .expected_fs_ioc_getflags_result = 0,
+};
+
+/* clang-format off */
+FIXTURE_VARIANT_ADD(ioctl, handled_ri_allowed_r) {
+ /* clang-format on */
+ .handled = LANDLOCK_ACCESS_FS_READ_FILE | LANDLOCK_ACCESS_FS_IOCTL,
+ .allowed = LANDLOCK_ACCESS_FS_READ_FILE,
+ .open_mode = O_RDONLY,
+ .expected_fioqsize_result = 0,
+ .expected_fibmap_result = 0,
+ .expected_fionread_result = 0,
+ .expected_fs_ioc_zero_range_result = EACCES,
+ .expected_fs_ioc_getflags_result = EACCES,
+};
+
+/* clang-format off */
+FIXTURE_VARIANT_ADD(ioctl, handled_wi_allowed_w) {
+ /* clang-format on */
+ .handled = LANDLOCK_ACCESS_FS_WRITE_FILE | LANDLOCK_ACCESS_FS_IOCTL,
+ .allowed = LANDLOCK_ACCESS_FS_WRITE_FILE,
+ .open_mode = O_WRONLY,
+ .expected_fioqsize_result = 0,
+ .expected_fibmap_result = 0,
+ .expected_fionread_result = EACCES,
+ .expected_fs_ioc_zero_range_result = 0,
+ .expected_fs_ioc_getflags_result = EACCES,
+};
+
+/* clang-format off */
+FIXTURE_VARIANT_ADD(ioctl, handled_di_allowed_d) {
+ /* clang-format on */
+ .handled = LANDLOCK_ACCESS_FS_READ_DIR | LANDLOCK_ACCESS_FS_IOCTL,
+ .allowed = LANDLOCK_ACCESS_FS_READ_DIR,
+ .open_mode = O_RDWR,
+ .expected_fioqsize_result = 0,
+ .expected_fibmap_result = EACCES,
+ .expected_fionread_result = EACCES,
+ .expected_fs_ioc_zero_range_result = EACCES,
+ .expected_fs_ioc_getflags_result = EACCES,
+};
+
+/* clang-format off */
+FIXTURE_VARIANT_ADD(ioctl, handled_rwi_allowed_rw) {
+ /* clang-format on */
+ .handled = LANDLOCK_ACCESS_FS_READ_FILE |
+ LANDLOCK_ACCESS_FS_WRITE_FILE | LANDLOCK_ACCESS_FS_IOCTL,
+ .allowed = LANDLOCK_ACCESS_FS_READ_FILE | LANDLOCK_ACCESS_FS_WRITE_FILE,
+ .open_mode = O_RDWR,
+ .expected_fioqsize_result = 0,
+ .expected_fibmap_result = 0,
+ .expected_fionread_result = 0,
+ .expected_fs_ioc_zero_range_result = 0,
+ .expected_fs_ioc_getflags_result = EACCES,
+};
+
+/* clang-format off */
+FIXTURE_VARIANT_ADD(ioctl, handled_rwi_allowed_r) {
+ /* clang-format on */
+ .handled = LANDLOCK_ACCESS_FS_READ_FILE |
+ LANDLOCK_ACCESS_FS_WRITE_FILE | LANDLOCK_ACCESS_FS_IOCTL,
+ .allowed = LANDLOCK_ACCESS_FS_READ_FILE,
+ .open_mode = O_RDONLY,
+ .expected_fioqsize_result = 0,
+ .expected_fibmap_result = 0,
+ .expected_fionread_result = 0,
+ .expected_fs_ioc_zero_range_result = EACCES,
+ .expected_fs_ioc_getflags_result = EACCES,
+};
+
+/* clang-format off */
+FIXTURE_VARIANT_ADD(ioctl, handled_rwi_allowed_ri) {
+ /* clang-format on */
+ .handled = LANDLOCK_ACCESS_FS_READ_FILE |
+ LANDLOCK_ACCESS_FS_WRITE_FILE | LANDLOCK_ACCESS_FS_IOCTL,
+ .allowed = LANDLOCK_ACCESS_FS_READ_FILE | LANDLOCK_ACCESS_FS_IOCTL,
+ .open_mode = O_RDONLY,
+ .expected_fioqsize_result = 0,
+ .expected_fibmap_result = 0,
+ .expected_fionread_result = 0,
+ .expected_fs_ioc_zero_range_result = EACCES,
+ .expected_fs_ioc_getflags_result = 0,
