On Tue, Mar 29, 2022 at 8:51 AM Mickaël Salaün <mic@xxxxxxxxxxx> wrote: > > From: Mickaël Salaün <mic@xxxxxxxxxxxxxxxxxxx> > > In order to be able to identify a file exchange with renameat2(2) and > RENAME_EXCHANGE, which will be useful for Landlock [1], propagate the > rename flags to LSMs. This may also improve performance because of the > switch from two set of LSM hook calls to only one, and because LSMs > using this hook may optimize the double check (e.g. only one lock, > reduce the number of path walks). > > AppArmor, Landlock and Tomoyo are updated to leverage this change. This > should not change the current behavior (same check order), except > (different level of) speed boosts. > > [1] https://lore.kernel.org/r/20220221212522.320243-1-mic@xxxxxxxxxxx > > Cc: James Morris <jmorris@xxxxxxxxx> > Cc: Kentaro Takeda <takedakn@xxxxxxxxxxxxx> > Cc: Paul Moore <paul@xxxxxxxxxxxxxx> > Cc: Serge E. Hallyn <serge@xxxxxxxxxx> > Acked-by: John Johansen <john.johansen@xxxxxxxxxxxxx> > Acked-by: Tetsuo Handa <penguin-kernel@xxxxxxxxxxxxxxxxxxx> > Signed-off-by: Mickaël Salaün <mic@xxxxxxxxxxxxxxxxxxx> > Link: https://lore.kernel.org/r/20220329125117.1393824-7-mic@xxxxxxxxxxx > --- > > Changes since v1: > * Import patch from > https://lore.kernel.org/r/20220222175332.384545-1-mic@xxxxxxxxxxx > * Add Acked-by: Tetsuo Handa. > * Add Acked-by: John Johansen. > --- > include/linux/lsm_hook_defs.h | 2 +- > include/linux/lsm_hooks.h | 1 + > security/apparmor/lsm.c | 30 +++++++++++++++++++++++++----- > security/landlock/fs.c | 12 ++++++++++-- > security/security.c | 9 +-------- > security/tomoyo/tomoyo.c | 11 ++++++++++- > 6 files changed, 48 insertions(+), 17 deletions(-) Seems like a nice improvement to me, and while I'm not an AppArmor, Tomoyo, or Landlock expert the changes looked pretty straightforward. Reviewed-by: Paul Moore <paul@xxxxxxxxxxxxxx> -- paul-moore.com
