On Thu, 12 Nov 2020, Mickaël Salaün wrote: > Cc: James Morris <jmorris@xxxxxxxxx> > Cc: Jann Horn <jannh@xxxxxxxxxx> > Cc: Kees Cook <keescook@xxxxxxxxxxxx> > Cc: Serge E. Hallyn <serge@xxxxxxxxxx> > Signed-off-by: Mickaël Salaün <mic@xxxxxxxxxxxxxxxxxxx> > --- > > Changes since v23: > * Always intersect access rights. Following the filesystem change > logic, make ruleset updates more consistent by always intersecting > access rights (boolean AND) instead of combining them (boolean OR) for > the same layer. This defensive approach could also help avoid user > space to inadvertently allow multiple access rights for the same > object (e.g. write and execute access on a path hierarchy) instead of > dealing with such inconsistency. This can happen when there is no > deduplication of objects (e.g. paths and underlying inodes) whereas > they get different access rights with landlock_add_rule(2). > * Add extra checks to make sure that: > - there is always an (allocated) object in each used rules; > - when updating a ruleset with a new rule (i.e. not merging two > rulesets), the ruleset doesn't contain multiple layers. > * Hide merge parameter from the public landlock_insert_rule() API. This > helps avoid misuse of this function. > * Replace a remaining hardcoded 1 with SINGLE_DEPTH_NESTING. Jann: any chance you could review this patch again given the changes above? Thanks. -- James Morris <jmorris@xxxxxxxxx>