+};
+
+/* clang-format off */
+FIXTURE_VARIANT_ADD(ioctl, handled_rwi_allowed_w) {
+ /* clang-format on */
+ .handled = LANDLOCK_ACCESS_FS_READ_FILE |
+ LANDLOCK_ACCESS_FS_WRITE_FILE | LANDLOCK_ACCESS_FS_IOCTL,
+ .allowed = LANDLOCK_ACCESS_FS_WRITE_FILE,
+ .open_mode = O_WRONLY,
+ .expected_fioqsize_result = 0,
+ .expected_fibmap_result = 0,
+ .expected_fionread_result = EACCES,
+ .expected_fs_ioc_zero_range_result = 0,
+ .expected_fs_ioc_getflags_result = EACCES,
+};
+
+/* clang-format off */
+FIXTURE_VARIANT_ADD(ioctl, handled_rwi_allowed_wi) {
+ /* clang-format on */
+ .handled = LANDLOCK_ACCESS_FS_READ_FILE |
+ LANDLOCK_ACCESS_FS_WRITE_FILE | LANDLOCK_ACCESS_FS_IOCTL,
+ .allowed = LANDLOCK_ACCESS_FS_WRITE_FILE | LANDLOCK_ACCESS_FS_IOCTL,
+ .open_mode = O_WRONLY,
+ .expected_fioqsize_result = 0,
+ .expected_fibmap_result = 0,
+ .expected_fionread_result = EACCES,
+ .expected_fs_ioc_zero_range_result = 0,
+ .expected_fs_ioc_getflags_result = 0,
+};
+
+static int test_fioqsize_ioctl(int fd)
+{
+ size_t sz;
+
+ if (ioctl(fd, FIOQSIZE, &sz) < 0)
+ return errno;
+ return 0;
+}
+
+static int test_fibmap_ioctl(int fd)
+{
+ int blk = 0;
+
+ /*
+ * We only want to distinguish here whether Landlock already caught it,
+ * so we treat anything but EACCESS as success. (It commonly returns
+ * EPERM when missing CAP_SYS_RAWIO.)
+ */
+ if (ioctl(fd, FIBMAP, &blk) < 0 && errno == EACCES)
+ return errno;
+ return 0;
+}
+
+static int test_fionread_ioctl(int fd)
+{
+ size_t sz = 0;
+
+ if (ioctl(fd, FIONREAD, &sz) < 0 && errno == EACCES)
+ return errno;
+ return 0;
+}
+
+#define FS_IOC_ZERO_RANGE _IOW('X', 57, struct space_resv)
+
+static int test_fs_ioc_zero_range_ioctl(int fd)
+{
+ struct space_resv {
+ __s16 l_type;
+ __s16 l_whence;
+ __s64 l_start;
+ __s64 l_len; /* len == 0 means until end of file */
+ __s32 l_sysid;
+ __u32 l_pid;
+ __s32 l_pad[4]; /* reserved area */
+ } reservation = {};
+ /*
+ * This can fail for various reasons, but we only want to distinguish
+ * here whether Landlock already caught it, so we treat anything but
+ * EACCES as success.
+ */
+ if (ioctl(fd, FS_IOC_ZERO_RANGE, &reservation) < 0 && errno == EACCES)
+ return errno;
+ return 0;
+}
+
+TEST_F_FORK(ioctl, handle_dir_access_file)
+{
+ const int flag = 0;
+ const struct rule rules[] = {
+ {
+ .path = dir_s1d1,
+ .access = variant->allowed,
+ },
+ {},
+ };
+ int file_fd, ruleset_fd;
+
+ /* Enables Landlock. */
+ ruleset_fd = create_ruleset(_metadata, variant->handled, rules);
+ ASSERT_LE(0, ruleset_fd);
+ enforce_ruleset(_metadata, ruleset_fd);
+ ASSERT_EQ(0, close(ruleset_fd));
+
+ file_fd = open(file1_s1d1, variant->open_mode);
+ ASSERT_LE(0, file_fd);
+
+ /*
+ * Checks that IOCTL commands in each IOCTL group return the expected
+ * errors.
