[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20241110185804.73158-1-mic@digikod.net>
Date: Sun, 10 Nov 2024 19:58:04 +0100
From: Mickaël Salaün <mic@...ikod.net>
To: Linus Torvalds <torvalds@...ux-foundation.org>
Cc: Mickaël Salaün <mic@...ikod.net>,
Daniel Burgener <dburgener@...ux.microsoft.com>,
Günther Noack <gnoack@...gle.com>,
Matthieu Buffet <matthieu@...fet.re>,
Mikhail Ivanov <ivanov.mikhail1@...wei-partners.com>,
linux-kernel@...r.kernel.org,
linux-security-module@...r.kernel.org
Subject: [GIT PULL] Landlock fix for v6.12-rc7 #2
Hi Linus,
This PR fixes issues in the Landlock's sandboxer sample and documentation,
slightly refactors helpers (required for ongoing patch series), and improve/fix
a feature merged in v6.12 (signal and abstract UNIX socket scoping).
Please pull these changes for v6.12-rc7 (or rc8, if any). These commits merge
cleanly with your master branch. The kernel code has been tested in the latest
linux-next releases for a few weeks, but I updated the last three patches with
cosmetic changes according to reviews.
Test coverage for security/landlock is 92.5% of 1129 lines according to
gcc/gcov-14, and it was 92.8% of 1134 lines before this PR.
Regards,
Mickaël
--
The following changes since commit 8e929cb546ee42c9a61d24fae60605e9e3192354:
Linux 6.12-rc3 (2024-10-13 14:33:32 -0700)
are available in the Git repository at:
https://git.kernel.org/pub/scm/linux/kernel/git/mic/linux.git tags/landlock-6.12-rc7
for you to fetch changes up to 03197e40a22c2641a1f9d1744418cd29f4954b83:
landlock: Optimize scope enforcement (2024-11-09 19:52:13 +0100)
----------------------------------------------------------------
Landlock fix for v6.12-rc7
----------------------------------------------------------------
Daniel Burgener (1):
landlock: Fix grammar issues in documentation
Matthieu Buffet (3):
samples/landlock: Fix port parsing in sandboxer
samples/landlock: Refactor help message
samples/landlock: Clarify option parsing behaviour
Mickaël Salaün (4):
landlock: Improve documentation of previous limitations
landlock: Refactor filesystem access mask management
landlock: Refactor network access mask management
landlock: Optimize scope enforcement
Documentation/security/landlock.rst | 14 ++--
Documentation/userspace-api/landlock.rst | 90 ++++++++++++-------------
samples/landlock/sandboxer.c | 112 +++++++++++++++++++------------
security/landlock/fs.c | 31 +++------
security/landlock/net.c | 28 ++------
security/landlock/ruleset.h | 74 +++++++++++++++++---
security/landlock/syscalls.c | 2 +-
security/landlock/task.c | 18 ++++-
8 files changed, 217 insertions(+), 152 deletions(-)
Powered by blists - more mailing lists