From: Linus Torvalds Date: Sun, 2 May 2021 01:50:44 +0000 (-0700) Subject: Merge tag 'landlock_v34' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris... X-Git-Tag: v5.15~1213 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=17ae69aba89dbfa2139b7f8024b757ab3cc42f59;p=platform%2Fkernel%2Flinux-starfive.git Merge tag 'landlock_v34' of git://git./linux/kernel/git/jmorris/linux-security Pull Landlock LSM from James Morris: "Add Landlock, a new LSM from Mickaël Salaün. Briefly, Landlock provides for unprivileged application sandboxing. From Mickaël's cover letter: "The goal of Landlock is to enable to restrict ambient rights (e.g. global filesystem access) for a set of processes. Because Landlock is a stackable LSM [1], it makes possible to create safe security sandboxes as new security layers in addition to the existing system-wide access-controls. This kind of sandbox is expected to help mitigate the security impact of bugs or unexpected/malicious behaviors in user-space applications. Landlock empowers any process, including unprivileged ones, to securely restrict themselves. Landlock is inspired by seccomp-bpf but instead of filtering syscalls and their raw arguments, a Landlock rule can restrict the use of kernel objects like file hierarchies, according to the kernel semantic. Landlock also takes inspiration from other OS sandbox mechanisms: XNU Sandbox, FreeBSD Capsicum or OpenBSD Pledge/Unveil. In this current form, Landlock misses some access-control features. This enables to minimize this patch series and ease review. This series still addresses multiple use cases, especially with the combined use of seccomp-bpf: applications with built-in sandboxing, init systems, security sandbox tools and security-oriented APIs [2]" The cover letter and v34 posting is here: https://lore.kernel.org/linux-security-module/20210422154123.13086-1-mic@digikod.net/ See also: https://landlock.io/ This code has had extensive design discussion and review over several years" Link: https://lore.kernel.org/lkml/50db058a-7dde-441b-a7f9-f6837fe8b69f@schaufler-ca.com/ [1] Link: https://lore.kernel.org/lkml/f646e1c7-33cf-333f-070c-0a40ad0468cd@digikod.net/ [2] * tag 'landlock_v34' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: landlock: Enable user space to infer supported features landlock: Add user and kernel documentation samples/landlock: Add a sandbox manager example selftests/landlock: Add user space tests landlock: Add syscall implementations arch: Wire up Landlock syscalls fs,security: Add sb_delete hook landlock: Support filesystem access-control LSM: Infrastructure management of the superblock landlock: Add ptrace restrictions landlock: Set up the security framework and manage credentials landlock: Add ruleset and domain management landlock: Add object management --- 17ae69aba89dbfa2139b7f8024b757ab3cc42f59 diff --cc arch/alpha/kernel/syscalls/syscall.tbl index c5f7e59,4240f21..5622578 --- a/arch/alpha/kernel/syscalls/syscall.tbl +++ b/arch/alpha/kernel/syscalls/syscall.tbl @@@ -482,4 -482,6 +482,7 @@@ 550 common process_madvise sys_process_madvise 551 common epoll_pwait2 sys_epoll_pwait2 552 common mount_setattr sys_mount_setattr +553 common quotactl_path sys_quotactl_path + 554 common landlock_create_ruleset sys_landlock_create_ruleset + 555 common landlock_add_rule sys_landlock_add_rule + 556 common landlock_restrict_self sys_landlock_restrict_self diff --cc arch/arm/tools/syscall.tbl index 90cbe20,161423a..c7679d7 --- a/arch/arm/tools/syscall.tbl +++ b/arch/arm/tools/syscall.tbl @@@ -456,4 -456,6 +456,7 @@@ 440 common process_madvise sys_process_madvise 441 common epoll_pwait2 sys_epoll_pwait2 442 common mount_setattr sys_mount_setattr +443 common quotactl_path sys_quotactl_path + 444 common landlock_create_ruleset sys_landlock_create_ruleset + 445 common landlock_add_rule sys_landlock_add_rule + 446 common landlock_restrict_self sys_landlock_restrict_self diff --cc arch/arm64/include/asm/unistd32.h index 8361c51,fdfe06b..7859749 --- a/arch/arm64/include/asm/unistd32.h +++ b/arch/arm64/include/asm/unistd32.h @@@ -893,8 -893,12 +893,14 @@@ __SYSCALL(__NR_process_madvise, sys_pro __SYSCALL(__NR_epoll_pwait2, compat_sys_epoll_pwait2) #define __NR_mount_setattr 442 __SYSCALL(__NR_mount_setattr, sys_mount_setattr) +#define __NR_quotactl_path 443 +__SYSCALL(__NR_quotactl_path, sys_quotactl_path) + #define __NR_landlock_create_ruleset 444 + __SYSCALL(__NR_landlock_create_ruleset, sys_landlock_create_ruleset) + #define __NR_landlock_add_rule 445 + __SYSCALL(__NR_landlock_add_rule, sys_landlock_add_rule) + #define __NR_landlock_restrict_self 446 + __SYSCALL(__NR_landlock_restrict_self, sys_landlock_restrict_self) /* * Please add new compat syscalls above this comment and update diff --cc arch/ia64/kernel/syscalls/syscall.tbl index c072cd4,48dbbc9..1ee8e73 --- a/arch/ia64/kernel/syscalls/syscall.tbl +++ b/arch/ia64/kernel/syscalls/syscall.tbl @@@ -363,4 -363,6 +363,7 @@@ 440 common process_madvise sys_process_madvise 441 common epoll_pwait2 sys_epoll_pwait2 442 common mount_setattr sys_mount_setattr +443 common quotactl_path sys_quotactl_path + 444 common landlock_create_ruleset sys_landlock_create_ruleset + 445 common landlock_add_rule sys_landlock_add_rule + 446 common landlock_restrict_self sys_landlock_restrict_self diff --cc arch/m68k/kernel/syscalls/syscall.tbl index 5e9f810,595108b..0dd019d --- a/arch/m68k/kernel/syscalls/syscall.tbl +++ b/arch/m68k/kernel/syscalls/syscall.tbl @@@ -442,4 -442,6 +442,7 @@@ 440 common process_madvise sys_process_madvise 441 common epoll_pwait2 sys_epoll_pwait2 442 common mount_setattr sys_mount_setattr +443 common quotactl_path sys_quotactl_path + 444 common landlock_create_ruleset sys_landlock_create_ruleset + 445 common landlock_add_rule sys_landlock_add_rule + 446 common landlock_restrict_self sys_landlock_restrict_self diff --cc arch/microblaze/kernel/syscalls/syscall.tbl index 8e74d69,db23d65..2ac7169 --- a/arch/microblaze/kernel/syscalls/syscall.tbl +++ b/arch/microblaze/kernel/syscalls/syscall.tbl @@@ -448,4 -448,6 +448,7 @@@ 440 common process_madvise sys_process_madvise 441 common epoll_pwait2 sys_epoll_pwait2 442 common mount_setattr sys_mount_setattr +443 common quotactl_path sys_quotactl_path + 444 common landlock_create_ruleset sys_landlock_create_ruleset + 445 common landlock_add_rule sys_landlock_add_rule + 446 common landlock_restrict_self sys_landlock_restrict_self diff --cc arch/mips/kernel/syscalls/syscall_n32.tbl index 6f397e5,5028839..5e00966 --- a/arch/mips/kernel/syscalls/syscall_n32.tbl +++ b/arch/mips/kernel/syscalls/syscall_n32.tbl @@@ -381,4 -381,6 +381,7 @@@ 440 n32 process_madvise sys_process_madvise 441 n32 epoll_pwait2 compat_sys_epoll_pwait2 442 n32 mount_setattr sys_mount_setattr +443 n32 quotactl_path sys_quotactl_path + 444 n32 landlock_create_ruleset sys_landlock_create_ruleset + 445 n32 landlock_add_rule sys_landlock_add_rule + 446 n32 landlock_restrict_self sys_landlock_restrict_self diff --cc arch/mips/kernel/syscalls/syscall_n64.tbl index ab85a35,ec9c68b..9974f5f --- a/arch/mips/kernel/syscalls/syscall_n64.tbl +++ b/arch/mips/kernel/syscalls/syscall_n64.tbl @@@ -357,4 -357,6 +357,7 @@@ 440 n64 process_madvise sys_process_madvise 441 n64 epoll_pwait2 sys_epoll_pwait2 442 n64 mount_setattr sys_mount_setattr +443 n64 quotactl_path sys_quotactl_path + 444 n64 landlock_create_ruleset sys_landlock_create_ruleset + 445 n64 landlock_add_rule sys_landlock_add_rule + 446 n64 landlock_restrict_self