mirror of
https://github.com/torvalds/linux.git
synced 2024-11-25 21:51:40 +00:00
21d52e295a
Introduce a new "scoped" member to landlock_ruleset_attr that can specify LANDLOCK_SCOPE_ABSTRACT_UNIX_SOCKET to restrict connection to abstract UNIX sockets from a process outside of the socket's domain. Two hooks are implemented to enforce these restrictions: unix_stream_connect and unix_may_send. Closes: https://github.com/landlock-lsm/linux/issues/7 Signed-off-by: Tahera Fahimi <fahimitahera@gmail.com> Link: https://lore.kernel.org/r/5f7ad85243b78427242275b93481cfc7c127764b.1725494372.git.fahimitahera@gmail.com [mic: Fix commit message formatting, improve documentation, simplify hook_unix_may_send(), and cosmetic fixes including rename of LANDLOCK_SCOPED_ABSTRACT_UNIX_SOCKET] Co-developed-by: Mickaël Salaün <mic@digikod.net> Signed-off-by: Mickaël Salaün <mic@digikod.net> |
||
|---|---|---|
| .. | ||
| .kunitconfig | ||
| common.h | ||
| cred.c | ||
| cred.h | ||
| fs.c | ||
| fs.h | ||
| Kconfig | ||
| limits.h | ||
| Makefile | ||
| net.c | ||
| net.h | ||
| object.c | ||
| object.h | ||
| ruleset.c | ||
| ruleset.h | ||
| setup.c | ||
| setup.h | ||
| syscalls.c | ||
| task.c | ||
| task.h | ||