linux/samples
Linus Torvalds 17ae69aba8 Add Landlock, a new LSM from Mickaël Salaün <mic@linux.microsoft.com>
-----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEgycj0O+d1G2aycA8rZhLv9lQBTwFAmCInP4ACgkQrZhLv9lQ
 BTza0g//dTeb9woC9H7qlEhK4l9yk62lTss60Q8X7m7ZSNfdL4tiEbi64SgK+iOW
 OOegbrOEb8Kzh4KJJYmVlVZ5YUWyH4szgmee1wnylBdsWiWaPLPF3Cflz77apy6T
 TiiBsJd7rRE29FKheaMt34B41BMh8QHESN+DzjzJWsFoi/uNxjgSs2W16XuSupKu
 bpRmB1pYNXMlrkzz7taL05jndZYE5arVriqlxgAsuLOFOp/ER7zecrjImdCM/4kL
 W6ej0R1fz2Geh6CsLBJVE+bKWSQ82q5a4xZEkSYuQHXgZV5eywE5UKu8ssQcRgQA
 VmGUY5k73rfY9Ofupf2gCaf/JSJNXKO/8Xjg0zAdklKtmgFjtna5Tyg9I90j7zn+
 5swSpKuRpilN8MQH+6GWAnfqQlNoviTOpFeq3LwBtNVVOh08cOg6lko/bmebBC+R
 TeQPACKS0Q0gCDPm9RYoU1pMUuYgfOwVfVRZK1prgi2Co7ZBUMOvYbNoKYoPIydr
 ENBYljlU1OYwbzgR2nE+24fvhU8xdNOVG1xXYPAEHShu+p7dLIWRLhl8UCtRQpSR
 1ofeVaJjgjrp29O+1OIQjB2kwCaRdfv/Gq1mztE/VlMU/r++E62OEzcH0aS+mnrg
 yzfyUdI8IFv1q6FGT9yNSifWUWxQPmOKuC8kXsKYfqfJsFwKmHM=
 =uCN4
 -----END PGP SIGNATURE-----

Merge tag 'landlock_v34' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security

Pull Landlock LSM from James Morris:
 "Add Landlock, a new LSM from Mickaël Salaün.

  Briefly, Landlock provides for unprivileged application sandboxing.

  From Mickaël's cover letter:
    "The goal of Landlock is to enable to restrict ambient rights (e.g.
     global filesystem access) for a set of processes. Because Landlock
     is a stackable LSM [1], it makes possible to create safe security
     sandboxes as new security layers in addition to the existing
     system-wide access-controls. This kind of sandbox is expected to
     help mitigate the security impact of bugs or unexpected/malicious
     behaviors in user-space applications. Landlock empowers any
     process, including unprivileged ones, to securely restrict
     themselves.

     Landlock is inspired by seccomp-bpf but instead of filtering
     syscalls and their raw arguments, a Landlock rule can restrict the
     use of kernel objects like file hierarchies, according to the
     kernel semantic. Landlock also takes inspiration from other OS
     sandbox mechanisms: XNU Sandbox, FreeBSD Capsicum or OpenBSD
     Pledge/Unveil.

     In this current form, Landlock misses some access-control features.
     This enables to minimize this patch series and ease review. This
     series still addresses multiple use cases, especially with the
     combined use of seccomp-bpf: applications with built-in sandboxing,
     init systems, security sandbox tools and security-oriented APIs [2]"

  The cover letter and v34 posting is here:

      https://lore.kernel.org/linux-security-module/20210422154123.13086-1-mic@digikod.net/

  See also:

      https://landlock.io/

  This code has had extensive design discussion and review over several
  years"

Link: https://lore.kernel.org/lkml/50db058a-7dde-441b-a7f9-f6837fe8b69f@schaufler-ca.com/ [1]
Link: https://lore.kernel.org/lkml/f646e1c7-33cf-333f-070c-0a40ad0468cd@digikod.net/ [2]

