[GIT PULL] Landlock changes for v5.19

Mon May 23 16:12:45 UTC 2022

Hi Linus,

Please pull these Landlock changes for v5.19-rc1 .  These 30 commits
have been successfully tested in the latest linux-next releases for
several weeks, and with syzkaller:
https://github.com/google/syzkaller/pull/3133

Regards,
 Mickaël

--
The following changes since commit 672c0c5173427e6b3e2a9bbb7be51ceeec78093a:

  Linux 5.18-rc5 (2022-05-01 13:57:58 -0700)

are available in the Git repository at:

  git://git.kernel.org/pub/scm/linux/kernel/git/mic/linux.git tags/landlock-5.19-rc1

for you to fetch changes up to 5e469829baa1b1320e843adf3631edef1d6d2cf2:

  landlock: Explain how to support Landlock (2022-05-23 13:28:03 +0200)

----------------------------------------------------------------
Landlock updates for v5.19-rc1

Important changes:
* improve the path_rename LSM hook implementations for RENAME_EXCHANGE;
* fix a too-restrictive filesystem control for a rare corner case;
* set the nested sandbox limitation to 16 layers;
* add a new LANDLOCK_ACCESS_FS_REFER access right to properly handle
  file reparenting (i.e. full rename and link support);
* add new tests and documentation;
* format code with clang-format to make it easier to maintain and
  contribute.

Related patch series:
* [PATCH v1 0/7] Landlock: Clean up coding style with clang-format
  https://lore.kernel.org/r/20220506160513.523257-1-mic@digikod.net
* [PATCH v2 00/10] Minor Landlock fixes and new tests
  https://lore.kernel.org/r/20220506160820.524344-1-mic@digikod.net
* [PATCH v3 00/12] Landlock: file linking and renaming support
  https://lore.kernel.org/r/20220506161102.525323-1-mic@digikod.net
* [PATCH v2] landlock: Explain how to support Landlock
  https://lore.kernel.org/r/20220513112743.156414-1-mic@digikod.net

----------------------------------------------------------------
Mickaël Salaün (30):
      landlock: Add clang-format exceptions
      landlock: Format with clang-format
      selftests/landlock: Add clang-format exceptions
      selftests/landlock: Normalize array assignment
      selftests/landlock: Format with clang-format
      samples/landlock: Add clang-format exceptions
      samples/landlock: Format with clang-format
      landlock: Fix landlock_add_rule(2) documentation
      selftests/landlock: Make tests build with old libc
      selftests/landlock: Extend tests for minimal valid attribute size
      selftests/landlock: Add tests for unknown access rights
      selftests/landlock: Extend access right tests to directories
      selftests/landlock: Fully test file rename with "remove" access
      selftests/landlock: Add tests for O_PATH
      landlock: Change landlock_add_rule(2) argument check ordering
      landlock: Change landlock_restrict_self(2) check ordering
      selftests/landlock: Test landlock_create_ruleset(2) argument check ordering
      landlock: Define access_mask_t to enforce a consistent access mask size
      landlock: Reduce the maximum number of layers to 16
      landlock: Create find_rule() from unmask_layers()
      landlock: Fix same-layer rule unions
      landlock: Move filesystem helpers and add a new one
      LSM: Remove double path_rename hook calls for RENAME_EXCHANGE
      landlock: Add support for file reparenting with LANDLOCK_ACCESS_FS_REFER
      selftests/landlock: Add 11 new test suites dedicated to file reparenting
      samples/landlock: Add support for file reparenting
      landlock: Document LANDLOCK_ACCESS_FS_REFER and ABI versioning
      landlock: Document good practices about filesystem policies
      landlock: Add design choices documentation for filesystem access rights
      landlock: Explain how to support Landlock

 Documentation/security/landlock.rst            |   17 +-
 Documentation/userspace-api/landlock.rst       |  180 ++-
 include/linux/lsm_hook_defs.h                  |    2 +-
 include/linux/lsm_hooks.h                      |    1 +
 include/uapi/linux/landlock.h                  |   36 +-
 samples/landlock/sandboxer.c                   |  132 +-
 security/apparmor/lsm.c                        |   30 +-
 security/landlock/cred.c                       |    4 +-
 security/landlock/cred.h                       |    8 +-
 security/landlock/fs.c                         |  815 +++++++++---
 security/landlock/fs.h                         |   11 +-
 security/landlock/limits.h                     |   10 +-
 security/landlock/object.c                     |    6 +-
 security/landlock/object.h                     |    6 +-
 security/landlock/ptrace.c                     |   10 +-
 security/landlock/ruleset.c                    |   84 +-
 security/landlock/ruleset.h                    |   35 +-
 security/landlock/syscalls.c                   |   95 +-
 security/security.c                            |    9 +-
 security/tomoyo/tomoyo.c                       |   11 +-
 tools/testing/selftests/landlock/base_test.c   |  179 ++-
 tools/testing/selftests/landlock/common.h      |   66 +-
 tools/testing/selftests/landlock/fs_test.c     | 1619 +++++++++++++++++++-----
 tools/testing/selftests/landlock/ptrace_test.c |   40 +-
 24 files changed, 2646 insertions(+), 760 deletions(-)