Received: by 2002:a05:6a10:2785:0:0:0:0 with SMTP id ia5csp508449pxb; Thu, 14 Jan 2021 11:09:06 -0800 (PST) X-Google-Smtp-Source: ABdhPJzb+TzA2AJn19O2M3NRotDa3pEUlHlNulZcUZGTz8lQRq+dNfDGLhvID+GxvmTFKmpZz0as X-Received: by 2002:aa7:d803:: with SMTP id v3mr1264735edq.153.1610651345868; Thu, 14 Jan 2021 11:09:05 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1610651345; cv=none; d=google.com; s=arc-20160816; b=o1UuI4RXw7eL7NbfCe8wcuoZwH1fCabjMIIYuj2cOr44lwPSTUXGCCKWshe+2M00ga fywgzwUE3T7gCoF6dvo+/DoTQ8qtW5GgCZPuoYbNzDl2zOY3HFQRZLnY1DTbNcgxV7zQ jLM5bQCsQrCWxgMUUhXozlvWLreXMBDmQ9vOemH83SSBSQOQRJdCdk//vw6GJGz3E050 zt/jJx4h9/VgoU2voQIyXKNlju74gCln4wpJQrplVPe5sd9uGbapcu6AEz1YHZgkPWZr tJeFstvaO5xb6muCv63t9rkDhWyPwuCGNW+/m0p/7UCXNUjMj+7z4/6M4YdhtocMUbWh g3Dw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:content-language :in-reply-to:mime-version:user-agent:date:message-id:from:references :cc:to:subject; bh=VPp1o7w1tyDHnJfHM2L5lFN5Hnn+VntD8JWMNt47bTo=; b=gnGVO6m4ogTddextUTkw73WhhjgmK56wqgW8LKivsrWQunPsOEudjAno+wud00OcM5 J7jMaT7oAozrfi8XCV0XDp9gXgvmMTVDrh9KrJmcxhJxUSFBKnvjV2opeHTnoKGUoieb +4B12u9gzSy5ex3uyPLPi5uhFzAtyTSGazXlBHzqVN4xz4zq8rUTBVwsc54fD6zgjxiW Pr5L7xRflmTZd3FNH9Pd/iO7RyIEsnwPB6yb+DbCd7xicOr4MqPqjnSz2970Awg3SILc +JcUli4W0apZbfi6iNmWiPZP3f/xKDmJ7OAnuXUx0aEmQhgA3vbzO/YVsiiyt91vO3bi vujg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id c22si2463141ejd.523.2021.01.14.11.08.41; Thu, 14 Jan 2021 11:09:05 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728898AbhANTE1 (ORCPT + 99 others); Thu, 14 Jan 2021 14:04:27 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39758 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728881AbhANTE0 (ORCPT ); Thu, 14 Jan 2021 14:04:26 -0500 Received: from smtp-8faa.mail.infomaniak.ch (smtp-8faa.mail.infomaniak.ch [IPv6:2001:1600:4:17::8faa]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 8BA9AC0613C1 for ; Thu, 14 Jan 2021 11:03:41 -0800 (PST) Received: from smtp-2-0001.mail.infomaniak.ch (unknown [10.5.36.108]) by smtp-3-3000.mail.infomaniak.ch (Postfix) with ESMTPS id 4DGty40K9jzMq8Xg; Thu, 14 Jan 2021 20:03:40 +0100 (CET) Received: from ns3096276.ip-94-23-54.eu (unknown [23.97.221.149]) by smtp-2-0001.mail.infomaniak.ch (Postfix) with ESMTPA id 4DGty16Bhkzlh8T2; Thu, 14 Jan 2021 20:03:37 +0100 (CET) Subject: Re: [PATCH v26 00/12] Landlock LSM To: Jann Horn Cc: James Morris , "Serge E . Hallyn" , Al Viro , Andy Lutomirski , Anton Ivanov , Arnd Bergmann , Casey Schaufler , Jeff Dike , Jonathan Corbet , Kees Cook , Michael Kerrisk , Richard Weinberger , Shuah Khan , Vincent Dagonneau , Kernel Hardening , Linux API , linux-arch , "open list:DOCUMENTATION" , linux-fsdevel , kernel list , "open list:KERNEL SELFTEST FRAMEWORK" , linux-security-module , the arch/x86 maintainers References: <20201209192839.1396820-1-mic@digikod.net> From: =?UTF-8?Q?Micka=c3=abl_Sala=c3=bcn?= Message-ID: <92df89c9-3442-0761-224a-ab53bb917850@digikod.net> Date: Thu, 14 Jan 2021 20:03:47 +0100 User-Agent: MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 14/01/2021 04:22, Jann Horn wrote: > On Wed, Dec 9, 2020 at 8:28 PM Mickaël Salaün wrote: >> This patch series adds new built-time checks, a new test, renames some >> variables and functions to improve readability, and shift syscall >> numbers to align with -next. > > Sorry, I've finally gotten around to looking at v26 - I hadn't > actually looked at v25 either yet. I think there's still one remaining > small issue in the filesystem access logic, but I think that's very > simple to fix, as long as we agree on what the expected semantics are. > Otherwise it basically looks good, apart from some typos. > > I think v27 will be the final version of this series. :) (And I'll try > to actually look at that version much faster - I realize that waiting > for code reviews this long sucks.) > I'm improving the tests, especially with bind mounts and overlayfs tests. The v27 will also contains a better documentation to clarify the semantic and explain how these mounts are handled. Thanks!