+ */
+ EXPECT_EQ(variant->expected_fioqsize_result,
+ test_fioqsize_ioctl(file_fd));
+ EXPECT_EQ(variant->expected_fibmap_result, test_fibmap_ioctl(file_fd));
+ EXPECT_EQ(variant->expected_fionread_result,
+ test_fionread_ioctl(file_fd));
+ EXPECT_EQ(variant->expected_fs_ioc_zero_range_result,
+ test_fs_ioc_zero_range_ioctl(file_fd));
+ EXPECT_EQ(variant->expected_fs_ioc_getflags_result,
+ test_fs_ioc_getflags_ioctl(file_fd));
+
+ /* Checks that unrestrictable commands are unrestricted. */
+ EXPECT_EQ(0, ioctl(file_fd, FIOCLEX));
+ EXPECT_EQ(0, ioctl(file_fd, FIONCLEX));
+ EXPECT_EQ(0, ioctl(file_fd, FIONBIO, &flag));
+ EXPECT_EQ(0, ioctl(file_fd, FIOASYNC, &flag));
+
+ ASSERT_EQ(0, close(file_fd));
+}
+
+TEST_F_FORK(ioctl, handle_dir_access_dir)
+{
+ const char *const path = dir_s1d1;
+ const int flag = 0;
+ const struct rule rules[] = {
+ {
+ .path = path,
+ .access = variant->allowed,
+ },
+ {},
+ };
+ int dir_fd, ruleset_fd;
+
+ /* Enables Landlock. */
+ ruleset_fd = create_ruleset(_metadata, variant->handled, rules);
+ ASSERT_LE(0, ruleset_fd);
+ enforce_ruleset(_metadata, ruleset_fd);
+ ASSERT_EQ(0, close(ruleset_fd));
+
+ /*
+ * Ignore variant->open_mode for this test, as we intend to open a
+ * directory. If the directory can not be opened, the variant is
+ * infeasible to test with an opened directory.
+ */
+ dir_fd = open(path, O_RDONLY);
+ if (dir_fd < 0)
+ return;
+
+ /*
+ * Checks that IOCTL commands in each IOCTL group return the expected
+ * errors.
+ */
+ EXPECT_EQ(variant->expected_fioqsize_result,
+ test_fioqsize_ioctl(dir_fd));
+ EXPECT_EQ(variant->expected_fibmap_result, test_fibmap_ioctl(dir_fd));
+ EXPECT_EQ(variant->expected_fionread_result,
+ test_fionread_ioctl(dir_fd));
+ EXPECT_EQ(variant->expected_fs_ioc_zero_range_result,
+ test_fs_ioc_zero_range_ioctl(dir_fd));
+ EXPECT_EQ(variant->expected_fs_ioc_getflags_result,
+ test_fs_ioc_getflags_ioctl(dir_fd));
+
+ /* Checks that unrestrictable commands are unrestricted. */
+ EXPECT_EQ(0, ioctl(dir_fd, FIOCLEX));
+ EXPECT_EQ(0, ioctl(dir_fd, FIONCLEX));
+ EXPECT_EQ(0, ioctl(dir_fd, FIONBIO, &flag));
+ EXPECT_EQ(0, ioctl(dir_fd, FIOASYNC, &flag));
+
+ ASSERT_EQ(0, close(dir_fd));
+}
+
+TEST_F_FORK(ioctl, handle_file_access_file)
+{
+ const char *const path = file1_s1d1;
+ const int flag = 0;
+ const struct rule rules[] = {
+ {
+ .path = path,
+ .access = variant->allowed,
+ },
+ {},
+ };
+ int file_fd, ruleset_fd;
+
+ if (variant->allowed & LANDLOCK_ACCESS_FS_READ_DIR) {
+ SKIP(return, "LANDLOCK_ACCESS_FS_READ_DIR "
+ "can not be granted on files");
+ }
+
+ /* Enables Landlock. */
+ ruleset_fd = create_ruleset(_metadata, variant->handled, rules);
+ ASSERT_LE(0, ruleset_fd);
+ enforce_ruleset(_metadata, ruleset_fd);
+ ASSERT_EQ(0, close(ruleset_fd));
+
+ file_fd = open(path, variant->open_mode);
+ ASSERT_LE(0, file_fd);
+
+ /*
+ * Checks that IOCTL commands in each IOCTL group return the expected
+ * errors.
