17ae69aba8
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEgycj0O+d1G2aycA8rZhLv9lQBTwFAmCInP4ACgkQrZhLv9lQ BTza0g//dTeb9woC9H7qlEhK4l9yk62lTss60Q8X7m7ZSNfdL4tiEbi64SgK+iOW OOegbrOEb8Kzh4KJJYmVlVZ5YUWyH4szgmee1wnylBdsWiWaPLPF3Cflz77apy6T TiiBsJd7rRE29FKheaMt34B41BMh8QHESN+DzjzJWsFoi/uNxjgSs2W16XuSupKu bpRmB1pYNXMlrkzz7taL05jndZYE5arVriqlxgAsuLOFOp/ER7zecrjImdCM/4kL W6ej0R1fz2Geh6CsLBJVE+bKWSQ82q5a4xZEkSYuQHXgZV5eywE5UKu8ssQcRgQA VmGUY5k73rfY9Ofupf2gCaf/JSJNXKO/8Xjg0zAdklKtmgFjtna5Tyg9I90j7zn+ 5swSpKuRpilN8MQH+6GWAnfqQlNoviTOpFeq3LwBtNVVOh08cOg6lko/bmebBC+R TeQPACKS0Q0gCDPm9RYoU1pMUuYgfOwVfVRZK1prgi2Co7ZBUMOvYbNoKYoPIydr ENBYljlU1OYwbzgR2nE+24fvhU8xdNOVG1xXYPAEHShu+p7dLIWRLhl8UCtRQpSR 1ofeVaJjgjrp29O+1OIQjB2kwCaRdfv/Gq1mztE/VlMU/r++E62OEzcH0aS+mnrg yzfyUdI8IFv1q6FGT9yNSifWUWxQPmOKuC8kXsKYfqfJsFwKmHM= =uCN4 -----END PGP SIGNATURE----- Merge tag 'landlock_v34' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security Pull Landlock LSM from James Morris: "Add Landlock, a new LSM from Mickaël Salaün. Briefly, Landlock provides for unprivileged application sandboxing. From Mickaël's cover letter: "The goal of Landlock is to enable to restrict ambient rights (e.g. global filesystem access) for a set of processes. Because Landlock is a stackable LSM [1], it makes possible to create safe security sandboxes as new security layers in addition to the existing system-wide access-controls. This kind of sandbox is expected to help mitigate the security impact of bugs or unexpected/malicious behaviors in user-space applications. Landlock empowers any process, including unprivileged ones, to securely restrict themselves. Landlock is inspired by seccomp-bpf but instead of filtering syscalls and their raw arguments, a Landlock rule can restrict the use of kernel objects like file hierarchies, according to the kernel semantic. Landlock also takes inspiration from other OS sandbox mechanisms: XNU Sandbox, FreeBSD Capsicum or OpenBSD Pledge/Unveil. In this current form, Landlock misses some access-control features. This enables to minimize this patch series and ease review. This series still addresses multiple use cases, especially with the combined use of seccomp-bpf: applications with built-in sandboxing, init systems, security sandbox tools and security-oriented APIs [2]" The cover letter and v34 posting is here: https://lore.kernel.org/linux-security-module/20210422154123.13086-1-mic@digikod.net/ See also: https://landlock.io/ This code has had extensive design discussion and review over several years" Link: https://lore.kernel.org/lkml/50db058a-7dde-441b-a7f9-f6837fe8b69f@schaufler-ca.com/ [1] Link: https://lore.kernel.org/lkml/f646e1c7-33cf-333f-070c-0a40ad0468cd@digikod.net/ [2] * tag 'landlock_v34' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: landlock: Enable user space to infer supported features landlock: Add user and kernel documentation samples/landlock: Add a sandbox manager example selftests/landlock: Add user space tests landlock: Add syscall implementations arch: Wire up Landlock syscalls fs,security: Add sb_delete hook landlock: Support filesystem access-control LSM: Infrastructure management of the superblock landlock: Add ptrace restrictions landlock: Set up the security framework and manage credentials landlock: Add ruleset and domain management landlock: Add object management |
||
---|---|---|
.. | ||
syscalls | ||
.gitignore | ||
access-helper.h | ||
asm-offsets.c | ||
bmips_5xxx_init.S | ||
bmips_vec.S | ||
branch.c | ||
cacheinfo.c | ||
cevt-bcm1480.c | ||
cevt-ds1287.c | ||
cevt-gt641xx.c | ||
cevt-r4k.c | ||
cevt-sb1250.c | ||
cevt-txx9.c | ||
cmpxchg.c | ||
cps-vec-ns16550.S | ||
cps-vec.S | ||
cpu-probe.c | ||
cpu-r3k-probe.c | ||
crash_dump.c | ||
crash.c | ||
csrc-bcm1480.c | ||
csrc-ioasic.c | ||
csrc-r4k.c | ||
csrc-sb1250.c | ||
early_printk_8250.c | ||
early_printk.c | ||
elf.c | ||
entry.S | ||
fpu-probe.c | ||
fpu-probe.h | ||
ftrace.c | ||
genex.S | ||
gpio_txx9.c | ||
head.S | ||
i8253.c | ||
idle.c | ||
irq_txx9.c | ||
irq-gt641xx.c | ||
irq-msc01.c | ||
irq.c | ||
jump_label.c | ||
kgdb.c | ||
kprobes.c | ||
linux32.c | ||
machine_kexec.c | ||
Makefile | ||
mcount.S | ||
mips-cm.c | ||
mips-cpc.c | ||
mips-mt-fpaff.c | ||
mips-mt.c | ||
mips-r2-to-r6-emul.c | ||
module.c | ||
octeon_switch.S | ||
perf_event_mipsxx.c | ||
perf_event.c | ||
perf_regs.c | ||
pm-cps.c | ||
pm.c | ||
probes-common.h | ||
proc.c | ||
process.c | ||
prom.c | ||
ptrace32.c | ||
ptrace.c | ||
r4k_fpu.S | ||
r4k_switch.S | ||
r4k-bugs64.c | ||
r2300_fpu.S | ||
r2300_switch.S | ||
relocate_kernel.S | ||
relocate.c | ||
reset.c | ||
rtlx-cmp.c | ||
rtlx-mt.c | ||
rtlx.c | ||
scall32-o32.S | ||
scall64-n32.S | ||
scall64-n64.S | ||
scall64-o32.S | ||
segment.c | ||
setup.c | ||
signal32.c | ||
signal_n32.c | ||
signal_o32.c | ||
signal-common.h | ||
signal.c | ||
smp-bmips.c | ||
smp-cmp.c | ||
smp-cps.c | ||
smp-mt.c | ||
smp-up.c | ||
smp.c | ||
spinlock_test.c | ||
spram.c | ||
stacktrace.c | ||
sync-r4k.c | ||
syscall.c | ||
sysrq.c | ||
time.c | ||
topology.c | ||
traps.c | ||
unaligned.c | ||
uprobes.c | ||
vdso.c | ||
vmlinux.lds.S | ||
vpe-cmp.c | ||
vpe-mt.c | ||
vpe.c | ||
watch.c |