Re: [PATCH v12 02/12] landlock: Allow filesystem layout changes for domains... | linux-security-module

[PATCH v12 00/12] Network support for Landlock · Konstantin Meskhidze <hidden> · 2023-09-20
[PATCH v12 01/12] landlock: Make ruleset's access masks more generic · Konstantin Meskhidze <hidden> · 2023-09-20
[PATCH v12 02/12] landlock: Allow filesystem layout changes for domains without such rule type · Konstantin Meskhidze <hidden> · 2023-09-20
Re: [PATCH v12 02/12] landlock: Allow filesystem layout changes for domains without such rule type · Mickaël Salaün <mic@digikod.net> · 2023-10-02
Re: [PATCH v12 02/12] landlock: Allow filesystem layout changes for domains without such rule type · Konstantin Meskhidze (A) <hidden> · 2023-10-10
[PATCH v12 04/12] landlock: Refactor merge/inherit_ruleset functions · Konstantin Meskhidze <hidden> · 2023-09-20
[PATCH v12 03/12] landlock: Refactor landlock_find_rule/insert_rule · Konstantin Meskhidze <hidden> · 2023-09-20
[PATCH v12 05/12] landlock: Move and rename layer helpers · Konstantin Meskhidze <hidden> · 2023-09-20
[PATCH v12 07/12] landlock: Refactor landlock_add_rule() syscall · Konstantin Meskhidze <hidden> · 2023-09-20
[PATCH v12 09/12] selftests/landlock: Share enforce_ruleset() · Konstantin Meskhidze <hidden> · 2023-09-20
Re: [PATCH v12 09/12] selftests/landlock: Share enforce_ruleset() · Mickaël Salaün <mic@digikod.net> · 2023-10-02
Re: [PATCH v12 09/12] selftests/landlock: Share enforce_ruleset() · Konstantin Meskhidze (A) <hidden> · 2023-10-10
[PATCH v12 08/12] landlock: Add network rules and TCP hooks support · Konstantin Meskhidze <hidden> · 2023-09-20
Re: [PATCH v12 08/12] landlock: Add network rules and TCP hooks support · Mickaël Salaün <mic@digikod.net> · 2023-10-02
Re: [PATCH v12 08/12] landlock: Add network rules and TCP hooks support · Mickaël Salaün <mic@digikod.net> · 2023-10-09
Re: [PATCH v12 08/12] landlock: Add network rules and TCP hooks support · Mickaël Salaün <mic@digikod.net> · 2023-10-09
Re: [PATCH v12 08/12] landlock: Add network rules and TCP hooks support · Konstantin Meskhidze (A) <hidden> · 2023-10-10
Re: [PATCH v12 08/12] landlock: Add network rules and TCP hooks support · Konstantin Meskhidze (A) <hidden> · 2023-10-10
Re: [PATCH v12 08/12] landlock: Add network rules and TCP hooks support · Mickaël Salaün <mic@digikod.net> · 2023-10-10
Re: [PATCH v12 08/12] landlock: Add network rules and TCP hooks support · Konstantin Meskhidze (A) <hidden> · 2023-10-10
Re: [PATCH v12 08/12] landlock: Add network rules and TCP hooks support · Konstantin Meskhidze (A) <hidden> · 2023-10-10
Re: [PATCH v12 08/12] landlock: Add network rules and TCP hooks support · Mickaël Salaün <mic@digikod.net> · 2023-10-10
Re: [PATCH v12 08/12] landlock: Add network rules and TCP hooks support · Konstantin Meskhidze (A) <hidden> · 2023-10-10
Re: [PATCH v12 08/12] landlock: Add network rules and TCP hooks support · Konstantin Meskhidze (A) <hidden> · 2023-10-11
Re: [PATCH v12 08/12] landlock: Add network rules and TCP hooks support · Mickaël Salaün <mic@digikod.net> · 2023-10-11
Re: [PATCH v12 08/12] landlock: Add network rules and TCP hooks support · Konstantin Meskhidze (A) <hidden> · 2023-10-11
Re: [PATCH v12 08/12] landlock: Add network rules and TCP hooks support · Mickaël Salaün <mic@digikod.net> · 2023-10-09
Re: [PATCH v12 08/12] landlock: Add network rules and TCP hooks support · Konstantin Meskhidze (A) <hidden> · 2023-10-10
[PATCH v12 11/12] samples/landlock: Add network demo · Konstantin Meskhidze <hidden> · 2023-09-20
[PATCH v12 06/12] landlock: Refactor layer helpers · Konstantin Meskhidze <hidden> · 2023-09-20
[PATCH v12 10/12] selftests/landlock: Add 7 new test variants dedicated to network · Konstantin Meskhidze <hidden> · 2023-09-20
[PATCH v12 12/12] landlock: Document Landlock's network support · Konstantin Meskhidze <hidden> · 2023-09-20

Re: [PATCH v12 02/12] landlock: Allow filesystem layout changes for domains without such rule type

From: Mickaël Salaün <mic@digikod.net>
Date: 2023-10-02 20:26:52
Also in: netdev, netfilter-devel

Please change the subject to "landlock: Allow FS topology changes for
domains without such rule type" to be consistent with the documentation.


On Wed, Sep 20, 2023 at 05:26:30PM +0800, Konstantin Meskhidze wrote:

From: Mickaël Salaün <mic@digikod.net>

Allow mount point and root directory changes when there is no filesystem
rule tied to the current Landlock domain.  This doesn't change anything
for now because a domain must have at least a (filesystem) rule, but
this will change when other rule types will come.  For instance, a
domain only restricting the network should have no impact on filesystem
restrictions.

Add a new get_current_fs_domain() helper to quickly check filesystem
rule existence for all filesystem LSM hooks.

Remove unnecessary inlining.

Signed-off-by: Mickaël Salaün <mic@digikod.net>

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help