+ */
+ EXPECT_EQ(variant->expected_fioqsize_result,
+ test_fioqsize_ioctl(file_fd));
+ EXPECT_EQ(variant->expected_fibmap_result, test_fibmap_ioctl(file_fd));
+ EXPECT_EQ(variant->expected_fionread_result,
+ test_fionread_ioctl(file_fd));
+ EXPECT_EQ(variant->expected_fs_ioc_zero_range_result,
+ test_fs_ioc_zero_range_ioctl(file_fd));
+ EXPECT_EQ(variant->expected_fs_ioc_getflags_result,
+ test_fs_ioc_getflags_ioctl(file_fd));
+
+ /* Checks that unrestrictable commands are unrestricted. */
+ EXPECT_EQ(0, ioctl(file_fd, FIOCLEX));
+ EXPECT_EQ(0, ioctl(file_fd, FIONCLEX));
+ EXPECT_EQ(0, ioctl(file_fd, FIONBIO, &flag));
+ EXPECT_EQ(0, ioctl(file_fd, FIOASYNC, &flag));
+
+ ASSERT_EQ(0, close(file_fd));
+}
+
/* clang-format off */
FIXTURE(layout1_bind) {};
/* clang-format on */
--
2.43.0.472.g3155946c3a-goog
next prev parent reply other threads:[~2023-12-08 15:51 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-12-08 15:51 [PATCH v8 0/9] Landlock: IOCTL support Günther Noack
2023-12-08 15:51 ` [PATCH v8 1/9] landlock: Remove remaining "inline" modifiers in .c files Günther Noack
2023-12-08 15:51 ` [PATCH v8 2/9] selftests/landlock: Rename "permitted" to "allowed" in ftruncate tests Günther Noack
2023-12-08 15:51 ` [PATCH v8 3/9] landlock: Optimize the number of calls to get_access_mask slightly Günther Noack
2024-01-05 9:38 ` Mickaël Salaün
2023-12-08 15:51 ` [PATCH v8 4/9] landlock: Add IOCTL access right Günther Noack
2023-12-14 9:26 ` Mickaël Salaün
2023-12-14 10:14 ` Mickaël Salaün
2023-12-14 14:28 ` Mickaël Salaün
2024-01-30 18:13 ` Günther Noack
2024-01-31 16:52 ` Mickaël Salaün
2023-12-08 15:51 ` Günther Noack [this message]
2023-12-15 12:52 ` [PATCH v8 5/9] selftests/landlock: Test IOCTL support Aishwarya TCV
2024-01-12 17:31 ` Günther Noack
2024-01-12 18:59 ` Mark Brown
2024-01-15 14:20 ` Günther Noack
2023-12-08 15:51 ` [PATCH v8 6/9] selftests/landlock: Test IOCTL with memfds Günther Noack
2023-12-08 15:51 ` [PATCH v8 7/9] selftests/landlock: Test ioctl(2) and ftruncate(2) with open(O_PATH) Günther Noack
2023-12-08 15:51 ` [PATCH v8 8/9] samples/landlock: Add support for LANDLOCK_ACCESS_FS_IOCTL Günther Noack
2023-12-08 15:51 ` [PATCH v8 9/9] landlock: Document IOCTL support Günther Noack
2023-12-11 7:04 ` Mickaël Salaün
2023-12-11 8:49 ` Günther Noack
2023-12-13 11:21 ` Mickaël Salaün
2023-12-13 11:25 ` Mickaël Salaün
2024-01-12 11:51 ` Günther Noack
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20231208155121.1943775-6-gnoack@google.com \
--to=gnoack@google.com \
--cc=allenwebb@google.com \
--cc=dtor@google.com \
--cc=jeffxu@google.com \
--cc=jorgelo@chromium.org \
--cc=konstantin.meskhidze@huawei.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=mic@digikod.net \
--cc=paul@paul-moore.com \
--cc=repnop@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.