| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20250122165626.331786-1-mic@digikod.net>
Date: Wed, 22 Jan 2025 17:56:26 +0100
From: Mickaël Salaün <mic@...ikod.net>
To: Linus Torvalds <torvalds@...ux-foundation.org>
Cc: Mickaël Salaün <mic@...ikod.net>,
Ba Jing <bajing@...s.chinamobile.com>,
Günther Noack <gnoack@...gle.com>,
Matthieu Buffet <matthieu@...fet.re>,
Mikhail Ivanov <ivanov.mikhail1@...wei-partners.com>,
Shervin Oloumi <enlightened@...omium.org>,
Zichen Xie <zichenxie0106@...il.com>,
linux-kernel@...r.kernel.org,
linux-security-module@...r.kernel.org
Subject: [GIT PULL] Landlock updates for v6.14
Hi Linus,
This PR mostly factors out some Landlock code and prepares for upcoming audit
support. Because weird files might be visible after filesystem corruption,
Landlock now properly handles weird files too. A few sample and test issues
are also fixed.
Please pull these changes for v6.14-rc1 . These commits merge cleanly with
your master branch. The kernel code has been tested in the latest linux-next
releases for a few weeks and rebased to update commit messages.
Test coverage for security/landlock is 93.4% of 1124 lines according to
gcc/gcov-14, and it was 92.7% of 1118 lines before this PR.
Regards,
Mickaël
--
The following changes since commit 9d89551994a430b50c4fffcb1e617a057fa76e20:
Linux 6.13-rc6 (2025-01-05 14:13:40 -0800)
are available in the Git repository at:
https://git.kernel.org/pub/scm/linux/kernel/git/mic/linux.git tags/landlock-6.14-rc1
for you to fetch changes up to 2a794ee613617b5d8fd978b7ef08d64aa07ff2e6:
selftests/landlock: Add layout1.umount_sandboxer tests (2025-01-17 19:05:38 +0100)
----------------------------------------------------------------
Landlock updates for v6.14-rc1
----------------------------------------------------------------
Ba Jing (1):
selftests/landlock: Remove unused macros in ptrace_test.c
Mickaël Salaün (14):
landlock: Handle weird files
landlock: Constify get_mode_access()
landlock: Use scoped guards for ruleset
landlock: Use scoped guards for ruleset in landlock_add_rule()
selftests/landlock: Fix build with non-default pthread linking
landlock: Factor out check_access_path()
landlock: Move access types
landlock: Simplify initially denied access rights
landlock: Align partial refer access checks with final ones
selftests/landlock: Add test to check partial access in a mount tree
landlock: Optimize file path walks and prepare for audit support
selftests/landlock: Fix error message
selftests/landlock: Add wrappers.h
selftests/landlock: Add layout1.umount_sandboxer tests
Zichen Xie (1):
samples/landlock: Fix possible NULL dereference in parse_path()
samples/landlock/sandboxer.c | 7 +
security/landlock/access.h | 77 +++++++++++
security/landlock/fs.c | 114 ++++++++--------
security/landlock/fs.h | 1 +
security/landlock/ruleset.c | 26 ++--
security/landlock/ruleset.h | 52 +------
security/landlock/syscalls.c | 39 ++----
tools/testing/selftests/landlock/Makefile | 6 +-
tools/testing/selftests/landlock/common.h | 38 +-----
tools/testing/selftests/landlock/fs_test.c | 151 +++++++++++++++++++--
tools/testing/selftests/landlock/ptrace_test.c | 2 -
.../selftests/landlock/sandbox-and-launch.c | 82 +++++++++++
tools/testing/selftests/landlock/wait-pipe.c | 42 ++++++
tools/testing/selftests/landlock/wrappers.h | 47 +++++++
14 files changed, 489 insertions(+), 195 deletions(-)
create mode 100644 security/landlock/access.h
create mode 100644 tools/testing/selftests/landlock/sandbox-and-launch.c
create mode 100644 tools/testing/selftests/landlock/wait-pipe.c
create mode 100644 tools/testing/selftests/landlock/wrappers.h
Powered by blists - more mailing lists