Received: by 2002:a05:6358:53a8:b0:117:f937:c515 with SMTP id z40csp5230625rwe; Tue, 18 Apr 2023 04:08:17 -0700 (PDT) X-Google-Smtp-Source: AKy350YTwB7rzlmWMY785i+SpK5jyNcQxUDcKbWgYOJkwib2Zx+ZJW9r8UPsNN+Ck5LpgW9oaRvZ X-Received: by 2002:a05:6a20:428b:b0:ee:f290:5b5e with SMTP id o11-20020a056a20428b00b000eef2905b5emr12847816pzj.43.1681816097439; Tue, 18 Apr 2023 04:08:17 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1681816097; cv=none; d=google.com; s=arc-20160816; b=GjZwGFxmO0BzUQzzNXZRUOCC2tJM03sAZ1Vv8/qS0QCEvtAUrLsgD7Mq5LAk3uU/a9 oHHqHMZKQTliFYE0hhBywvcEUQVL9k5hOUgAr/cqwLfhUIdfcMwm5DHTVvAdFG1reun+ 79tPvw0TSal72mtIC31zuuDmP7/FRBxSJz0qQsKwc5MCZH5TX3Xl8F9VoguGCeat0jYL q3pB+bp32isrLiBO7xnb/9Vv0kVCpqJRazokx7RGcvTBe4KyCPdCnZFPA6EeieDfpg+e A/jo6MW8Z46OlhSFHxqvexcYOFAhODT4jzkozEaMTKz+6fxRzyuGBSsvKLTE2T8roW4W njrA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:in-reply-to :content-language:references:cc:to:from:subject:user-agent :mime-version:date:message-id; bh=o+NuG2WVqQkSDb+2jy65Zo4Dmk2uLyMoVA3I0SgDk7E=; b=kIWT+e1dVl/9TS4KThKJhiyHQL+Li7DuJD1QNI1x1Uev49J5z4KA2u40wBmA4wUzz1 V68gE+OglsO1HtbHUIpx7zUGdwucqLfn2smWpTdD+GDFSuX3J/1wmJ0nt1o8w+CTizOj 9a6rqccPvh2ljN4qH+zxrfZOK0tprEo5nVPtjXcmFFbkoG82ctSmJPW8Ws1fhVhwfLMa 4aKoVDgrR6DyaaBSNMi2sHRy0xoqIq4QE8NATK2Eu7U8pxc4cNHApFXnMOIu3RxSeh6W 638ivhAclIyMR/Gm0imOYbHdJnoY8A6K1nL5ChXxJpAfjn6NimT3wt/0DMGolOz+KRtF vQUA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=huawei.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id c2-20020a170902724200b001a68f933777si11888188pll.245.2023.04.18.04.07.35; Tue, 18 Apr 2023 04:08:17 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=huawei.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230290AbjDRKxe (ORCPT + 99 others); Tue, 18 Apr 2023 06:53:34 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44324 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229726AbjDRKxc (ORCPT ); Tue, 18 Apr 2023 06:53:32 -0400 Received: from szxga03-in.huawei.com (szxga03-in.huawei.com [45.249.212.189]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 34FE3E62; Tue, 18 Apr 2023 03:53:31 -0700 (PDT) Received: from dggpeml500023.china.huawei.com (unknown [7.185.36.114]) by szxga03-in.huawei.com (SkyGuard) with ESMTP id 4Q113B5HWJz8wx1; Tue, 18 Apr 2023 18:52:38 +0800 (CST) Received: from [10.67.110.112] (10.67.110.112) by dggpeml500023.china.huawei.com (7.185.36.114) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.23; Tue, 18 Apr 2023 18:53:28 +0800 Message-ID: Date: Tue, 18 Apr 2023 18:53:28 +0800 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Thunderbird/102.5.1 Subject: Re: [PATCH -next v2 0/6] landlock: add chmod and chown support From: xiujianfeng To: , , , , , CC: , , , , , Konstantin Meskhidze References: <20220827111215.131442-1-xiujianfeng@huawei.com> Content-Language: en-US In-Reply-To: <20220827111215.131442-1-xiujianfeng@huawei.com> Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit X-Originating-IP: [10.67.110.112] X-ClientProxiedBy: dggems705-chm.china.huawei.com (10.3.19.182) To dggpeml500023.china.huawei.com (7.185.36.114) X-Spam-Status: No, score=-6.8 required=5.0 tests=BAYES_00,NICE_REPLY_A, RCVD_IN_DNSWL_MED,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE, URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi Mickael, Sorry about the long silence on this work, As we known this work depends on another work about changing argument from struct dentry to struct path for some attr/xattr related lsm hooks, I'm stuck with this thing, because IMA/EVM is a special security module which is not LSM-based currently, and severely coupled with the file system. so I am waiting for Roberto Sassu' work (Move IMA and EVM to the LSM infrastructure) to be ready, I think it can make my work more easy. you can find Roberto'work here, https://lwn.net/ml/linux-kernel/20230303181842.1087717-1-roberto.sassu@huaweicloud.com/ Any good idea are welcome, thanks. On 2022/8/27 19:12, Xiu Jianfeng wrote: > v2: > * abstract walk_to_visible_parent() helper > * chmod and chown rights only take affect on directory's context > * add testcase for fchmodat/lchown/fchownat > * fix other review issues > > Xiu Jianfeng (6): > landlock: expand access_mask_t to u32 type > landlock: abstract walk_to_visible_parent() helper > landlock: add chmod and chown support > landlock/selftests: add selftests for chmod and chown > landlock/samples: add chmod and chown support > landlock: update chmod and chown support in document > > Documentation/userspace-api/landlock.rst | 9 +- > include/uapi/linux/landlock.h | 10 +- > samples/landlock/sandboxer.c | 13 +- > security/landlock/fs.c | 110 ++++++-- > security/landlock/limits.h | 2 +- > security/landlock/ruleset.h | 2 +- > security/landlock/syscalls.c | 2 +- > tools/testing/selftests/landlock/base_test.c | 2 +- > tools/testing/selftests/landlock/fs_test.c | 267 ++++++++++++++++++- > 9 files changed, 386 insertions(+), 31 deletions(-) >