Received: by 2002:a05:6602:18e:0:0:0:0 with SMTP id m14csp2060926ioo; Mon, 23 May 2022 09:13:43 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwqBFGpcendAWMdh5LqU0BzXZof+7ST2RdsmWQh+EFp0uKXXsrISP0GwFxwtPchaStm96Su X-Received: by 2002:a17:902:a717:b0:162:125d:f8e6 with SMTP id w23-20020a170902a71700b00162125df8e6mr9768742plq.98.1653322422958; Mon, 23 May 2022 09:13:42 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1653322422; cv=none; d=google.com; s=arc-20160816; b=OPW9Kl8JCTSosaD6Dq9pREC/GmoAikRQwYOxCK0U0G8d5WOkCGE3e2X4xR9kZ9MWv/ THvFaPJ0cEWeh3fQI2carqEb9nQkVJsJmC0mY3K7JTML8340zge49E0rGfbR8seVc5WT IvjvrGkriqc4FiALp2WVYxiv7tcAL15r7kpQjCHVDlOlUHd68lS4UMUMzxBn7z1H6Wq1 n6Fw3fM9YBmEOZ8XQhAFnEbNXp0h6YCf0iSCuWUVuD0E9/peJ1TKsyHn0da0dufuuoEF meiVgD+vHs6lJQ7lHJUGFVaqJv1dvXXKO9hBiuiR3LgxuaERzy2uerm6wc+IWro9GKNv 1vMw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from:dkim-signature; bh=9HNQlO/o09CRt3RvdbuwW+kntNjnqVtHVDsy1iWQghg=; b=Zg7ZGZj42ZkqRiq2OyT6SoVt1P4HIpt4nhm+v6RVFuUefVB+/v0DhI/zQj/NMlPQZ0 L4OoVQIS00V0KSmQ/htPIVA6rKRfrZkLRwEIqT85yIyk7XqavcuQl9rUKOd+XC8zR6ym zg25oheww+ZLxut5p9nLHub+yeZWjMntauWrvyfHjf3za1RIPvdDu73CMskcUKkx5peN SJ98KbinEiRrsk+ZT6nUDiHb/+nchEGzZy9DyUZ+7KUuv0guMimZBsj+rmzmnBeyM4ee yHm+tYKpJ7+cR7mYlKeZ/XYY8MnzOEB5z39ju+KsfNdvWiHQg3vXnKv8V9/KgIrYhGjZ Aw+Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@digikod.net header.s=20191114 header.b=RJx2Mcv6; spf=softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [23.128.96.19]) by mx.google.com with ESMTPS id co20-20020a17090afe9400b001dc681e0241si12889482pjb.27.2022.05.23.09.13.42 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 23 May 2022 09:13:42 -0700 (PDT) Received-SPF: softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) client-ip=23.128.96.19; Authentication-Results: mx.google.com; dkim=pass header.i=@digikod.net header.s=20191114 header.b=RJx2Mcv6; spf=softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id CFFAF64D2F; Mon, 23 May 2022 09:13:40 -0700 (PDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S238407AbiEWQNd (ORCPT + 99 others); Mon, 23 May 2022 12:13:33 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53048 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S238404AbiEWQNb (ORCPT ); Mon, 23 May 2022 12:13:31 -0400 Received: from smtp-bc09.mail.infomaniak.ch (smtp-bc09.mail.infomaniak.ch [45.157.188.9]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 735233151C for ; Mon, 23 May 2022 09:13:29 -0700 (PDT) Received: from smtp-3-0001.mail.infomaniak.ch (unknown [10.4.36.108]) by smtp-2-3000.mail.infomaniak.ch (Postfix) with ESMTPS id 4L6Mng4qkszMqCsj; Mon, 23 May 2022 18:13:27 +0200 (CEST) Received: from localhost (unknown [23.97.221.149]) by smtp-3-0001.mail.infomaniak.ch (Postfix) with ESMTPA id 4L6Mnf45hLzlhMCc; Mon, 23 May 2022 18:13:26 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=digikod.net; s=20191114; t=1653322407; bh=XhUEXOgvMyh0yaNnTTP+A90mHJw1pe7rby6geeIj66w=; h=From:To:Cc:Subject:Date:From; b=RJx2Mcv6Igs2Fb+Wk9itfGL7Yrg8wli7MAdBjIK9zfDLJoVpuZOMFCDZq+PCrysRO dwF6QKAo/9PNNHlyXjIIQcb+hgDo6WLr1eBdhfsYstbxxRFddZRe3CL/jTPpUgDcF7 yASOe57XCJd9pfCoyY0QyacLLh2DRNl1KPG/wOTo= From: =?UTF-8?q?Micka=C3=ABl=20Sala=C3=BCn?= To: Linus Torvalds Cc: =?UTF-8?q?Micka=C3=ABl=20Sala=C3=BCn?= , Alejandro Colomar , John Johansen , Miguel Ojeda , Paul Moore , Tetsuo Handa , linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org Subject: [GIT PULL] Landlock changes for v5.19 Date: Mon, 23 May 2022 18:12:45 +0200 Message-Id: <20220523161245.2451265-1-mic@digikod.net> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,RDNS_NONE,SPF_HELO_NONE,T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi Linus, Please pull these Landlock changes for v5.19-rc1 . These 30 commits have been successfully tested in the latest linux-next releases for several weeks, and with syzkaller: https://github.com/google/syzkaller/pull/3133 Regards, Mickaël -- The following changes since commit 672c0c5173427e6b3e2a9bbb7be51ceeec78093a: Linux 5.18-rc5 (2022-05-01 13:57:58 -0700) are