[PATCH 0/2] Landlock: Add abstract unix socket connect reastriction

From: Tahera Fahimi
Date: Fri Jul 05 2024 - 14:58:29 EST

Next message: Frank Li: "Re: [PATCH 10/10] MAINTAINERS: Add maintainer for i.MX8qxp Display Controller"
Previous message: Jason A. Donenfeld: "Re: deconflicting new syscall numbers for 6.11"
Next in thread: Tahera Fahimi: "[PATCH 1/2] Landlock: Add abstract unix socket connect restriction"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This patch series introduces the optional scoping of abstract unix
sockets. This feature aims to scope the connection of an abstract socket
from a sandbox process to other sockets outside of the sandbox domain.
(see [1, 2])

The following changes are included in this series:
[PATCH 1/2]: Introduce the "scoped" field to the ruleset structure in
the user space interface, and add the restriction
mechanism to Landlock.
[PATCH 2/2]: Add three comprehensive tests for the new feature.

Tahera Fahimi (2):
Landlock: Add abstract unix socket connect restriction
Landlock: Abstract unix socket restriction tests

include/uapi/linux/landlock.h | 29 +
security/landlock/limits.h | 3 +
security/landlock/ruleset.c | 7 +-
security/landlock/ruleset.h | 23 +-
security/landlock/syscalls.c | 12 +-
security/landlock/task.c | 62 ++
.../testing/selftests/landlock/ptrace_test.c | 786 ++++++++++++++++++
7 files changed, 916 insertions(+), 6 deletions(-)

[1]: https://lore.kernel.org/all/20231023.ahphah4Wii4v@xxxxxxxxxxx/
[2]: https://lore.kernel.org/all/20231102.MaeWaepav8nu@xxxxxxxxxxx/
--
2.34.1

Next message: Frank Li: "Re: [PATCH 10/10] MAINTAINERS: Add maintainer for i.MX8qxp Display Controller"
Previous message: Jason A. Donenfeld: "Re: deconflicting new syscall numbers for 6.11"
Next in thread: Tahera Fahimi: "[PATCH 1/2] Landlock: Add abstract unix socket connect restriction"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]