linux

mirror of https://github.com/torvalds/linux.git synced 2024-11-24 05:02:12 +00:00

History

Linus Torvalds 299e2b1967 Landlock updates for v6.2-rc1 -----BEGIN PGP SIGNATURE----- iIYEABYIAC4WIQSVyBthFV4iTW/VU1/l49DojIL20gUCY5b27RAcbWljQGRpZ2lr b2QubmV0AAoJEOXj0OiMgvbSg9YA/0K10H+VsGt1+qqR4+w9SM7SFzbgszrV3Yw9 rwiPgaPVAP9rxXPr2bD2hAk7/Lv9LeJ2kfM9RzMErP1A6UsC5YVbDA== =mAG7 -----END PGP SIGNATURE----- Merge tag 'landlock-6.2-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/mic/linux Pull landlock updates from Mickaël Salaün: "This adds file truncation support to Landlock, contributed by Günther Noack. As described by Günther [1], the goal of these patches is to work towards a more complete coverage of file system operations that are restrictable with Landlock. The known set of currently unsupported file system operations in Landlock is described at [2]. Out of the operations listed there, truncate is the only one that modifies file contents, so these patches should make it possible to prevent the direct modification of file contents with Landlock. The new LANDLOCK_ACCESS_FS_TRUNCATE access right covers both the truncate(2) and ftruncate(2) families of syscalls, as well as open(2) with the O_TRUNC flag. This includes usages of creat() in the case where existing regular files are overwritten. Additionally, this introduces a new Landlock security blob associated with opened files, to track the available Landlock access rights at the time of opening the file. This is in line with Unix's general approach of checking the read and write permissions during open(), and associating this previously checked authorization with the opened file. An ongoing patch documents this use case [3]. In order to treat truncate(2) and ftruncate(2) calls differently in an LSM hook, we split apart the existing security_path_truncate hook into security_path_truncate (for truncation by path) and security_file_truncate (for truncation of previously opened files)" Link: https://lore.kernel.org/r/20221018182216.301684-1-gnoack3000@gmail.com [1] Link: https://www.kernel.org/doc/html/v6.1/userspace-api/landlock.html#filesystem-flags [2] Link: https://lore.kernel.org/r/20221209193813.972012-1-mic@digikod.net [3] * tag 'landlock-6.2-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/mic/linux: samples/landlock: Document best-effort approach for LANDLOCK_ACCESS_FS_REFER landlock: Document Landlock's file truncation support samples/landlock: Extend sample tool to support LANDLOCK_ACCESS_FS_TRUNCATE selftests/landlock: Test ftruncate on FDs created by memfd_create(2) selftests/landlock: Test FD passing from restricted to unrestricted processes selftests/landlock: Locally define __maybe_unused selftests/landlock: Test open() and ftruncate() in multiple scenarios selftests/landlock: Test file truncation support landlock: Support file truncation landlock: Document init_layer_masks() helper landlock: Refactor check_access_path_dual() into is_access_to_paths_allowed() security: Create file_truncate hook from path_truncate hook		2022-12-13 09:14:50 -08:00
..
ABI	Perf events updates for v6.2:	2022-12-12 15:19:38 -08:00
accounting	filemap: make the accounting of thrashing more consistent	2022-09-26 19:46:06 -07:00
admin-guide	Non-MM patches for 6.2-rc1.	2022-12-12 17:28:58 -08:00
arc
arm	Documentation: arm: marvell: Add Orion codenames and archive homepage	2022-11-01 17:13:03 -06:00
arm64	Merge branch 'for-next/trivial' into for-next/core	2022-12-06 11:33:29 +00:00
block	Documentation: document ublk user recovery feature	2022-10-18 05:12:26 -07:00
bpf	Networking changes for 6.1.	2022-10-04 13:38:03 -07:00
cdrom
core-api	This was a not-too-busy cycle for documentation; highlights include:	2022-12-12 17:18:50 -08:00
cpu-freq	cpufreq: Remove CVS version control contents from documentation	2022-12-06 12:24:51 +01:00
crypto
dev-tools	linux-kselftest-kunit-next-6.2-rc1	2022-12-12 16:42:57 -08:00
devicetree	Power management updates for 6.2-rc1	2022-12-12 13:19:07 -08:00
