Pull Landlock LSM from James Morris:
"Add Landlock, a new LSM from Mickaël Salaün.
Briefly, Landlock provides for unprivileged application sandboxing.
From Mickaël's cover letter:
"The goal of Landlock is to enable to restrict ambient rights (e.g.
global filesystem access) for a set of processes. Because Landlock
is a stackable LSM [1], it makes possible to create safe security
sandboxes as new security layers in addition to the existing
system-wide access-controls. This kind of sandbox is expected to
help mitigate the security impact of bugs or unexpected/malicious
behaviors in user-space applications. Landlock empowers any
process, including unprivileged ones, to securely restrict
themselves.
Landlock is inspired by seccomp-bpf but instead of filtering
syscalls and their raw arguments, a Landlock rule can restrict the
use of kernel objects like file hierarchies, according to the
kernel semantic. Landlock also takes inspiration from other OS
sandbox mechanisms: XNU Sandbox, FreeBSD Capsicum or OpenBSD
Pledge/Unveil.
In this current form, Landlock misses some access-control features.
This enables to minimize this patch series and ease review. This
series still addresses multiple use cases, especially with the
combined use of seccomp-bpf: applications with built-in sandboxing,
init systems, security sandbox tools and security-oriented APIs [2]"
The cover letter and v34 posting is here:
https://lore.kernel.org/linux-security-module/
20210422154123.13086-1-mic@digikod.net/
See also:
https://landlock.io/
This code has had extensive design discussion and review over several
years"
Link: https://lore.kernel.org/lkml/50db058a-7dde-441b-a7f9-f6837fe8b69f@schaufler-ca.com/
Link: https://lore.kernel.org/lkml/f646e1c7-33cf-333f-070c-0a40ad0468cd@digikod.net/
* tag 'landlock_v34' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security:
landlock: Enable user space to infer supported features
landlock: Add user and kernel documentation
samples/landlock: Add a sandbox manager example
selftests/landlock: Add user space tests
landlock: Add syscall implementations
arch: Wire up Landlock syscalls
fs,security: Add sb_delete hook
landlock: Support filesystem access-control
LSM: Infrastructure management of the superblock
landlock: Add ptrace restrictions
landlock: Set up the security framework and manage credentials
landlock: Add ruleset and domain management
landlock: Add object management
550 common process_madvise sys_process_madvise
551 common epoll_pwait2 sys_epoll_pwait2
552 common mount_setattr sys_mount_setattr
+553 common quotactl_path sys_quotactl_path
+ 554 common landlock_create_ruleset sys_landlock_create_ruleset
+ 555 common landlock_add_rule sys_landlock_add_rule
+ 556 common landlock_restrict_self sys_landlock_restrict_self
440 common process_madvise sys_process_madvise
441 common epoll_pwait2 sys_epoll_pwait2
442 common mount_setattr sys_mount_setattr
+443 common quotactl_path sys_quotactl_path
+ 444 common landlock_create_ruleset sys_landlock_create_ruleset
+ 445 common landlock_add_rule sys_landlock_add_rule
+ 446 common landlock_restrict_self sys_landlock_restrict_self
__SYSCALL(__NR_epoll_pwait2, compat_sys_epoll_pwait2)
#define __NR_mount_setattr 442
__SYSCALL(__NR_mount_setattr, sys_mount_setattr)
+#define __NR_quotactl_path 443
+__SYSCALL(__NR_quotactl_path, sys_quotactl_path)
+ #define __NR_landlock_create_ruleset 444
+ __SYSCALL(__NR_landlock_create_ruleset, sys_landlock_create_ruleset)
+ #define __NR_landlock_add_rule 445
