lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <20240708.nujahgh6Zeec@digikod.net>
Date: Mon, 8 Jul 2024 19:31:35 +0200
From: Mickaël Salaün <mic@...ikod.net>
To: Tahera Fahimi <fahimitahera@...il.com>
Cc: Günther Noack <gnoack@...gle.com>, 
	Paul Moore <paul@...l-moore.com>, James Morris <jmorris@...ei.org>, 
	"Serge E. Hallyn" <serge@...lyn.com>, linux-security-module@...r.kernel.org, 
	linux-kernel@...r.kernel.org, Björn Roy Baron <bjorn3_gh@...tonmail.com>, 
	Jann Horn <jannh@...gle.com>, outreachy@...ts.linux.dev, netdev@...r.kernel.org
Subject: Re: [PATCH 0/2] Landlock: Add abstract unix socket connect
 reastriction

Please send inline patches, and don't forget to set the patch series
version.  Because the difference with the previous series is only about
formatting, I'l only review the previous one.

On Fri, Jul 05, 2024 at 12:58:10PM -0600, Tahera Fahimi wrote:
> This patch series introduces the optional scoping of abstract unix
> sockets. This feature aims to scope the connection of an abstract socket
> from a sandbox process to other sockets outside of the sandbox domain.
> (see [1, 2])
> 
> The following changes are included in this series:
>   [PATCH 1/2]: Introduce the "scoped" field to the ruleset structure in
>                the user space interface, and add the restriction
>                mechanism to Landlock.
>   [PATCH 2/2]: Add three comprehensive tests for the new feature.
> 
> Tahera Fahimi (2):
>   Landlock: Add abstract unix socket connect restriction
>   Landlock: Abstract unix socket restriction tests
> 
>  include/uapi/linux/landlock.h                 |  29 +
>  security/landlock/limits.h                    |   3 +
>  security/landlock/ruleset.c                   |   7 +-
>  security/landlock/ruleset.h                   |  23 +-
>  security/landlock/syscalls.c                  |  12 +-
>  security/landlock/task.c                      |  62 ++
>  .../testing/selftests/landlock/ptrace_test.c  | 786 ++++++++++++++++++
>  7 files changed, 916 insertions(+), 6 deletions(-)
> 
> [1]: https://lore.kernel.org/all/20231023.ahphah4Wii4v@digikod.net/
> [2]: https://lore.kernel.org/all/20231102.MaeWaepav8nu@digikod.net/
> -- 
> 2.34.1
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