doc-guide	Merge branch 'alabaster-rb' into docs-mw	2022-10-18 16:29:50 -06:00
driver-api	This was a not-too-busy cycle for documentation; highlights include:	2022-12-12 17:18:50 -08:00
fault-injection	debugfs: fix error when writing negative value to atomic_t debugfs file	2022-11-30 16:13:16 -08:00
fb	Documentation: fb: udlfb: clean up text and formatting	2022-09-27 13:21:44 -06:00
features	Documentation/features: Use loongarch instead of loong	2022-12-05 02:50:12 -07:00
filesystems	configfs updates for Linux 6.2	2022-12-13 08:51:13 -08:00
firmware_class
firmware-guide	Merge branches 'acpi-misc', 'acpi-tools' and 'acpi-docs'	2022-10-03 20:03:49 +02:00
fpga
gpu
hid
hwmon	hwmon: (corsair-psu) Add USB id of the new HX1500i psu	2022-10-22 06:59:12 -07:00
i2c	docs: i2c: slave-interface: return errno when handle I2C_SLAVE_WRITE_REQUESTED	2022-09-28 21:41:59 +02:00
ia64	docs: ia64: Fix a typo ("identify mappings")	2022-11-09 14:03:51 -07:00
iio	docs: iio: add documentation for BNO055 driver	2022-09-21 18:42:56 +01:00
images
infiniband
input	Merge branch 'next' into for-linus	2022-10-09 22:30:23 -07:00
isdn
kbuild	Documentation: kbuild: Add description of git for reproducible builds	2022-10-28 00:16:29 +09:00
kernel-hacking	Updates for timers, timekeeping and drivers:	2022-12-12 12:52:02 -08:00
leds
litmus-tests
livepatch
locking	Remove duplicate words inside documentation	2022-09-27 13:21:43 -06:00
loongarch	This was a not-too-busy cycle for documentation; highlights include:	2022-12-12 17:18:50 -08:00
m68k
maintainer
mhi
mips
misc-devices
mm	mm: Make failslab writable again	2022-10-24 12:19:06 +02:00
netlabel
networking	Documentation: networking: Update generic_netlink_howto URL	2022-11-23 17:25:02 -08:00
nios2
nvdimm
openrisc
parisc
PCI	cxl for 6.2	2022-12-12 13:55:31 -08:00
pcmcia
peci
power
powerpc	powerpc/64s: update cpu selection options	2022-09-28 19:22:10 +10:00
process	This was a not-too-busy cycle for documentation; highlights include:	2022-12-12 17:18:50 -08:00
RCU	Updates for timers, timekeeping and drivers:	2022-12-12 12:52:02 -08:00
riscv	Documentation: riscv: Document the sv57 VM layout	2022-11-21 14:40:26 -07:00
rust	x86: enable initial Rust support	2022-09-28 09:02:45 +02:00
s390	vfio/mdev: embedd struct mdev_parent in the parent data structure	2022-10-04 12:06:58 -06:00
scheduler	docs: scheduler: Update new path for the sysctl knobs	2022-09-27 13:21:42 -06:00
scsi
security	landlock: Fix documentation style	2022-09-29 18:43:04 +02:00
sh
sound
sparc
sphinx	docs: sphinx-pre-install: don't require the RTD theme	2022-10-13 11:14:43 -06:00
sphinx-static	docs: Don't wire font sizes for HTML output	2022-11-01 15:59:40 -06:00
spi
staging	docs: put atomic*.txt and memory-barriers.txt into the core-api book	2022-09-29 12:55:06 -06:00
target
timers	Documentation: Replace del_timer/del_timer_sync()	2022-11-24 15:09:11 +01:00
tools	Documentation/rv: Add verification/rv man pages	2022-12-09 18:06:24 -05:00
trace	fs.ovl.setgid.v6.2	2022-12-12 19:03:10 -08:00
translations	This was a not-too-busy cycle for documentation; highlights include:	2022-12-12 17:18:50 -08:00
usb	Documentation: USB: correct possessive "its" usage	2022-11-21 14:33:23 -07:00
userspace-api	Landlock updates for v6.2-rc1	2022-12-13 09:14:50 -08:00
virt	Add TDX guest attestation infrastructure and driver	2022-12-12 14:27:49 -08:00
w1	Documentation: W1: minor typo corrections	2022-09-27 13:21:44 -06:00
watchdog
x86	Add TDX guest attestation infrastructure and driver	2022-12-12 14:27:49 -08:00
xtensa
.gitignore
arch.rst
atomic_bitops.txt
atomic_t.txt
Changes
CodingStyle
conf.py	docs/sphinx: More depth in the rtd sidebar toc	2022-11-09 13:28:40 -07:00
docutils.conf
dontdiff
index.rst	Rust introduction for v6.1-rc1	2022-10-03 16:39:37 -07:00
Kconfig
Makefile	doc: add texinfodocs and infodocs targets	2022-11-21 14:13:57 -07:00
memory-barriers.txt	docs/memory-barriers.txt: Add a missed closing parenthesis	2022-10-18 15:14:52 -07:00
SubmittingPatches
subsystem-apis.rst	docs: Rewrite the front page	2022-09-29 12:55:06 -06:00