available in the Git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/mic/linux.git tags/landlock-5.19-rc1 for you to fetch changes up to 5e469829baa1b1320e843adf3631edef1d6d2cf2: landlock: Explain how to support Landlock (2022-05-23 13:28:03 +0200) ---------------------------------------------------------------- Landlock updates for v5.19-rc1 Important changes: * improve the path_rename LSM hook implementations for RENAME_EXCHANGE; * fix a too-restrictive filesystem control for a rare corner case; * set the nested sandbox limitation to 16 layers; * add a new LANDLOCK_ACCESS_FS_REFER access right to properly handle file reparenting (i.e. full rename and link support); * add new tests and documentation; * format code with clang-format to make it easier to maintain and contribute. Related patch series: * [PATCH v1 0/7] Landlock: Clean up coding style with clang-format https://lore.kernel.org/r/20220506160513.523257-1-mic@digikod.net * [PATCH v2 00/10] Minor Landlock fixes and new tests https://lore.kernel.org/r/20220506160820.524344-1-mic@digikod.net * [PATCH v3 00/12] Landlock: file linking and renaming support https://lore.kernel.org/r/20220506161102.525323-1-mic@digikod.net * [PATCH v2] landlock: Explain how to support Landlock https://lore.kernel.org/r/20220513112743.156414-1-mic@digikod.net ---------------------------------------------------------------- Mickaël Salaün (30): landlock: Add clang-format exceptions landlock: Format with clang-format selftests/landlock: Add clang-format exceptions selftests/landlock: Normalize array assignment selftests/landlock: Format with clang-format samples/landlock: Add clang-format exceptions samples/landlock: Format with clang-format landlock: Fix landlock_add_rule(2) documentation selftests/landlock: Make tests build with old libc selftests/landlock: Extend tests for minimal valid attribute size selftests/landlock: Add tests for unknown access rights selftests/landlock: Extend access right tests to directories selftests/landlock: Fully test file rename with "remove" access selftests/landlock: Add tests for O_PATH landlock: Change landlock_add_rule(2) argument check ordering landlock: Change landlock_restrict_self(2) check ordering selftests/landlock: Test landlock_create_ruleset(2) argument check ordering landlock: Define access_mask_t to enforce a consistent access mask size landlock: Reduce the maximum number of layers to 16 landlock: Create find_rule() from unmask_layers() landlock: Fix same-layer rule unions landlock: Move filesystem helpers and add a new one LSM: Remove double path_rename hook calls for RENAME_EXCHANGE landlock: Add support for file reparenting with LANDLOCK_ACCESS_FS_REFER selftests/landlock: Add 11 new test suites dedicated to file reparenting samples/landlock: Add support for file reparenting landlock: Document LANDLOCK_ACCESS_FS_REFER and ABI versioning landlock: Document good practices about filesystem policies landlock: Add design choices documentation for filesystem access rights landlock: Explain how to support Landlock Documentation/security/landlock.rst | 17 +- Documentation/userspace-api/landlock.rst | 180 ++- include/linux/lsm_hook_defs.h | 2 +- include/linux/lsm_hooks.h | 1 + include/uapi/linux/landlock.h | 36 +- samples/landlock/sandboxer.c | 132 +- security/apparmor/lsm.c | 30 +- security/landlock/cred.c | 4 +- security/landlock/cred.h | 8 +- security/landlock/fs.c | 815 +++++++++--- security/landlock/fs.h | 11 +- security/landlock/limits.h | 10 +- security/landlock/object.c | 6 +- security/landlock/object.h | 6 +- security/landlock/ptrace.c | 10 +- security/landlock/ruleset.c | 84 +- security/landlock/ruleset.h | 35 +- security/landlock/syscalls.c | 95 +- security/security.c | 9 +- security/tomoyo/tomoyo.c | 11 +- tools/testing/selftests/landlock/base_test.c | 179 ++- tools/testing/selftests/landlock/common.h | 66 +- tools/testing/selftests/landlock/fs_test.c | 1619 +++++++++++++++++++----- tools/testing/selftests/landlock/ptrace_test.c | 40 +- 24 files changed, 2646 insertions(+), 760 deletions(-)