system/linux
system/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux synced 2024-09-30 00:10:51 +00:00
Code Issues Packages Projects Releases Wiki Activity
linux/security/landlock
History
Linus Torvalds e1b061b444 Landlock updates for v6.12-rc1 
-----BEGIN PGP SIGNATURE-----
 
 iIYEABYKAC4WIQSVyBthFV4iTW/VU1/l49DojIL20gUCZvGpchAcbWljQGRpZ2lr
 b2QubmV0AAoJEOXj0OiMgvbSTzMBAIpcYKf75IyC4DXqiXlko508YdyI2YfYeWdd
 5yVZbSHgAP0aEFO4AOvJ26pPlGF+8zVIHq+HNAhrAalZBulxASePCA==
 =nsAF
 -----END PGP SIGNATURE-----

Merge tag 'landlock-6.12-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/mic/linux

Pull landlock updates from Mickaël Salaün:
 "We can now scope a Landlock domain thanks to a new "scoped" field that
  can deny interactions with resources outside of this domain.

  The LANDLOCK_SCOPE_ABSTRACT_UNIX_SOCKET flag denies connections to an
  abstract UNIX socket created outside of the current scoped domain, and
  the LANDLOCK_SCOPE_SIGNAL flag denies sending a signal to processes
  outside of the current scoped domain.

  These restrictions also apply to nested domains according to their
  scope. The related changes will also be useful to support other kind
  of IPC isolations"

* tag 'landlock-6.12-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/mic/linux:
  landlock: Document LANDLOCK_SCOPE_SIGNAL
  samples/landlock: Add support for signal scoping
  selftests/landlock: Test signal created by out-of-bound message
  selftests/landlock: Test signal scoping for threads
  selftests/landlock: Test signal scoping
  landlock: Add signal scoping
  landlock: Document LANDLOCK_SCOPE_ABSTRACT_UNIX_SOCKET
  samples/landlock: Add support for abstract UNIX socket scoping
  selftests/landlock: Test inherited restriction of abstract UNIX socket
  selftests/landlock: Test connected and unconnected datagram UNIX socket
  selftests/landlock: Test UNIX sockets with any address formats
  selftests/landlock: Test abstract UNIX socket scoping
  selftests/landlock: Test handling of unknown scope
  landlock: Add abstract UNIX socket scoping
2024-09-24 10:40:11 -07:00
..
.kunitconfig landlock: Add support for KUnit tests 2024-02-27 11:21:45 +01:00
common.h landlock: Add support for KUnit tests 2024-02-27 11:21:45 +01:00
cred.c landlock: Don't lose track of restrictions on cred_transfer 2024-07-24 17:34:54 +02:00
cred.h landlock: Add signal scoping 2024-09-16 23:50:52 +02:00
fs.c landlock: Add signal scoping 2024-09-16 23:50:52 +02:00
fs.h landlock: Add signal scoping 2024-09-16 23:50:52 +02:00
Kconfig landlock: Add support for KUnit tests 2024-02-27 11:21:45 +01:00
limits.h landlock: Add signal scoping 2024-09-16 23:50:52 +02:00
Makefile landlock: Rename "ptrace" files to "task" 2024-03-08 18:22:16 +01:00
net.c landlock: Simplify current_check_access_socket() 2024-03-08 18:22:13 +01:00
net.h landlock: Support network rules with TCP bind and connect 2023-10-26 21:07:15 +02:00
object.c landlock: Format with clang-format 2022-05-09 12:31:10 +02:00
object.h landlock: Format with clang-format 2022-05-09 12:31:10 +02:00
ruleset.c landlock: Add abstract UNIX socket scoping 2024-09-16 23:50:45 +02:00
ruleset.h landlock: Add abstract UNIX socket scoping 2024-09-16 23:50:45 +02:00
setup.c landlock: Rename "ptrace" files to "task" 2024-03-08 18:22:16 +01:00
setup.h LSM: Identify modules by more than name 2023-11-12 22:54:42 -05:00
syscalls.c Landlock updates for v6.12-rc1 2024-09-24 10:40:11 -07:00
task.c landlock: Add signal scoping 2024-09-16 23:50:52 +02:00
task.h landlock: Rename "ptrace" files to "task" 2024-03-08 18:22:16 +01:00