diff options
| author | Mickaël Salaün <mic@digikod.net> | 2025-03-20 20:06:56 +0100 |
|---|---|---|
| committer | Mickaël Salaün <mic@digikod.net> | 2025-03-26 13:59:37 +0100 |
| commit | 79625f1b3a3df63d3289a0781fdf121bc42966f7 (patch) | |
| tree | dfa07c48a247c97196ffab5256cafeea8f82bc0e /security/landlock/fs.h | |
| parent | 8d20efa9dc6cb471b71fd388923753f767ab13ce (diff) | |
landlock: Prepare to use credential instead of domain for fowner
This cosmetic change is needed for audit support, specifically to be
able to filter according to cross-execution boundaries.
struct landlock_file_security's size stay the same for now but it will
increase with struct landlock_cred_security's size.
Only save Landlock domain in hook_file_set_fowner() if the current
domain has LANDLOCK_SCOPE_SIGNAL, which was previously done for each
hook_file_send_sigiotask() calls. This should improve a bit
performance.
Replace hardcoded LANDLOCK_SCOPE_SIGNAL with the signal_scope.scope
variable.
Use scoped guards for RCU read-side critical sections.
Cc: Günther Noack <gnoack@google.com>
Link: https://lore.kernel.org/r/20250320190717.2287696-8-mic@digikod.net
Signed-off-by: Mickaël Salaün <mic@digikod.net>
Diffstat (limited to 'security/landlock/fs.h')
| -rw-r--r-- | security/landlock/fs.h | 15 |
1 files changed, 9 insertions, 6 deletions
diff --git a/security/landlock/fs.h b/security/landlock/fs.h index d445f411c26a..b29972eb9224 100644 --- a/security/landlock/fs.h +++ b/security/landlock/fs.h @@ -1,9 +1,10 @@ /* SPDX-License-Identifier: GPL-2.0-only */ /* - * Landlock LSM - Filesystem management and hooks + * Landlock - Filesystem management and hooks * * Copyright © 2017-2020 Mickaël Salaün <mic@digikod.net> * Copyright © 2018-2020 ANSSI + * Copyright © 2024-2025 Microsoft Corporation */ #ifndef _SECURITY_LANDLOCK_FS_H @@ -14,6 +15,7 @@ #include <linux/rcupdate.h> #include "access.h" +#include "cred.h" #include "ruleset.h" #include "setup.h" @@ -54,12 +56,13 @@ struct landlock_file_security { */ access_mask_t allowed_access; /** - * @fown_domain: Domain of the task that set the PID that may receive a - * signal e.g., SIGURG when writing MSG_OOB to the related socket. - * This pointer is protected by the related file->f_owner->lock, as for - * fown_struct's members: pid, uid, and euid. + * @fown_subject: Landlock credential of the task that set the PID that + * may receive a signal e.g., SIGURG when writing MSG_OOB to the + * related socket. This pointer is protected by the related + * file->f_owner->lock, as for fown_struct's members: pid, uid, and + * euid. */ - struct landlock_ruleset *fown_domain; + struct landlock_cred_security fown_subject; }; /** |