[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <cover.1720203255.git.fahimitahera@gmail.com>
Date: Fri, 5 Jul 2024 12:58:10 -0600
From: Tahera Fahimi <fahimitahera@...il.com>
To: Mickaël Salaün <mic@...ikod.net>,
Günther Noack <gnoack@...gle.com>,
Paul Moore <paul@...l-moore.com>, James Morris <jmorris@...ei.org>,
"Serge E. Hallyn" <serge@...lyn.com>,
linux-security-module@...r.kernel.org, linux-kernel@...r.kernel.org,
Björn Roy Baron <bjorn3_gh@...tonmail.com>,
Jann Horn <jannh@...gle.com>, outreachy@...ts.linux.dev,
netdev@...r.kernel.org
Subject: [PATCH 0/2] Landlock: Add abstract unix socket connect reastriction
This patch series introduces the optional scoping of abstract unix
sockets. This feature aims to scope the connection of an abstract socket
from a sandbox process to other sockets outside of the sandbox domain.
(see [1, 2])
The following changes are included in this series:
[PATCH 1/2]: Introduce the "scoped" field to the ruleset structure in
the user space interface, and add the restriction
mechanism to Landlock.
[PATCH 2/2]: Add three comprehensive tests for the new feature.
Tahera Fahimi (2):
Landlock: Add abstract unix socket connect restriction
Landlock: Abstract unix socket restriction tests
include/uapi/linux/landlock.h | 29 +
security/landlock/limits.h | 3 +
security/landlock/ruleset.c | 7 +-
security/landlock/ruleset.h | 23 +-
security/landlock/syscalls.c | 12 +-
security/landlock/task.c | 62 ++
.../testing/selftests/landlock/ptrace_test.c | 786 ++++++++++++++++++
7 files changed, 916 insertions(+), 6 deletions(-)
[1]: https://lore.kernel.org/all/20231023.ahphah4Wii4v@digikod.net/
[2]: https://lore.kernel.org/all/20231102.MaeWaepav8nu@digikod.net/
--
2.34.1
View attachment "0001-landlock-Add-abstract-unix-socket-connect-restrictio.patch" of type "text/x-diff" (11705 bytes)
View attachment "0002-landlock-Abstract-unix-socket-restriction-tests.patch" of type "text/x-diff" (22381 bytes)
Powered by blists - more mailing lists