mirror of https://gitee.com/openkylin/linux.git
17ae69aba8
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEgycj0O+d1G2aycA8rZhLv9lQBTwFAmCInP4ACgkQrZhLv9lQ
BTza0g//dTeb9woC9H7qlEhK4l9yk62lTss60Q8X7m7ZSNfdL4tiEbi64SgK+iOW
OOegbrOEb8Kzh4KJJYmVlVZ5YUWyH4szgmee1wnylBdsWiWaPLPF3Cflz77apy6T
TiiBsJd7rRE29FKheaMt34B41BMh8QHESN+DzjzJWsFoi/uNxjgSs2W16XuSupKu
bpRmB1pYNXMlrkzz7taL05jndZYE5arVriqlxgAsuLOFOp/ER7zecrjImdCM/4kL
W6ej0R1fz2Geh6CsLBJVE+bKWSQ82q5a4xZEkSYuQHXgZV5eywE5UKu8ssQcRgQA
VmGUY5k73rfY9Ofupf2gCaf/JSJNXKO/8Xjg0zAdklKtmgFjtna5Tyg9I90j7zn+
5swSpKuRpilN8MQH+6GWAnfqQlNoviTOpFeq3LwBtNVVOh08cOg6lko/bmebBC+R
TeQPACKS0Q0gCDPm9RYoU1pMUuYgfOwVfVRZK1prgi2Co7ZBUMOvYbNoKYoPIydr
ENBYljlU1OYwbzgR2nE+24fvhU8xdNOVG1xXYPAEHShu+p7dLIWRLhl8UCtRQpSR
1ofeVaJjgjrp29O+1OIQjB2kwCaRdfv/Gq1mztE/VlMU/r++E62OEzcH0aS+mnrg
yzfyUdI8IFv1q6FGT9yNSifWUWxQPmOKuC8kXsKYfqfJsFwKmHM=
=uCN4
-----END PGP SIGNATURE-----
Merge tag 'landlock_v34' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security
Pull Landlock LSM from James Morris:
"Add Landlock, a new LSM from Mickaël Salaün.
Briefly, Landlock provides for unprivileged application sandboxing.
From Mickaël's cover letter:
"The goal of Landlock is to enable to restrict ambient rights (e.g.
global filesystem access) for a set of processes. Because Landlock
is a stackable LSM [1], it makes possible to create safe security
sandboxes as new security layers in addition to the existing
system-wide access-controls. This kind of sandbox is expected to
help mitigate the security impact of bugs or unexpected/malicious
behaviors in user-space applications. Landlock empowers any
process, including unprivileged ones, to securely restrict
themselves.
Landlock is inspired by seccomp-bpf but instead of filtering
syscalls and their raw arguments, a Landlock rule can restrict the
use of kernel objects like file hierarchies, according to the
kernel semantic. Landlock also takes inspiration from other OS
sandbox mechanisms: XNU Sandbox, FreeBSD Capsicum or OpenBSD
Pledge/Unveil.
In this current form, Landlock misses some access-control features.
This enables to minimize this patch series and ease review. This
series still addresses multiple use cases, especially with the
combined use of seccomp-bpf: applications with built-in sandboxing,
init systems, security sandbox tools and security-oriented APIs [2]"
The cover letter and v34 posting is here:
https://lore.kernel.org/linux-security-module/20210422154123.13086-1-mic@digikod.net/
See also:
https://landlock.io/
This code has had extensive design discussion and review over several
years"
Link: https://lore.kernel.org/lkml/50db058a-7dde-441b-a7f9-f6837fe8b69f@schaufler-ca.com/ [1]
Link: https://lore.kernel.org/lkml/f646e1c7-33cf-333f-070c-0a40ad0468cd@digikod.net/ [2]
* tag 'landlock_v34' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security:
landlock: Enable user space to infer supported features
landlock: Add user and kernel documentation
samples/landlock: Add a sandbox manager example
selftests/landlock: Add user space tests
landlock: Add syscall implementations
arch: Wire up Landlock syscalls
fs,security: Add sb_delete hook
landlock: Support filesystem access-control
LSM: Infrastructure management of the superblock
landlock: Add ptrace restrictions
landlock: Set up the security framework and manage credentials
landlock: Add ruleset and domain management
landlock: Add object management
|
||
|---|---|---|
| .. | ||
| syscalls | ||
| .gitignore | ||
| Makefile | ||
| access-helper.h | ||
| asm-offsets.c | ||
| bmips_5xxx_init.S | ||
| bmips_vec.S | ||
| branch.c | ||
| cacheinfo.c | ||
| cevt-bcm1480.c | ||
| cevt-ds1287.c | ||
| cevt-gt641xx.c | ||
| cevt-r4k.c | ||
| cevt-sb1250.c | ||
| cevt-txx9.c | ||
| cmpxchg.c | ||
| cps-vec-ns16550.S | ||
| cps-vec.S | ||
| cpu-probe.c | ||
| cpu-r3k-probe.c | ||
| crash.c | ||
| crash_dump.c | ||
| csrc-bcm1480.c | ||
| csrc-ioasic.c | ||
| csrc-r4k.c | ||
| csrc-sb1250.c | ||
| early_printk.c | ||
| early_printk_8250.c | ||
| elf.c | ||
| entry.S | ||
| fpu-probe.c | ||
| fpu-probe.h | ||
| ftrace.c | ||
| genex.S | ||
| gpio_txx9.c | ||
| head.S | ||
| i8253.c | ||
| idle.c | ||
| irq-gt641xx.c | ||
| irq-msc01.c | ||
| irq.c | ||
| irq_txx9.c | ||
| jump_label.c | ||
| kgdb.c | ||
| kprobes.c | ||
| linux32.c | ||
| machine_kexec.c | ||
| mcount.S | ||
| mips-cm.c | ||
| mips-cpc.c | ||
| mips-mt-fpaff.c | ||
| mips-mt.c | ||
| mips-r2-to-r6-emul.c | ||
| module.c | ||
| octeon_switch.S | ||
| perf_event.c | ||
| perf_event_mipsxx.c | ||
| perf_regs.c | ||
| pm-cps.c | ||
| pm.c | ||
| probes-common.h | ||
| proc.c | ||
| process.c | ||
| prom.c | ||
| ptrace.c | ||
| ptrace32.c | ||
| r4k-bugs64.c | ||
| r4k_fpu.S | ||
| r4k_switch.S | ||
| r2300_fpu.S | ||
| r2300_switch.S | ||
| relocate.c | ||
| relocate_kernel.S | ||
| reset.c | ||
| rtlx-cmp.c | ||
| rtlx-mt.c | ||
| rtlx.c | ||
| scall32-o32.S | ||
| scall64-n32.S | ||
| scall64-n64.S | ||
| scall64-o32.S | ||
| segment.c | ||
| setup.c | ||
| signal-common.h | ||
| signal.c | ||
| signal32.c | ||
| signal_n32.c | ||
| signal_o32.c | ||
| smp-bmips.c | ||
| smp-cmp.c | ||
| smp-cps.c | ||
| smp-mt.c | ||
| smp-up.c | ||
| smp.c | ||
| spinlock_test.c | ||
| spram.c | ||
| stacktrace.c | ||
| sync-r4k.c | ||
| syscall.c | ||
| sysrq.c | ||
| time.c | ||
| topology.c | ||
| traps.c | ||
| unaligned.c | ||
| uprobes.c | ||
| vdso.c | ||
| vmlinux.lds.S | ||
| vpe-cmp.c | ||
| vpe-mt.c | ||
| vpe.c | ||
| watch.c | ||