Minki/linux
1
0
Fork 1
mirror of https://github.com/torvalds/linux.git synced 2024-11-24 13:11:40 +00:00
Code Issues Packages Projects Releases Wiki Activity
17ae69aba8
linux/arch/arm
History
Linus Torvalds 17ae69aba8 Add Landlock, a new LSM from Mickaël Salaün <mic@linux.microsoft.com> 
-----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEgycj0O+d1G2aycA8rZhLv9lQBTwFAmCInP4ACgkQrZhLv9lQ
 BTza0g//dTeb9woC9H7qlEhK4l9yk62lTss60Q8X7m7ZSNfdL4tiEbi64SgK+iOW
 OOegbrOEb8Kzh4KJJYmVlVZ5YUWyH4szgmee1wnylBdsWiWaPLPF3Cflz77apy6T
 TiiBsJd7rRE29FKheaMt34B41BMh8QHESN+DzjzJWsFoi/uNxjgSs2W16XuSupKu
 bpRmB1pYNXMlrkzz7taL05jndZYE5arVriqlxgAsuLOFOp/ER7zecrjImdCM/4kL
 W6ej0R1fz2Geh6CsLBJVE+bKWSQ82q5a4xZEkSYuQHXgZV5eywE5UKu8ssQcRgQA
 VmGUY5k73rfY9Ofupf2gCaf/JSJNXKO/8Xjg0zAdklKtmgFjtna5Tyg9I90j7zn+
 5swSpKuRpilN8MQH+6GWAnfqQlNoviTOpFeq3LwBtNVVOh08cOg6lko/bmebBC+R
 TeQPACKS0Q0gCDPm9RYoU1pMUuYgfOwVfVRZK1prgi2Co7ZBUMOvYbNoKYoPIydr
 ENBYljlU1OYwbzgR2nE+24fvhU8xdNOVG1xXYPAEHShu+p7dLIWRLhl8UCtRQpSR
 1ofeVaJjgjrp29O+1OIQjB2kwCaRdfv/Gq1mztE/VlMU/r++E62OEzcH0aS+mnrg
 yzfyUdI8IFv1q6FGT9yNSifWUWxQPmOKuC8kXsKYfqfJsFwKmHM=
 =uCN4
 -----END PGP SIGNATURE-----

Merge tag 'landlock_v34' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security

Pull Landlock LSM from James Morris:
 "Add Landlock, a new LSM from Mickaël Salaün.

  Briefly, Landlock provides for unprivileged application sandboxing.

  From Mickaël's cover letter:
    "The goal of Landlock is to enable to restrict ambient rights (e.g.
     global filesystem access) for a set of processes. Because Landlock
     is a stackable LSM [1], it makes possible to create safe security
     sandboxes as new security layers in addition to the existing
     system-wide access-controls. This kind of sandbox is expected to
     help mitigate the security impact of bugs or unexpected/malicious
     behaviors in user-space applications. Landlock empowers any
     process, including unprivileged ones, to securely restrict
     themselves.

     Landlock is inspired by seccomp-bpf but instead of filtering
     syscalls and their raw arguments, a Landlock rule can restrict the
     use of kernel objects like file hierarchies, according to the
     kernel semantic. Landlock also takes inspiration from other OS
     sandbox mechanisms: XNU Sandbox, FreeBSD Capsicum or OpenBSD
     Pledge/Unveil.

     In this current form, Landlock misses some access-control features.
     This enables to minimize this patch series and ease review. This
     series still addresses multiple use cases, especially with the
     combined use of seccomp-bpf: applications with built-in sandboxing,
     init systems, security sandbox tools and security-oriented APIs [2]"

  The cover letter and v34 posting is here:

      https://lore.kernel.org/linux-security-module/20210422154123.13086-1-mic@digikod.net/

  See also:

      https://landlock.io/

  This code has had extensive design discussion and review over several
  years"

Link: https://lore.kernel.org/lkml/50db058a-7dde-441b-a7f9-f6837fe8b69f@schaufler-ca.com/ [1]
Link: https://lore.kernel.org/lkml/f646e1c7-33cf-333f-070c-0a40ad0468cd@digikod.net/ [2]

