landlock: Allow FS topology changes for domains without such rule type - linux

diff options

author	Mickaël Salaün <mic@digikod.net>	2023-10-26 03:47:41 +0200
committer	Mickaël Salaün <mic@digikod.net>	2023-10-26 21:07:10 +0200
commit	d7220364039f6beb76f311c05f74cad89da5fad5 (patch)
tree	194f8b69bae8b29035d3db2045c356d44827be36 /security/landlock/ruleset.c
parent	landlock: Make ruleset's access masks more generic (diff)
download	linux-d7220364039f6beb76f311c05f74cad89da5fad5.tar.xz linux-d7220364039f6beb76f311c05f74cad89da5fad5.zip

landlock: Allow FS topology changes for domains without such rule type

Allow mount point and root directory changes when there is no filesystem rule tied to the current Landlock domain. This doesn't change anything for now because a domain must have at least a (filesystem) rule, but this will change when other rule types will come. For instance, a domain only restricting the network should have no impact on filesystem restrictions. Add a new get_current_fs_domain() helper to quickly check filesystem rule existence for all filesystem LSM hooks. Remove unnecessary inlining. Link: https://lore.kernel.org/r/20231026014751.414649-3-konstantin.meskhidze@huawei.com Signed-off-by: Mickaël Salaün <mic@digikod.net>

Diffstat (limited to 'security/landlock/ruleset.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: