Thread (87 messages) 87 messages, 3 authors, 2023-01-11

Re: [PATCH] landlock: Allow filesystem layout changes for domains without such rule type

From: Mickaël Salaün <mic@digikod.net>
Date: 2022-11-28 20:25:43
Also in: netdev, netfilter-devel 

On 28/11/2022 04:02, Konstantin Meskhidze (A) wrote:

11/17/2022 9:55 PM, Mickaël Salaün пишет:
quoted
Allow mount point and root directory changes when there is no filesystem
rule tied to the current Landlock domain.  This doesn't change anything
for now because a domain must have at least a (filesystem) rule, but
this will change when other rule types will come.  For instance, a
domain only restricting the network should have no impact on filesystem
restrictions.

Add a new get_current_fs_domain() helper to quickly check filesystem
rule existence for all filesystem LSM hooks.
    Ok. I got it.
    Do I need also to add a new network helper:
    like landlock_get_raw_net_access_mask?
A get_raw helper would not be useful if there is not network access 
initially denied (like for FS_REFER).
Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help