landlock: Align partial refer access checks with final ones - kernel

diff options

author	Mickaël Salaün <[email protected]>	2025-01-08 15:43:19 +0000
committer	Mickaël Salaün <[email protected]>	2025-01-17 18:05:35 +0000
commit	058518c2092081f224edb37cbc236bed5c28852d (patch)
tree	4a0a4ae7f51bc8808cf6f48deac2b3ffb41bf850 /net/switchdev/switchdev.c
parent	landlock: Simplify initially denied access rights (diff)
download	kernel-058518c2092081f224edb37cbc236bed5c28852d.tar.gz kernel-058518c2092081f224edb37cbc236bed5c28852d.zip

landlock: Align partial refer access checks with final ones

Fix a logical issue that could have been visible if the source or the destination of a rename/link action was allowed for either the source or the destination but not both. However, this logical bug is unreachable because either: - the rename/link action is allowed by the access rights tied to the same mount point (without relying on access rights in a parent mount point) and the access request is allowed (i.e. allow_parent1 and allow_parent2 are true in current_check_refer_path), - or a common rule in a parent mount point updates the access check for the source and the destination (cf. is_access_to_paths_allowed). See the following layout1.refer_part_mount_tree_is_allowed test that work with and without this fix. This fix does not impact current code but it is required for the audit support. Cc: Günther Noack <[email protected]> Link: https://lore.kernel.org/r/[email protected] Signed-off-by: Mickaël Salaün <[email protected]>

Diffstat (limited to 'net/switchdev/switchdev.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: