Received: by 2002:a05:6358:5282:b0:b5:90e7:25cb with SMTP id g2csp2820092rwa;
        Mon, 22 Aug 2022 14:38:18 -0700 (PDT)
X-Google-Smtp-Source: AA6agR7mgPhnDVZC36NE8Kbdhq7S5lOYu3YR8gMfDxCa1qMW8kMQJAWCjwqV2cl1GrBOaQVw6hH+
X-Received: by 2002:a05:6402:156:b0:440:b458:93df with SMTP id s22-20020a056402015600b00440b45893dfmr900699edu.337.1661204298304;
        Mon, 22 Aug 2022 14:38:18 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1661204298; cv=none;
        d=google.com; s=arc-20160816;
        b=iHB6gJpEukxSMeINw/Dk76WQdoOnNyD+98A26Pq+hfY8Qk2PkiO7VI9p+shY1O02jZ
         m5eX90GOqWeGBQiV/qutA3cRVslb8pGxrbjLShaZs2G/+nSJpIJWnEhO4kAka503ezSC
         1GvnfuqKpmL1Q9jLy7YV8G7rVPiirQhz7JdAnXh3al0YB6BNU6onom1DH8NLz3MYxxaR
         sOh4A/3bdDNx8mlNz47HnxVhQNj46V6DDZgVKLXZQrbJIBPeq0J6LKOqk9VoCiLBz5Kk
         ZATgIQ6rctx1bpd4VSqZn9PLQosx/n1PfBrFUbusOxZpH25U6hmIXhrkMlFbQ7M0acrI
         lL2g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:in-reply-to:subject
         :from:references:cc:to:content-language:user-agent:mime-version:date
         :message-id:dkim-signature;
        bh=l0+rvoWjZYCGHmrR7lzyizV1ZRIUhSrnBUsueX7aYsM=;
        b=y99lFMN8yjarJc15L+mP93nTT7Lh/HKMs187hTk9wyvXgYahdTyCOPdhoUNWXbPkEW
         js5JZg29rLQWvNtgD0OT83I6Iv0yDdYVo1mLAwup8/0zlazhS9aosdz5K5+4IHheMKi4
         RJahD7iQYBTPZniu4hVhB0ItOOVPn3k7J3gwFs3DCz/Es39aOBzg5Wp/rRieh61T3pz3
         3bOBbLBQGnRsh76ePZxhCF5CgNtY0tw9A24WLkFKLBOJEZIi75JPkrDr76ww3vzzIC+N
         sHJqTeFcUdpXQ62ql4fhdpxtYm3wiLEC7VtCGnAXvCiWG7+imEBRQJjPJ2GVBAfHQ8d8
         PfyA==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@digikod.net header.s=20191114 header.b="t/KVRMzq";
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id tl24-20020a170907c31800b0073d6d5f2110si62733ejc.186.2022.08.22.14.37.52;
        Mon, 22 Aug 2022 14:38:18 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@digikod.net header.s=20191114 header.b="t/KVRMzq";
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S238090AbiHVVZm (ORCPT <rfc822;andreqb@gmail.com> + 99 others);
        Mon, 22 Aug 2022 17:25:42 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51128 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S238199AbiHVVZk (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 22 Aug 2022 17:25:40 -0400
Received: from smtp-190e.mail.infomaniak.ch (smtp-190e.mail.infomaniak.ch [IPv6:2001:1600:4:17::190e])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 4F5B94F194
        for <linux-kernel@vger.kernel.org>; Mon, 22 Aug 2022 14:25:38 -0700 (PDT)
Received: from smtp-3-0001.mail.infomaniak.ch (unknown [10.4.36.108])
        by smtp-3-3000.mail.infomaniak.ch (Postfix) with ESMTPS id 4MBQPr6Lb2zMpvsm;
        Mon, 22 Aug 2022 23:25:36 +0200 (CEST)
Received: from ns3096276.ip-94-23-54.eu (unknown [23.97.221.149])
        by smtp-3-0001.mail.infomaniak.ch (Postfix) with ESMTPA id 4MBQPr0l8Kzlh8TC;
        Mon, 22 Aug 2022 23:25:36 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=digikod.net;
        s=20191114; t=1661203536;
        bh=bl79jSnYmOqsqEwfzn/3uZdbexw5tt9nsmEid8rJbl8=;
        h=Date:To:Cc:References:From:Subject:In-Reply-To:From;
        b=t/KVRMzqA/JAYEXensgt6ob2cKG3uu+fhvhZ90HhNlZtT+mwvoS4DG2U/v/zaNV4U
         ineELGdGS0yxHXN/HGZIybSx0VJwhHrkagdZNVPtuKaHFbgHg5Q5y7mWVAsUIFJwJG
         wxeREv/Nn8boCIfXhdJiJhcKLCfWAUJgtnqIzfbE=
Message-ID: <68629a11-93c1-d7ab-ad3d-0fdbde1a35e3@digikod.net>
Date:   Mon, 22 Aug 2022 23:25:35 +0200
MIME-Version: 1.0
User-Agent: 
Content-Language: en-US
To:     Xiu Jianfeng <xiujianfeng@huawei.com>, paul@paul-moore.com,
        jmorris@namei.org, serge@hallyn.com, shuah@kernel.org,
        corbet@lwn.net
Cc:     linux-security-module@vger.kernel.org,
        linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org,
        linux-doc@vger.kernel.org
References: <20220822114701.26975-1-xiujianfeng@huawei.com>
 <20220822114701.26975-6-xiujianfeng@huawei.com>
From:   =?UTF-8?Q?Micka=c3=abl_Sala=c3=bcn?= <mic@digikod.net>
Subject: Re: [PATCH -next 5/5] landlock: update chmod and chown support in
 document
In-Reply-To: <20220822114701.26975-6-xiujianfeng@huawei.com>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED,
        DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS,
        T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no
        version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org