+ __SYSCALL(__NR_landlock_add_rule, sys_landlock_add_rule)
+ #define __NR_landlock_restrict_self 446
+ __SYSCALL(__NR_landlock_restrict_self, sys_landlock_restrict_self)
/*
* Please add new compat syscalls above this comment and update
440 common process_madvise sys_process_madvise
441 common epoll_pwait2 sys_epoll_pwait2
442 common mount_setattr sys_mount_setattr
+443 common quotactl_path sys_quotactl_path
+ 444 common landlock_create_ruleset sys_landlock_create_ruleset
+ 445 common landlock_add_rule sys_landlock_add_rule
+ 446 common landlock_restrict_self sys_landlock_restrict_self
440 common process_madvise sys_process_madvise
441 common epoll_pwait2 sys_epoll_pwait2
442 common mount_setattr sys_mount_setattr
+443 common quotactl_path sys_quotactl_path
+ 444 common landlock_create_ruleset sys_landlock_create_ruleset
+ 445 common landlock_add_rule sys_landlock_add_rule
+ 446 common landlock_restrict_self sys_landlock_restrict_self
440 common process_madvise sys_process_madvise
441 common epoll_pwait2 sys_epoll_pwait2
442 common mount_setattr sys_mount_setattr
+443 common quotactl_path sys_quotactl_path
+ 444 common landlock_create_ruleset sys_landlock_create_ruleset
+ 445 common landlock_add_rule sys_landlock_add_rule
+ 446 common landlock_restrict_self sys_landlock_restrict_self
440 n32 process_madvise sys_process_madvise
441 n32 epoll_pwait2 compat_sys_epoll_pwait2
442 n32 mount_setattr sys_mount_setattr
+443 n32 quotactl_path sys_quotactl_path
+ 444 n32 landlock_create_ruleset sys_landlock_create_ruleset
+ 445 n32 landlock_add_rule sys_landlock_add_rule
+ 446 n32 landlock_restrict_self sys_landlock_restrict_self
440 n64 process_madvise sys_process_madvise
441 n64 epoll_pwait2 sys_epoll_pwait2
442 n64 mount_setattr sys_mount_setattr
+443 n64 quotactl_path sys_quotactl_path
+ 444 n64 landlock_create_ruleset sys_landlock_create_ruleset
+ 445 n64 landlock_add_rule sys_landlock_add_rule
+ 446 n64 landlock_restrict_self sys_landlock_restrict_self
440 o32 process_madvise sys_process_madvise
441 o32 epoll_pwait2 sys_epoll_pwait2 compat_sys_epoll_pwait2
442 o32 mount_setattr sys_mount_setattr
+443 o32 quotactl_path sys_quotactl_path
+ 444 o32 landlock_create_ruleset sys_landlock_create_ruleset
+ 445 o32 landlock_add_rule sys_landlock_add_rule
+ 446 o32 landlock_restrict_self sys_landlock_restrict_self
440 common process_madvise sys_process_madvise
441 common epoll_pwait2 sys_epoll_pwait2 compat_sys_epoll_pwait2
442 common mount_setattr sys_mount_setattr
+443 common quotactl_path sys_quotactl_path
+ 444 common landlock_create_ruleset sys_landlock_create_ruleset
+ 445 common landlock_add_rule sys_landlock_add_rule
+ 446 common landlock_restrict_self sys_landlock_restrict_self
440 common process_madvise sys_process_madvise
441 common epoll_pwait2 sys_epoll_pwait2 compat_sys_epoll_pwait2
442 common mount_setattr sys_mount_setattr
+443 common quotactl_path sys_quotactl_path
+ 444 common landlock_create_ruleset sys_landlock_create_ruleset
+ 445 common landlock_add_rule sys_landlock_add_rule
+ 446 common landlock_restrict_self sys_landlock_restrict_self
440 common process_madvise sys_process_madvise sys_process_madvise
441 common epoll_pwait2 sys_epoll_pwait2 compat_sys_epoll_pwait2
442 common mount_setattr sys_mount_setattr sys_mount_setattr
+443 common quotactl_path sys_quotactl_path sys_quotactl_path
+ 444 common landlock_create_ruleset sys_landlock_create_ruleset sys_landlock_create_ruleset
+ 445 common landlock_add_rule sys_landlock_add_rule sys_landlock_add_rule
