Re: [PATCH v3 2/6] Landlock: Adding file_send_sigiotask signal scoping support
From: Mickaël Salaün
Date: Wed Aug 21 2024 - 07:26:52 EST
On Thu, Aug 15, 2024 at 12:29:21PM -0600, Tahera Fahimi wrote:
> This patch adds two new hooks "hook_file_set_fowner" and
> "hook_file_free_security" to set and release a pointer to the
> domain of the file owner. This pointer "fown_domain" in
> "landlock_file_security" will be used in "file_send_sigiotask"
> to check if the process can send a signal.
>
> Signed-off-by: Tahera Fahimi <fahimitahera@xxxxxxxxx>
> ---
> security/landlock/fs.c | 18 ++++++++++++++++++
> security/landlock/fs.h | 6 ++++++
> security/landlock/task.c | 27 +++++++++++++++++++++++++++
> 3 files changed, 51 insertions(+)
Please squash this patch with the previous one, both are enforcing the
signal scoping restriction with LANDLOCK_SCOPED_SIGNAL.
You'll also need to update the scoped_test.c file with
LANDLOCK_SCOPED_SIGNAL (in this same squashed patch).