sys_landlock_restrict_self diff --cc arch/mips/kernel/syscalls/syscall_o32.tbl index 9c4cd2b,24afd33..39d6e71 --- a/arch/mips/kernel/syscalls/syscall_o32.tbl +++ b/arch/mips/kernel/syscalls/syscall_o32.tbl @@@ -430,4 -430,6 +430,7 @@@ 440 o32 process_madvise sys_process_madvise 441 o32 epoll_pwait2 sys_epoll_pwait2 compat_sys_epoll_pwait2 442 o32 mount_setattr sys_mount_setattr +443 o32 quotactl_path sys_quotactl_path + 444 o32 landlock_create_ruleset sys_landlock_create_ruleset + 445 o32 landlock_add_rule sys_landlock_add_rule + 446 o32 landlock_restrict_self sys_landlock_restrict_self diff --cc arch/parisc/kernel/syscalls/syscall.tbl index 80fba3f7,8ddd0b8..5ac80b8 --- a/arch/parisc/kernel/syscalls/syscall.tbl +++ b/arch/parisc/kernel/syscalls/syscall.tbl @@@ -440,4 -440,6 +440,7 @@@ 440 common process_madvise sys_process_madvise 441 common epoll_pwait2 sys_epoll_pwait2 compat_sys_epoll_pwait2 442 common mount_setattr sys_mount_setattr +443 common quotactl_path sys_quotactl_path + 444 common landlock_create_ruleset sys_landlock_create_ruleset + 445 common landlock_add_rule sys_landlock_add_rule + 446 common landlock_restrict_self sys_landlock_restrict_self diff --cc arch/powerpc/kernel/syscalls/syscall.tbl index f66f9c9,0215089..2e68fbb --- a/arch/powerpc/kernel/syscalls/syscall.tbl +++ b/arch/powerpc/kernel/syscalls/syscall.tbl @@@ -522,4 -522,6 +522,7 @@@ 440 common process_madvise sys_process_madvise 441 common epoll_pwait2 sys_epoll_pwait2 compat_sys_epoll_pwait2 442 common mount_setattr sys_mount_setattr +443 common quotactl_path sys_quotactl_path + 444 common landlock_create_ruleset sys_landlock_create_ruleset + 445 common landlock_add_rule sys_landlock_add_rule + 446 common landlock_restrict_self sys_landlock_restrict_self diff --cc arch/s390/kernel/syscalls/syscall.tbl index a421905,331663e..7e4a2ab --- a/arch/s390/kernel/syscalls/syscall.tbl +++ b/arch/s390/kernel/syscalls/syscall.tbl @@@ -445,4 -445,6 +445,7 @@@ 440 common process_madvise sys_process_madvise sys_process_madvise 441 common epoll_pwait2 sys_epoll_pwait2 compat_sys_epoll_pwait2 442 common mount_setattr sys_mount_setattr sys_mount_setattr +443 common quotactl_path sys_quotactl_path sys_quotactl_path + 444 common landlock_create_ruleset sys_landlock_create_ruleset sys_landlock_create_ruleset + 445 common landlock_add_rule sys_landlock_add_rule sys_landlock_add_rule + 446 common landlock_restrict_self sys_landlock_restrict_self sys_landlock_restrict_self diff --cc arch/sh/kernel/syscalls/syscall.tbl index f68517a,6ada711..f47a0dc --- a/arch/sh/kernel/syscalls/syscall.tbl +++ b/arch/sh/kernel/syscalls/syscall.tbl @@@ -445,4 -445,6 +445,7 @@@ 440 common process_madvise sys_process_madvise 441 common epoll_pwait2 sys_epoll_pwait2 442 common mount_setattr sys_mount_setattr +443 common quotactl_path sys_quotactl_path + 444 common landlock_create_ruleset sys_landlock_create_ruleset + 445 common landlock_add_rule sys_landlock_add_rule + 446 common landlock_restrict_self sys_landlock_restrict_self diff --cc arch/sparc/kernel/syscalls/syscall.tbl index 3ee82321,1dbe3239..b9e1c0e --- a/arch/sparc/kernel/syscalls/syscall.tbl +++ b/arch/sparc/kernel/syscalls/syscall.tbl @@@ -488,4 -488,6 +488,7 @@@ 440 common process_madvise sys_process_madvise 441 common epoll_pwait2 sys_epoll_pwait2 compat_sys_epoll_pwait2 442 common mount_setattr sys_mount_setattr +443 common quotactl_path sys_quotactl_path + 444 common landlock_create_ruleset sys_landlock_create_ruleset + 445 common landlock_add_rule sys_landlock_add_rule + 446 common landlock_restrict_self sys_landlock_restrict_self diff --cc arch/x86/entry/syscalls/syscall_32.tbl index f52a443,782c310..28a1423 --- a/arch/x86/entry/syscalls/syscall_32.tbl +++ b/arch/x86/entry/syscalls/syscall_32.tbl @@@ -447,4 -447,6 +447,7 @@@ 440 i386 process_madvise sys_process_madvise 441 i386 epoll_pwait2 sys_epoll_pwait2 compat_sys_epoll_pwait2 442 i386 mount_setattr sys_mount_setattr +443 i386 quotactl_path sys_quotactl_path + 444 i386 landlock_create_ruleset sys_landlock_create_ruleset + 445 i386 landlock_add_rule sys_landlock_add_rule + 446 i386 landlock_restrict_self sys_landlock_restrict_self diff --cc arch/x86/entry/syscalls/syscall_64.tbl index 7eb007b,8604ee4..ecd551b --- a/arch/x86/entry/syscalls/syscall_64.tbl +++ b/arch/x86/entry/syscalls/syscall_64.tbl @@@ -364,7 -364,9 +364,10 @@@ 440 common process_madvise sys_process_madvise 441 common epoll_pwait2 sys_epoll_pwait2 442 common mount_setattr sys_mount_setattr +443 common quotactl_path sys_quotactl_path + 444 common landlock_create_ruleset sys_landlock_create_ruleset + 445 common landlock_add_rule sys_landlock_add_rule + 446 common landlock_restrict_self sys_landlock_restrict_self # # Due to a historical design error, certain syscalls are numbered differently diff --cc arch/xtensa/kernel/syscalls/syscall.tbl index c71cc45,2fad056..9d76d43 --- a/arch/xtensa/kernel/syscalls/syscall.tbl +++ b/arch/xtensa/kernel/syscalls/syscall.tbl @@@ -413,4 -413,6 +413,7 @@@ 440 common process_madvise sys_process_madvise 441 common epoll_pwait2 sys_epoll_pwait2 442 common mount_setattr sys_mount_setattr +443 common quotactl_path sys_quotactl_path + 444 common landlock_create_ruleset sys_landlock_create_ruleset + 445 common landlock_add_rule sys_landlock_add_rule + 446 common landlock_restrict_self sys_landlock_restrict_self diff --cc include/uapi/asm-generic/unistd.h index 739c839,300608b..6de5a7f --- a/include/uapi/asm-generic/unistd.h +++ b/include/uapi/asm-generic/unistd.h @@@ -863,11 -863,15 +863,18 @@@ __SYSCALL(__NR_process_madvise, sys_pro __SC_COMP(__NR_epoll_pwait2, sys_epoll_pwait2, compat_sys_epoll_pwait2) #define __NR_mount_setattr 442 __SYSCALL(__NR_mount_setattr, sys_mount_setattr) +#define __NR_quotactl_path 443 +__SYSCALL(__NR_quotactl_path, sys_quotactl_path) + + #define __NR_landlock_create_ruleset 444 + __SYSCALL(__NR_landlock_create_ruleset, sys_landlock_create_ruleset) + #define __NR_landlock_add_rule 445 + __SYSCALL(__NR_landlock_add_rule, sys_landlock_add_rule) + #define __NR_landlock_restrict_self 446 + __SYSCALL(__NR_landlock_restrict_self, sys_landlock_restrict_self) + #undef __NR_syscalls - #define __NR_syscalls 444 + #define __NR_syscalls 447 /* * 32 bit systems traditionally used different diff --cc security/selinux/hooks.c index 92f909a,2ed9c99..eaea837 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@@ -7165,9 -7062,7 +7152,8 @@@ static struct security_hook_list selinu LSM_HOOK_INIT(bprm_committing_creds, selinux_bprm_committing_creds), LSM_HOOK_INIT(bprm_committed_creds, selinux_bprm_committed_creds), - LSM_HOOK_INIT(sb_free_security, selinux_sb_free_security), LSM_HOOK_INIT(sb_free_mnt_opts, selinux_free_mnt_opts), + LSM_HOOK_INIT(sb_mnt_opts_compat, selinux_sb_mnt_opts_compat), LSM_HOOK_INIT(sb_remount, selinux_sb_remount), LSM_HOOK_INIT(sb_kern_mount, selinux_sb_kern_mount), LSM_HOOK_INIT(sb_show_options, selinux_sb_show_options), diff --cc security/selinux/ss/services.c index f0ba826,9cea2e6c..0a5ce00 --- a/security/selinux/ss/services.c +++ b/security/selinux/ss/services.c @@@ -2953,9 -2874,9 +2954,9 @@@ int security_fs_use(struct selinux_stat struct selinux_policy *policy; struct policydb *policydb; struct sidtab *sidtab; - int rc = 0; + int rc; struct ocontext *c; - struct superblock_security_struct *sbsec = sb->s_security; + struct superblock_security_struct *sbsec = selinux_superblock(sb); const char *fstype = sb->s_type->name; if (!selinux_initialized(state)) {