[GIT PULL] Landlock update for v6.15-rc1

[Mickaël Salaün]

Linus,

This PR brings two main changes to Landlock:
* A signal scoping fix with a new interface for user space to know if it
  is compatible with the running kernel.
* Audit support to give visibility on why access requests are denied,
  including the origin of the security policy, missing access rights,
  and description of object(s).  This was designed to limit log spam as
  much as possible while still alerting about unexpected blocked access.

With these changes come new and improved documentation, and a lot of new
tests.

Please pull these changes for v6.15-rc1 .  These commits merge cleanly
with your master branch.  Most kernel code has been tested in the latest
linux-next releases for a few weeks and recently rebased to apply fixes.

syzkaller has been running for a few months on a private instance with
these changes.  The upstream project can now also test them:
https://github.com/google/syzkaller/pull/5851

Test coverage with Kselftest for master:security/landlock is 93.6% of
1525 lines according to gcc/gcov-14, and it was 92.6% of 1115 lines
before this PR.

Regards,
 Mickaël

--
The following changes since commit 7eb172143d5508b4da468ed59ee857c6e5e01da6:

  Linux 6.14-rc5 (2025-03-02 11:48:20 -0800)

are available in the Git repository at:

  https://git.kernel.org/pub/scm/linux/kernel/git/mic/linux.git tags/landlock-6.15-rc1

for you to fetch changes up to 8e2dd47b10e77452733eae23cc83078fa29c1e9a:

  landlock: Add audit documentation (2025-03-26 13:59:49 +0100)

----------------------------------------------------------------
Landlock update for v6.15-rc1

----------------------------------------------------------------
Günther Noack (1):
      landlock: Clarify IPC scoping documentation

Mickaël Salaün (35):
      landlock: Move code to ease future backports
      landlock: Add the errata interface
      landlock: Add erratum for TCP fix
      landlock: Prepare to add second errata
      landlock: Always allow signals between threads of the same process
      selftests/landlock: Split signal_scoping_threads tests
      selftests/landlock: Add a new test for setuid()
      lsm: Add audit_log_lsm_data() helper
      landlock: Add unique ID generator
      landlock: Move domain hierarchy management
      landlock: Prepare to use credential instead of domain for filesystem
      landlock: Prepare to use credential instead of domain for network
      landlock: Prepare to use credential instead of domain for scope
      landlock: Prepare to use credential instead of domain for fowner
      landlock: Identify domain execution crossing
      landlock: Add AUDIT_LANDLOCK_ACCESS and log ptrace denials
      landlock: Add AUDIT_LANDLOCK_DOMAIN and log domain status
      landlock: Log mount-related denials
      landlock: Log file-related denials
      landlock: Factor out IOCTL hooks
      landlock: Log truncate and IOCTL denials
      landlock: Log TCP bind and connect denials
      landlock: Log scoped denials
      landlock: Add LANDLOCK_RESTRICT_SELF_LOG_*_EXEC_* flags
      landlock: Add LANDLOCK_RESTRICT_SELF_LOG_SUBDOMAINS_OFF
      samples/landlock: Enable users to log sandbox denials
      selftests/landlock: Add test for invalid ruleset file descriptor
      selftests/landlock: Extend tests for landlock_restrict_self(2)'s flags
      selftests/landlock: Add tests for audit flags and domain IDs
      selftests/landlock: Test audit with restrict flags
      selftests/landlock: Add audit tests for ptrace
      selftests/landlock: Add audit tests for abstract UNIX socket scoping
      selftests/landlock: Add audit tests for filesystem
      selftests/landlock: Add audit tests for network
      landlock: Add audit documentation

 Documentation/admin-guide/LSM/index.rst            |   1 +
 Documentation/admin-guide/LSM/landlock.rst         | 158 ++++++
 Documentation/security/landlock.rst                |  13 +-
 Documentation/userspace-api/landlock.rst           |  72 ++-
 MAINTAINERS                                        |   1 +
 include/linux/lsm_audit.h                          |   8 +
 include/uapi/linux/audit.h                         |   4 +-
 include/uapi/linux/landlock.h                      |  35 ++
 samples/landlock/sandboxer.c                       |  37 +-
 security/landlock/.kunitconfig                     |   2 +
 security/landlock/Makefile                         |   5 +
 security/landlock/access.h                         |  25 +-
 security/landlock/audit.c                          | 522 ++++++++++++++++++
 security/landlock/audit.h                          |  76 +++
 security/landlock/cred.c                           |  28 +-
 security/landlock/cred.h                           |  92 +++-
 security/landlock/domain.c                         | 264 +++++++++
 security/landlock/domain.h                         | 174 ++++++
 security/landlock/errata.h                         |  99 ++++
 security/landlock/errata/abi-4.h                   |  15 +
 security/landlock/errata/abi-6.h                   |  19 +
 security/landlock/fs.c                             | 321 ++++++++---
 security/landlock/fs.h                             |  40 +-
 security/landlock/id.c                             | 251 +++++++++
 security/landlock/id.h                             |  25 +
 security/landlock/limits.h                         |   7 +-
 security/landlock/net.c                            |  78 ++-
 security/landlock/ruleset.c                        |  30 +-
 security/landlock/ruleset.h                        |  48 +-
 security/landlock/setup.c                          |  40 +-
 security/landlock/setup.h                          |   3 +
 security/landlock/syscalls.c                       |  99 +++-
 security/landlock/task.c                           | 257 ++++++---
 security/lsm_audit.c                               |  27 +-
 tools/testing/kunit/configs/all_tests.config       |   2 +
 tools/testing/selftests/landlock/.gitignore        |   1 +
 tools/testing/selftests/landlock/Makefile          |   6 +-
 tools/testing/selftests/landlock/audit.h           | 472 ++++++++++++++++
 tools/testing/selftests/landlock/audit_test.c      | 551 +++++++++++++++++++
 tools/testing/selftests/landlock/base_test.c       | 130 ++++-
 tools/testing/selftests/landlock/common.h          |  20 +
 tools/testing/selftests/landlock/config            |   1 +
 tools/testing/selftests/landlock/fs_test.c         | 594 +++++++++++++++++++++
 tools/testing/selftests/landlock/net_test.c        | 132 +++++
 tools/testing/selftests/landlock/ptrace_test.c     | 140 +++++
 .../selftests/landlock/scoped_abstract_unix_test.c | 111 ++++
 .../selftests/landlock/scoped_signal_test.c        | 108 +++-
 .../testing/selftests/landlock/wait-pipe-sandbox.c | 131 +++++
 48 files changed, 4960 insertions(+), 315 deletions(-)
 create mode 100644 Documentation/admin-guide/LSM/landlock.rst
 create mode 100644 security/landlock/audit.c
 create mode 100644 security/landlock/audit.h
 create mode 100644 security/landlock/domain.c
 create mode 100644 security/landlock/domain.h
 create mode 100644 security/landlock/errata.h
 create mode 100644 security/landlock/errata/abi-4.h
 create mode 100644 security/landlock/errata/abi-6.h
 create mode 100644 security/landlock/id.c
 create mode 100644 security/landlock/id.h
 create mode 100644 tools/testing/selftests/landlock/audit.h
 create mode 100644 tools/testing/selftests/landlock/audit_test.c
 create mode 100644 tools/testing/selftests/landlock/wait-pipe-sandbox.c