leandrof/linux
1
0
Fork 0
forked from Minki/linux
Code Issues Pull Requests Packages Projects Releases Wiki Activity
75c542d6c6
linux/tools
History
Mickaël Salaün 75c542d6c6
landlock: Reduce the maximum number of layers to 16 
The maximum number of nested Landlock domains is currently 64.  Because
of the following fix and to help reduce the stack size, let's reduce it
to 16.  This seems large enough for a lot of use cases (e.g. sandboxed
init service, spawning a sandboxed SSH service, in nested sandboxed
containers).  Reducing the number of nested domains may also help to
discover misuse of Landlock (e.g. creating a domain per rule).

Add and use a dedicated layer_mask_t typedef to fit with the number of
layers.  This might be useful when changing it and to keep it consistent
with the maximum number of layers.

Reviewed-by: Paul Moore <paul@paul-moore.com>
Link: https://lore.kernel.org/r/20220506161102.525323-3-mic@digikod.net
Cc: stable@vger.kernel.org
Signed-off-by: Mickaël Salaün <mic@digikod.net>
2022-05-23 13:27:56 +02:00
..
accounting delayacct: track delays from memory compact 2022-01-20 08:52:55 +02:00
arch x86/tsx: Disable TSX development mode at boot 2022-04-11 09:58:40 +02:00
bootconfig
bpf Networking fixes for 5.18-rc2, including fixes from bpf and netfilter 2022-04-07 19:01:47 -10:00
build tools build: Filter out options and warnings not supported by clang 2022-04-09 12:34:16 -03:00
cgroup tools/cgroup/slabinfo: update to work with struct slab 2022-02-21 11:34:49 +01:00
counter kbuild: replace $(if A,A,B) with $(or A,B) 2022-02-15 12:25:56 +09:00
debugging
edid
firewire
firmware
gpio kbuild: replace $(if A,A,B) with $(or A,B) 2022-02-15 12:25:56 +09:00
hv kbuild: replace $(if A,A,B) with $(or A,B) 2022-02-15 12:25:56 +09:00
iio Kbuild updates for v5.18 2022-03-31 11:59:03 -07:00
include tools: Add kmem_cache_alloc_lru() 2022-04-22 14:24:28 -04:00
io_uring
kvm/kvm_stat
laptop
leds
lib perf tools: Fix segfault accessing sample_id xyarray 2022-04-13 22:23:02 -03:00
memory-model tools/memory-model: Explain syntactic and semantic dependencies 2022-02-01 17:32:30 -08:00
objtool - A fix to disable PCI/MSI[-X] masking for XEN_HVM guests as that is 2022-05-01 10:03:36 -07:00
pci kbuild: replace $(if A,A,B) with $(or A,B) 2022-02-15 12:25:56 +09:00
pcmcia
perf perf symbol: Remove arch__symbols__fixup_end() 2022-04-28 10:51:40 -03:00
power tools/power/x86/intel-speed-select: fix build failure when using -Wl,--as-needed 2022-04-13 13:49:48 +02:00
rcu
scripts Kbuild updates for v5.18 2022-03-31 11:59:03 -07:00
spi kbuild: replace $(if A,A,B) with $(or A,B) 2022-02-15 12:25:56 +09:00
testing landlock: Reduce the maximum number of layers to 16 2022-05-23 13:27:56 +02:00
thermal/tmon
time
tracing Kbuild updates for v5.18 2022-03-31 11:59:03 -07:00
usb kbuild: replace $(if A,A,B) with $(or A,B) 2022-02-15 12:25:56 +09:00
virtio tools/virtio: compile with -pthread 2022-03-28 16:52:59 -04:00
vm tools/vm/page_owner_sort.c: remove -c option 2022-04-01 11:46:09 -07:00
wmi
Makefile