On Fri, Oct 25, 2024 at 05:20:39PM +0200, Francis Laniel wrote: > Le mardi 22 octobre 2024, 18:10:00 CEST Mickaël Salaün a écrit : > > Move ACCESS_FS_OPTIONAL, access_mask_t, struct access_mask, and struct > > access_masks_all to a dedicated access.h file. > > > > This file will be extended with a following commit, and it will help to > > avoid dependency loops. > > > > Cc: Günther Noack <[email protected]> > > Signed-off-by: Mickaël Salaün <[email protected]> > > Link: https://lore.kernel.org/r/[email protected] > > --- > > > > Changes since v1: > > * New patch > > --- > > security/landlock/access.h | 53 +++++++++++++++++++++++++++++++++++++ > > security/landlock/fs.c | 1 + > > security/landlock/fs.h | 1 + > > security/landlock/ruleset.h | 31 +--------------------- > > 4 files changed, 56 insertions(+), 30 deletions(-) > > create mode 100644 security/landlock/access.h > > > > diff --git a/security/landlock/access.h b/security/landlock/access.h > > new file mode 100644 > > index 000000000000..2659fd9b4aaf > > --- /dev/null > > +++ b/security/landlock/access.h > > @@ -0,0 +1,53 @@ > > +/* SPDX-License-Identifier: GPL-2.0-only */ > > +/* > > + * Landlock LSM - Access types and helpers > > + * > > + * Copyright © 2016-2020 Mickaël Salaün <[email protected]> > > + * Copyright © 2018-2020 ANSSI > > + * Copyright © 2024 Microsoft Corporation > > + */ > > + > > +#ifndef _SECURITY_LANDLOCK_ACCESS_H > > +#define _SECURITY_LANDLOCK_ACCESS_H > > + > > +#include <uapi/linux/landlock.h> > > + > > +#include "limits.h" > > + > > +/* clang-format off */ > > +#define ACCESS_FS_OPTIONAL ( \ > > + LANDLOCK_ACCESS_FS_TRUNCATE | \ > > + LANDLOCK_ACCESS_FS_IOCTL_DEV) > > Nit: The patch message indicates this is moved from somewhere but I cannot > find > deletion for it.
Correct, I'll move this define to the following patch introducing deny_masks_t.
