Re: [PATCH -next v2 0/6] landlock: add chmod and chown support

From: xiujianfeng
Date: Tue Apr 18 2023 - 06:53:37 EST


Hi Mickael,

Sorry about the long silence on this work, As we known this work depends
on another work about changing argument from struct dentry to struct
path for some attr/xattr related lsm hooks, I'm stuck with this thing,
because IMA/EVM is a special security module which is not LSM-based
currently, and severely coupled with the file system. so I am waiting
for Roberto Sassu' work (Move IMA and EVM to the LSM infrastructure) to
be ready, I think it can make my work more easy. you can find
Roberto'work here,
https://lwn.net/ml/linux-kernel/20230303181842.1087717-1-roberto.sassu@xxxxxxxxxxxxxxx/

Any good idea are welcome, thanks.


On 2022/8/27 19:12, Xiu Jianfeng wrote:
> v2:
> * abstract walk_to_visible_parent() helper
> * chmod and chown rights only take affect on directory's context
> * add testcase for fchmodat/lchown/fchownat
> * fix other review issues
>
> Xiu Jianfeng (6):
> landlock: expand access_mask_t to u32 type
> landlock: abstract walk_to_visible_parent() helper
> landlock: add chmod and chown support
> landlock/selftests: add selftests for chmod and chown
> landlock/samples: add chmod and chown support
> landlock: update chmod and chown support in document
>
> Documentation/userspace-api/landlock.rst | 9 +-
> include/uapi/linux/landlock.h | 10 +-
> samples/landlock/sandboxer.c | 13 +-
> security/landlock/fs.c | 110 ++++++--
> security/landlock/limits.h | 2 +-
> security/landlock/ruleset.h | 2 +-
> security/landlock/syscalls.c | 2 +-
> tools/testing/selftests/landlock/base_test.c | 2 +-
> tools/testing/selftests/landlock/fs_test.c | 267 ++++++++++++++++++-
> 9 files changed, 386 insertions(+), 31 deletions(-)
>