[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20240708.nujahgh6Zeec@digikod.net>
Date: Mon, 8 Jul 2024 19:31:35 +0200
From: Mickaël Salaün <mic@...ikod.net>
To: Tahera Fahimi <fahimitahera@...il.com>
Cc: Günther Noack <gnoack@...gle.com>,
Paul Moore <paul@...l-moore.com>, James Morris <jmorris@...ei.org>,
"Serge E. Hallyn" <serge@...lyn.com>, linux-security-module@...r.kernel.org,
linux-kernel@...r.kernel.org, Björn Roy Baron <bjorn3_gh@...tonmail.com>,
Jann Horn <jannh@...gle.com>, outreachy@...ts.linux.dev, netdev@...r.kernel.org
Subject: Re: [PATCH 0/2] Landlock: Add abstract unix socket connect
reastriction
Please send inline patches, and don't forget to set the patch series
version. Because the difference with the previous series is only about
formatting, I'l only review the previous one.
On Fri, Jul 05, 2024 at 12:58:10PM -0600, Tahera Fahimi wrote:
> This patch series introduces the optional scoping of abstract unix
> sockets. This feature aims to scope the connection of an abstract socket
> from a sandbox process to other sockets outside of the sandbox domain.
> (see [1, 2])
>
> The following changes are included in this series:
> [PATCH 1/2]: Introduce the "scoped" field to the ruleset structure in
> the user space interface, and add the restriction
> mechanism to Landlock.
> [PATCH 2/2]: Add three comprehensive tests for the new feature.
>
> Tahera Fahimi (2):
> Landlock: Add abstract unix socket connect restriction
> Landlock: Abstract unix socket restriction tests
>
> include/uapi/linux/landlock.h | 29 +
> security/landlock/limits.h | 3 +
> security/landlock/ruleset.c | 7 +-
> security/landlock/ruleset.h | 23 +-
> security/landlock/syscalls.c | 12 +-
> security/landlock/task.c | 62 ++
> .../testing/selftests/landlock/ptrace_test.c | 786 ++++++++++++++++++
> 7 files changed, 916 insertions(+), 6 deletions(-)
>
> [1]: https://lore.kernel.org/all/20231023.ahphah4Wii4v@digikod.net/
> [2]: https://lore.kernel.org/all/20231102.MaeWaepav8nu@digikod.net/
> --
> 2.34.1
>
Powered by blists - more mailing lists