* tag 'landlock_v34' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security:
  landlock: Enable user space to infer supported features
  landlock: Add user and kernel documentation
  samples/landlock: Add a sandbox manager example
  selftests/landlock: Add user space tests
  landlock: Add syscall implementations
  arch: Wire up Landlock syscalls
  fs,security: Add sb_delete hook
  landlock: Support filesystem access-control
  LSM: Infrastructure management of the superblock
  landlock: Add ptrace restrictions
  landlock: Set up the security framework and manage credentials
  landlock: Add ruleset and domain management
  landlock: Add object management
2021-05-01 18:50:44 -07:00
..
boot Networking changes for 5.13. 2021-04-29 11:57:23 -07:00
common ARM: 9049/1: locomo: make locomo bus's remove callback return void 2021-02-01 19:44:30 +00:00
configs ARM: platform support for Nuvoton WPCM450 2021-04-26 12:25:29 -07:00
crypto crypto: arm/curve25519 - Move '.fpu' after '.arch' 2021-04-16 21:16:34 +10:00
include ARM: 2021-05-01 10:14:08 -07:00
kernel x86/paravirt: Switch time pvops functions to use static_call() 2021-03-11 16:17:52 +01:00
lib
mach-actions
mach-alpine
mach-artpec
mach-asm9260
mach-aspeed
mach-at91 ARM: at91: pm: Move prototypes to mutually included header 2021-03-26 18:20:49 +01:00
mach-axxia
mach-bcm ARM: bcm: Select BRCMSTB_L2_IRQ for bcm2835 2021-01-25 21:59:06 +01:00
mach-berlin
mach-clps711x
mach-cns3xxx
mach-davinci ARM: davinci: Constify the software nodes 2021-04-08 23:45:55 +02:00
mach-digicolor
mach-dove
mach-ep93xx
mach-exynos ARM: exynos: correct kernel doc in platsmp 2021-04-06 22:30:02 +02:00
mach-footbridge ARM: footbridge: fix PCI interrupt mapping 2021-03-25 10:26:21 +00:00
mach-gemini
mach-highbank
mach-hisi ARM: hisi: use the correct HiSilicon copyright 2021-04-02 15:36:27 +08:00
mach-imx ARM: SoC changes for v5.13 2021-04-26 11:48:26 -07:00
mach-integrator
mach-iop32x
mach-ixp4xx
mach-keystone ARM: keystone: fix integer overflow warning 2021-04-01 16:32:37 +02:00
mach-lpc18xx
mach-lpc32xx
mach-mediatek
mach-meson
mach-milbeaut
mach-mmp
mach-moxart
mach-mstar ARM: mstar: Select MSTAR_MSC313_MPLL 2021-04-01 12:40:55 +02:00
mach-mv78xx0
mach-mvebu of: net: pass the dst buffer to of_get_mac_address() 2021-04-13 14:35:02 -07:00
mach-mxs
mach-nomadik
mach-npcm ARM: npcm: Introduce Nuvoton WPCM450 SoC 2021-04-09 14:11:22 +09:30
mach-nspire
mach-omap1 Merge branch 'i2c/for-5.13' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux 2021-04-30 13:01:02 -07:00
mach-omap2 ARM: SoC drivers for v5.13 2021-04-26 12:11:52 -07:00
mach-orion5x
mach-oxnas
mach-pxa Merge branch 'i2c/for-5.13' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux 2021-04-30 13:01:02 -07:00
mach-qcom
mach-rda
mach-realtek
mach-realview
mach-rockchip
mach-rpc
mach-s3c Merge branch 'i2c/for-5.13' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux 2021-04-30 13:01:02 -07:00
mach-s5pv210
mach-sa1100 ARM: 9049/1: locomo: make locomo bus's remove callback return void 2021-02-01 19:44:30 +00:00
mach-shmobile
mach-socfpga ARM: socfpga: drop ARCH_SOCFPGA 2021-03-23 11:03:36 -05:00
mach-spear ARM/spi: spear: Drop PL022 num_chipselect 2021-04-08 15:21:58 +01:00
mach-sti
mach-stm32 ARM: stm32: Add a new SoC - STM32H750 2021-04-01 09:54:45 +02:00
mach-sunxi
mach-tegra
mach-uniphier
mach-ux500 ARM: ux500: make ux500_cpu_die static 2021-04-01 22:30:49 +02:00
mach-versatile
mach-vexpress
mach-vt8500
mach-zynq
mm mm: move mem_init_print_info() into mm_init() 2021-04-30 11:20:42 -07:00
net
nwfpe
plat-omap ARM: OMAP2+: Use DEFINE_SPINLOCK() for spinlock 2021-03-31 08:58:42 +03:00
plat-orion
plat-pxa
plat-versatile
probes ARM: 9071/1: uprobes: Don't hook on thumb instructions 2021-04-18 19:14:45 +01:00
tools Add Landlock, a new LSM from Mickaël Salaün <mic@linux.microsoft.com> 2021-05-01 18:50:44 -07:00
vdso ARM: 9051/1: vdso: remove unneded extra-y addition 2021-02-01 19:48:06 +00:00
vfp
xen xen/arm: introduce XENFEAT_direct_mapped and XENFEAT_not_direct_mapped 2021-04-23 11:33:50 +02:00
Kbuild
Kconfig mm/memtest: add ARCH_USE_MEMTEST 2021-04-30 11:20:36 -07:00
Kconfig-nommu
Kconfig.assembler
Kconfig.debug ARM: socfpga: introduce common ARCH_INTEL_SOCFPGA 2021-03-23 11:03:35 -05:00
Makefile ARM: socfpga: introduce common ARCH_INTEL_SOCFPGA 2021-03-23 11:03:35 -05:00