* tag 'landlock_v34' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security:
  landlock: Enable user space to infer supported features
  landlock: Add user and kernel documentation
  samples/landlock: Add a sandbox manager example
  selftests/landlock: Add user space tests
  landlock: Add syscall implementations
  arch: Wire up Landlock syscalls
  fs,security: Add sb_delete hook
  landlock: Support filesystem access-control
  LSM: Infrastructure management of the superblock
  landlock: Add ptrace restrictions
  landlock: Set up the security framework and manage credentials
  landlock: Add ruleset and domain management
  landlock: Add object management
2021-05-01 18:50:44 -07:00
..
acrn sample/acrn: Introduce a sample of HSM ioctl interface usage 2021-02-09 10:58:19 +01:00
auxdisplay treewide: Miguel has moved 2021-02-26 09:41:03 -08:00
binderfs kbuild: introduce hostprogs-always-y and userprogs-always-y 2020-08-10 01:32:59 +09:00
bpf samples/bpf: Fix broken tracex1 due to kprobe argument change 2021-04-19 18:19:49 -07:00
configfs samples: configfs: prefer pr_err() over bare printk(KERN_ERR 2020-10-07 15:46:22 +02:00
connector kbuild: introduce hostprogs-always-y and userprogs-always-y 2020-08-10 01:32:59 +09:00
ftrace samples/ftrace: Mark my_tramp[12]? global 2020-11-30 21:42:48 -05:00
hidraw HID: hidraw: Add additional hidraw input/output report ioctls. 2020-11-27 15:48:31 +01:00
hw_breakpoint samples/hw_breakpoint: drop use of kallsyms_lookup_name() 2020-04-07 10:43:44 -07:00
kdb
kfifo kfifo: fix ternary sign extension bugs 2021-04-30 11:20:35 -07:00
kmemleak mm,kmemleak-test.c: move kmemleak-test.c to samples dir 2020-10-13 18:38:27 -07:00
kobject
kprobes samples/kprobes: Add ARM support 2021-01-18 13:24:18 -07:00
landlock samples/landlock: Add a sandbox manager example 2021-04-22 12:22:11 -07:00
livepatch livepatch: Handle allocation failure in the sample of shadow variable API 2020-01-17 11:12:06 +01:00
mei kbuild: introduce hostprogs-always-y and userprogs-always-y 2020-08-10 01:32:59 +09:00
nitro_enclaves nitro_enclaves: Add sample for ioctl interface usage 2020-09-22 13:58:41 +02:00
pidfd kbuild: introduce hostprogs-always-y and userprogs-always-y 2020-08-10 01:32:59 +09:00
pktgen samples: pktgen: new append mode 2021-03-14 14:22:38 -07:00
qmi samples: qmi: Constify static qmi ops 2020-11-24 17:08:47 -06:00
rpmsg
seccomp kbuild: introduce hostprogs-always-y and userprogs-always-y 2020-08-10 01:32:59 +09:00
timers kbuild: introduce hostprogs-always-y and userprogs-always-y 2020-08-10 01:32:59 +09:00
trace_events tracing: Fix doc mistakes in trace sample 2020-05-07 13:32:57 -04:00
trace_printk samples/trace_printk: Wait for IRQ work to finish 2019-12-21 16:08:22 -05:00
uhid kbuild: introduce hostprogs-always-y and userprogs-always-y 2020-08-10 01:32:59 +09:00
v4l media: rename VFL_TYPE_GRABBER to _VIDEO 2020-02-24 16:52:39 +01:00
vfio-mdev samples/vfio-mdev/mdpy: use remap_vmalloc_range 2021-04-30 11:20:39 -07:00
vfs kbuild: introduce hostprogs-always-y and userprogs-always-y 2020-08-10 01:32:59 +09:00
watch_queue watch_queue: Drop references to /dev/watch_queue 2021-01-21 16:16:08 +00:00
watchdog kbuild: introduce hostprogs-always-y and userprogs-always-y 2020-08-10 01:32:59 +09:00
Kconfig samples/landlock: Add a sandbox manager example 2021-04-22 12:22:11 -07:00
Makefile samples/landlock: Add a sandbox manager example 2021-04-22 12:22:11 -07:00