Re: [PATCH v7 4/9] landlock: Add IOCTL access right

[PATCH v7 0/9] Landlock: IOCTL support · "Günther Noack" <gnoack@google.com> · 2023-12-01
[PATCH v7 1/9] landlock: Remove remaining "inline" modifiers in .c files · "Günther Noack" <gnoack@google.com> · 2023-12-01
[PATCH v7 2/9] selftests/landlock: Rename "permitted" to "allowed" in ftruncate tests · "Günther Noack" <gnoack@google.com> · 2023-12-01
[PATCH v7 3/9] landlock: Optimize the number of calls to get_access_mask slightly · "Günther Noack" <gnoack@google.com> · 2023-12-01
[PATCH v7 4/9] landlock: Add IOCTL access right · "Günther Noack" <gnoack@google.com> · 2023-12-01
Re: [PATCH v7 4/9] landlock: Add IOCTL access right · Jeff Xu <hidden> · 2023-12-01
Re: [PATCH v7 4/9] landlock: Add IOCTL access right · "Günther Noack" <gnoack@google.com> · 2023-12-08
Re: [PATCH v7 4/9] landlock: Add IOCTL access right · Jeff Xu <hidden> · 2023-12-08
[PATCH v7 5/9] selftests/landlock: Test IOCTL support · "Günther Noack" <gnoack@google.com> · 2023-12-01
[PATCH v7 6/9] selftests/landlock: Test IOCTL with memfds · "Günther Noack" <gnoack@google.com> · 2023-12-01
[PATCH v7 7/9] selftests/landlock: Test ioctl(2) and ftruncate(2) with open(O_PATH) · "Günther Noack" <gnoack@google.com> · 2023-12-01
[PATCH v7 8/9] samples/landlock: Add support for LANDLOCK_ACCESS_FS_IOCTL · "Günther Noack" <gnoack@google.com> · 2023-12-01
[PATCH v7 9/9] landlock: Document IOCTL support · "Günther Noack" <gnoack@google.com> · 2023-12-01
Re: [PATCH v7 9/9] landlock: Document IOCTL support · Jeff Xu <hidden> · 2023-12-01
Re: [PATCH v7 9/9] landlock: Document IOCTL support · "Günther Noack" <gnoack@google.com> · 2023-12-08
Re: [PATCH v7 9/9] landlock: Document IOCTL support · Jeff Xu <hidden> · 2023-12-08

From: "Günther Noack" <gnoack@google.com>
Date: 2023-12-08 10:20:54
Also in: linux-fsdevel

Hello Jeff!

On Fri, Dec 01, 2023 at 11:51:16AM -0800, Jeff Xu wrote:

On Fri, Dec 1, 2023 at 6:40 AM Günther Noack [off-list ref] wrote:

quoted

--- a/security/landlock/limits.h
+++ b/security/landlock/limits.h

@@ -18,7 +18,10 @@
 #define LANDLOCK_MAX_NUM_LAYERS                16
 #define LANDLOCK_MAX_NUM_RULES         U32_MAX

-#define LANDLOCK_LAST_ACCESS_FS                LANDLOCK_ACCESS_FS_TRUNCATE
+#define LANDLOCK_LAST_PUBLIC_ACCESS_FS LANDLOCK_ACCESS_FS_IOCTL

iiuc, for the next feature, it only needs to update
LANDLOCK_LAST_PUBLIC_ACCESS_FS to the new LANDLOCK_ACCESS_FS_ABC here.
and keep below the same, right ?

quoted

+#define LANDLOCK_MASK_PUBLIC_ACCESS_FS ((LANDLOCK_LAST_PUBLIC_ACCESS_FS << 1) - 1)
+
+#define LANDLOCK_LAST_ACCESS_FS                (LANDLOCK_LAST_PUBLIC_ACCESS_FS << 4)

maybe add a comment why "<<4" is used ?

I'll add a comment to the section explaining it:

  For file system access rights, Landlock distinguishes between the publicly
  visible access rights (1 to LANDLOCK_LAST_PUBLIC_ACCESS_FS) and the private
  ones which are not exposed to userspace (LANDLOCK_LAST_PUBLIC_ACCESS_FS + 1 to
  LANDLOCK_LAST_ACCESS_FS).  The private access rights are defined in fs.c.

This should clarify both questions, I hope.

You are correct -- the private access rights in fs.c are defined relative to the
last public access right.

—Günther

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help