On 22/08/2022 13:47, Xiu Jianfeng wrote:
> update LANDLOCK_ACCESS_FS_{CHMOD, CHOWN} support and add abi change
> in the document.
> 
> Signed-off-by: Xiu Jianfeng <xiujianfeng@huawei.com>
> ---
>   Documentation/userspace-api/landlock.rst | 8 +++++++-
>   1 file changed, 7 insertions(+), 1 deletion(-)
> 
> diff --git a/Documentation/userspace-api/landlock.rst b/Documentation/userspace-api/landlock.rst
> index 2509c2fbf98f..05ab338db529 100644
> --- a/Documentation/userspace-api/landlock.rst
> +++ b/Documentation/userspace-api/landlock.rst
> @@ -61,7 +61,9 @@ the need to be explicit about the denied-by-default access rights.
>               LANDLOCK_ACCESS_FS_MAKE_BLOCK |
>               LANDLOCK_ACCESS_FS_MAKE_SYM |
>               LANDLOCK_ACCESS_FS_REFER |
> -            LANDLOCK_ACCESS_FS_TRUNCATE,
> +            LANDLOCK_ACCESS_FS_TRUNCATE |
> +            LANDLOCK_ACCESS_FS_CHMOD |
> +            LANDLOCK_ACCESS_FS_CHOWN
>       };
>   
>   Because we may not know on which kernel version an application will be
> @@ -90,6 +92,10 @@ the ABI.
>       case 2:
>               /* Removes LANDLOCK_ACCESS_FS_TRUNCATE for ABI < 3 */
>               ruleset_attr.handled_access_fs &= ~LANDLOCK_ACCESS_FS_TRUNCATE;

There is a missing fall-through attribute here.


> +    case 3:
> +            /* Removes LANDLOCK_ACCESS_FS_{CHMOD, CHOWN} for ABI < 4 */
> +            ruleset_attr.handled_access_fs &= ~(LANDLOCK_ACCESS_FS_CHMOD |
> +                                                LANDLOCK_ACCESS_FS_CHOWN);
>       }
>   
>   This enables to create an inclusive ruleset that will contain our rules.