On 04/04/2023 09:33, Günther Noack wrote:
Hello!
On Sun, Apr 02, 2023 at 12:01:43AM +0200, Alejandro Colomar wrote:
On 4/1/23 19:19, Günther Noack wrote:
(It feels out of scope for this documentation patch, but do you think
these bitmasks should be defined in the uapi/linux/landlock.h header?
You have looked at so many man pages already -- Do you happen to know
other places in the kernel API where such a problem has come up?)
I don't remember having seen something similar in other pages.
I think defining a macro in uapi headers could be the right thing to
do. Something like LANDLOCK_ACCESS_FS_RIGHTS_MASK_ABI_{1,2,3} or
other similar name?
Noted it on my TODO list - it's probably best discussed on the kernel
list whether this is the right approach.
1) Make assumptions about the numbers, for brevity
(as done in the patch I sent).
[...]
2) Use the constants from the header and OR them.
[...]
3) Third option is the middle way,
naming the "highest" known access right for each ABI version:
__u64 landlock_fs_access_rights[] = {
(LANDLOCK_ACCESS_FS_MAKE_SYM << 1) - 1, /* ABI v1 */
(LANDLOCK_ACCESS_FS_REFER << 1) - 1, /* ABI v2: add "refer" */
(LANDLOCK_ACCESS_FS_TRUNCATE << 1) - 1, /* ABI v3: add "truncate" */
}
I'm not sure if I like this one. I'll leave it up to you to decide
the one you like. :)
I'll ponder it a bit and send a new patch soon.
Mickaël, do you have any opinions/preferences on this?
Sorry, I missed this thread. I prefer your third solution because it is
explicit and relies on non-harcoded/magic values. I replied to the last
version of this patch but it might be a bit late now.
I'm not sure that defining a mask per ABI should be part of UAPI
(instead of dedicated libraries), but I'll think about that.
