[PATCH 1/6] landlock: Add kern_ipc_perm credential blob structs

Thu May 21 16:06:35 UTC 2026

Add landlock_kern_ipc_perm_security, tracking ownership of SysV IPC
objects.

The struct contains the creating task's Landlock credential
(@owner_subject) and a @kind enum identifying which SysV IPC object
this blob describes.  The LSM core allocates the IPC blob for every
kern_ipc_perm regardless of object kind, so the generic
ipc_permission hook needs to be able to tell which objects it should
enforce a given scope on.  An enum makes it straightforward to extend
Landlock to sem and shm scoping later without revisiting the blob
layout.

Define the size of this struct in the lbs_ipc field for the Landlock
blob sizes.

Signed-off-by: Justin Suess <utilityemal77 at gmail.com>
---
 security/landlock/setup.c |  1 +
 security/landlock/task.h  | 50 +++++++++++++++++++++++++++++++++++++++
 2 files changed, 51 insertions(+)

diff --git a/security/landlock/setup.c b/security/landlock/setup.c
index 47dac1736f10..44aff2d734e9 100644
--- a/security/landlock/setup.c
+++ b/security/landlock/setup.c
@@ -32,6 +32,7 @@ struct lsm_blob_sizes landlock_blob_sizes __ro_after_init = {
 	.lbs_file = sizeof(struct landlock_file_security),
 	.lbs_inode = sizeof(struct landlock_inode_security),
 	.lbs_superblock = sizeof(struct landlock_superblock_security),
+	.lbs_ipc = sizeof(struct landlock_kern_ipc_perm_security),
 };
 
 int landlock_errata __ro_after_init;
diff --git a/security/landlock/task.h b/security/landlock/task.h
index 7c00360219a2..0fb82e5e347c 100644
--- a/security/landlock/task.h
+++ b/security/landlock/task.h
@@ -9,6 +9,56 @@
 #ifndef _SECURITY_LANDLOCK_TASK_H
 #define _SECURITY_LANDLOCK_TASK_H
 
+#include <linux/ipc.h>
+#include <linux/types.h>
+
+#include "cred.h"
+#include "setup.h"
+
+/**
+ * enum landlock_sysv_ipc_kind - Kind of SysV IPC object backed by a blob
+ *
+ * @LANDLOCK_SYSV_IPC_UNSET: Blob has not been tagged by a Landlock IPC
+ *	allocation hook.  This is the zero value used for sem and shm
+ *	objects that Landlock does not currently scope, as well as for
+ *	any future kind that has not yet been wired up.
+ * @LANDLOCK_SYSV_IPC_MSG_QUEUE: Blob belongs to a SysV message queue.
+ */
+enum landlock_sysv_ipc_kind {
+	LANDLOCK_SYSV_IPC_UNSET = 0,
+	LANDLOCK_SYSV_IPC_MSG_QUEUE,
+};
+
+/**
+ * struct landlock_kern_ipc_perm_security - IPC object security blob
+ *
+ * Enable provenance tracking of SysV IPC objects to scope IPC accesses.
+ * The LSM core allocates a blob for every kern_ipc_perm regardless of the
+ * underlying object kind (msg queue, semaphore, shared memory), so callers
+ * that act on a subset of object kinds must consult @kind before
+ * interpreting @owner_subject.
+ */
+struct landlock_kern_ipc_perm_security {
+	/**
+	 * @owner_subject: Landlock credential of the task that created the
+	 * kernel IPC object.  Only meaningful when @kind is not
+	 * %LANDLOCK_SYSV_IPC_UNSET.
+	 */
+	struct landlock_cred_security owner_subject;
+	/**
+	 * @kind: Kind of SysV IPC object this blob describes.  Set by the
+	 * matching alloc hook; %LANDLOCK_SYSV_IPC_UNSET for objects whose
+	 * kind Landlock does not currently track.
+	 */
+	enum landlock_sysv_ipc_kind kind;
+};
+
+static inline struct landlock_kern_ipc_perm_security *
+landlock_kern_ipc_perm(const struct kern_ipc_perm *const perm)
+{
+	return perm->security + landlock_blob_sizes.lbs_ipc;
+}
+
 __init void landlock_add_task_hooks(void);
 
 #endif /* _SECURITY_LANDLOCK_TASK_H */
-- 
2.53.0


