| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20240923184251.153123-1-mic@digikod.net>
Date: Mon, 23 Sep 2024 20:42:51 +0200
From: Mickaël Salaün <mic@...ikod.net>
To: Linus Torvalds <torvalds@...ux-foundation.org>
Cc: Mickaël Salaün <mic@...ikod.net>,
Günther Noack <gnoack@...gle.com>,
Jann Horn <jannh@...gle.com>,
Paul Moore <paul@...l-moore.com>,
Tahera Fahimi <fahimitahera@...il.com>,
linux-kernel@...r.kernel.org,
linux-security-module@...r.kernel.org,
outreachy@...ts.linux.dev
Subject: [GIT PULL] Landlock updates for v6.12
Hi Linus,
This PR brings signal and abstract UNIX socket control to Landlock, contributed
by Tahera Fahimi during her Outreachy internship [1]. These features are
useful to better isolate processes.
Please pull these changes for v6.12-rc1. These commits merge cleanly with your
master branch. The kernel code has been tested in the latest linux-next
releases for a few weeks, but I rebased it on your master branch last week
because of VFS and LSM tree dependencies.
We can now scope a Landlock domain thanks to a new "scoped" field that can deny
interactions with resources outside of this domain. The
LANDLOCK_SCOPE_ABSTRACT_UNIX_SOCKET flag denies connections to an abstract UNIX
socket created outside of the current scoped domain [2], and the
LANDLOCK_SCOPE_SIGNAL flag denies sending a signal to processes outside of the
current scoped domain [3]. These restrictions also apply to nested domains
according to their scope. The related changes will also be useful to support
other kind of IPC isolations.
Test coverage for security/landlock is 92.2% of 1046 lines according to
gcc/gcov-14, and it was 91.7% of 961 lines before this series.
Regards,
Mickaël
Link: https://sched.co/1ej1w [1]
Link: https://lore.kernel.org/r/cover.1725494372.git.fahimitahera@gmail.com [2]
Link: https://lore.kernel.org/r/cover.1725657727.git.fahimitahera@gmail.com [3]
--
The following changes since commit a430d95c5efa2b545d26a094eb5f624e36732af0:
Merge tag 'lsm-pr-20240911' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/lsm (2024-09-16 18:19:47 +0200)
are available in the Git repository at:
https://git.kernel.org/pub/scm/linux/kernel/git/mic/linux.git tags/landlock-6.12-rc1
for you to fetch changes up to 1ca980815e1f284dddcb5e678c91bbd3e3f3a6a6:
landlock: Document LANDLOCK_SCOPE_SIGNAL (2024-09-16 23:50:55 +0200)
----------------------------------------------------------------
Landlock updates for v6.12-rc1
----------------------------------------------------------------
Tahera Fahimi (14):
landlock: Add abstract UNIX socket scoping
selftests/landlock: Test handling of unknown scope
selftests/landlock: Test abstract UNIX socket scoping
selftests/landlock: Test UNIX sockets with any address formats
selftests/landlock: Test connected and unconnected datagram UNIX socket
selftests/landlock: Test inherited restriction of abstract UNIX socket
samples/landlock: Add support for abstract UNIX socket scoping
landlock: Document LANDLOCK_SCOPE_ABSTRACT_UNIX_SOCKET
landlock: Add signal scoping
selftests/landlock: Test signal scoping
selftests/landlock: Test signal scoping for threads
selftests/landlock: Test signal created by out-of-bound message
samples/landlock: Add support for signal scoping
landlock: Document LANDLOCK_SCOPE_SIGNAL
Documentation/userspace-api/landlock.rst | 58 +-
include/uapi/linux/landlock.h | 30 +
samples/landlock/sandboxer.c | 73 +-
security/landlock/cred.h | 2 +-
security/landlock/fs.c | 25 +
security/landlock/fs.h | 7 +
security/landlock/limits.h | 3 +
security/landlock/ruleset.c | 7 +-
security/landlock/ruleset.h | 24 +-
security/landlock/syscalls.c | 17 +-
security/landlock/task.c | 193 ++++
tools/testing/selftests/landlock/base_test.c | 2 +-
tools/testing/selftests/landlock/common.h | 39 +
tools/testing/selftests/landlock/fs_test.c | 1 -
tools/testing/selftests/landlock/net_test.c | 31 +-
.../selftests/landlock/scoped_abstract_unix_test.c | 1041 ++++++++++++++++++++
.../selftests/landlock/scoped_base_variants.h | 156 +++
tools/testing/selftests/landlock/scoped_common.h | 28 +
.../landlock/scoped_multiple_domain_variants.h | 152 +++
.../selftests/landlock/scoped_signal_test.c | 484 +++++++++
tools/testing/selftests/landlock/scoped_test.c | 33 +
21 files changed, 2359 insertions(+), 47 deletions(-)
create mode 100644 tools/testing/selftests/landlock/scoped_abstract_unix_test.c
create mode 100644 tools/testing/selftests/landlock/scoped_base_variants.h
create mode 100644 tools/testing/selftests/landlock/scoped_common.h
create mode 100644 tools/testing/selftests/landlock/scoped_multiple_domain_variants.h
create mode 100644 tools/testing/selftests/landlock/scoped_signal_test.c
create mode 100644 tools/testing/selftests/landlock/scoped_test.c
Powered by blists - more mailing lists