+ 446 common landlock_restrict_self sys_landlock_restrict_self sys_landlock_restrict_self
440 common process_madvise sys_process_madvise
441 common epoll_pwait2 sys_epoll_pwait2
442 common mount_setattr sys_mount_setattr
+443 common quotactl_path sys_quotactl_path
+ 444 common landlock_create_ruleset sys_landlock_create_ruleset
+ 445 common landlock_add_rule sys_landlock_add_rule
+ 446 common landlock_restrict_self sys_landlock_restrict_self
440 common process_madvise sys_process_madvise
441 common epoll_pwait2 sys_epoll_pwait2 compat_sys_epoll_pwait2
442 common mount_setattr sys_mount_setattr
+443 common quotactl_path sys_quotactl_path
+ 444 common landlock_create_ruleset sys_landlock_create_ruleset
+ 445 common landlock_add_rule sys_landlock_add_rule
+ 446 common landlock_restrict_self sys_landlock_restrict_self
440 i386 process_madvise sys_process_madvise
441 i386 epoll_pwait2 sys_epoll_pwait2 compat_sys_epoll_pwait2
442 i386 mount_setattr sys_mount_setattr
+443 i386 quotactl_path sys_quotactl_path
+ 444 i386 landlock_create_ruleset sys_landlock_create_ruleset
+ 445 i386 landlock_add_rule sys_landlock_add_rule
+ 446 i386 landlock_restrict_self sys_landlock_restrict_self
440 common process_madvise sys_process_madvise
441 common epoll_pwait2 sys_epoll_pwait2
442 common mount_setattr sys_mount_setattr
+443 common quotactl_path sys_quotactl_path
+ 444 common landlock_create_ruleset sys_landlock_create_ruleset
+ 445 common landlock_add_rule sys_landlock_add_rule
+ 446 common landlock_restrict_self sys_landlock_restrict_self
#
# Due to a historical design error, certain syscalls are numbered differently
440 common process_madvise sys_process_madvise
441 common epoll_pwait2 sys_epoll_pwait2
442 common mount_setattr sys_mount_setattr
+443 common quotactl_path sys_quotactl_path
+ 444 common landlock_create_ruleset sys_landlock_create_ruleset
+ 445 common landlock_add_rule sys_landlock_add_rule
+ 446 common landlock_restrict_self sys_landlock_restrict_self
__SC_COMP(__NR_epoll_pwait2, sys_epoll_pwait2, compat_sys_epoll_pwait2)
#define __NR_mount_setattr 442
__SYSCALL(__NR_mount_setattr, sys_mount_setattr)
+#define __NR_quotactl_path 443
+__SYSCALL(__NR_quotactl_path, sys_quotactl_path)
+
+ #define __NR_landlock_create_ruleset 444
+ __SYSCALL(__NR_landlock_create_ruleset, sys_landlock_create_ruleset)
+ #define __NR_landlock_add_rule 445
+ __SYSCALL(__NR_landlock_add_rule, sys_landlock_add_rule)
+ #define __NR_landlock_restrict_self 446
+ __SYSCALL(__NR_landlock_restrict_self, sys_landlock_restrict_self)
+
#undef __NR_syscalls
- #define __NR_syscalls 444
+ #define __NR_syscalls 447
/*
* 32 bit systems traditionally used different
LSM_HOOK_INIT(bprm_committing_creds, selinux_bprm_committing_creds),
LSM_HOOK_INIT(bprm_committed_creds, selinux_bprm_committed_creds),
- LSM_HOOK_INIT(sb_free_security, selinux_sb_free_security),
LSM_HOOK_INIT(sb_free_mnt_opts, selinux_free_mnt_opts),
+ LSM_HOOK_INIT(sb_mnt_opts_compat, selinux_sb_mnt_opts_compat),
LSM_HOOK_INIT(sb_remount, selinux_sb_remount),
LSM_HOOK_INIT(sb_kern_mount, selinux_sb_kern_mount),
LSM_HOOK_INIT(sb_show_options, selinux_sb_show_options),
struct selinux_policy *policy;
struct policydb *policydb;
struct sidtab *sidtab;
- int rc = 0;
+ int rc;
struct ocontext *c;
- struct superblock_security_struct *sbsec = sb->s_security;
+ struct superblock_security_struct *sbsec = selinux_superblock(sb);
const char *fstype = sb->s_type->name;
if (!selinux_initialized(state)) {
projects / linux-2.6-microblaze.git / commitdiff