[PATCH 0/2] Landlock: Add abstract unix socket connect reastriction
Tahera Fahimi
fahimitahera at gmail.com
Fri Jul 5 18:58:10 UTC 2024
This patch series introduces the optional scoping of abstract unix
sockets. This feature aims to scope the connection of an abstract socket
from a sandbox process to other sockets outside of the sandbox domain.
(see [1, 2])
The following changes are included in this series:
[PATCH 1/2]: Introduce the "scoped" field to the ruleset structure in
the user space interface, and add the restriction
mechanism to Landlock.
[PATCH 2/2]: Add three comprehensive tests for the new feature.
Tahera Fahimi (2):
Landlock: Add abstract unix socket connect restriction
Landlock: Abstract unix socket restriction tests
include/uapi/linux/landlock.h | 29 +
security/landlock/limits.h | 3 +
security/landlock/ruleset.c | 7 +-
security/landlock/ruleset.h | 23 +-
security/landlock/syscalls.c | 12 +-
security/landlock/task.c | 62 ++
.../testing/selftests/landlock/ptrace_test.c | 786 ++++++++++++++++++
7 files changed, 916 insertions(+), 6 deletions(-)
[1]: https://lore.kernel.org/all/20231023.ahphah4Wii4v@digikod.net/
[2]: https://lore.kernel.org/all/20231102.MaeWaepav8nu@digikod.net/
--
2.34.1
More information about the Linux-security-module-archive
mailing list