[PATCH 0/2] Landlock: Add abstract unix socket connect reastriction

From: Tahera Fahimi <hidden>
Date: 2024-07-05 18:58:13
Also in: linux-security-module, lkml

This patch series introduces the optional scoping of abstract unix
sockets. This feature aims to scope the connection of an abstract socket
from a sandbox process to other sockets outside of the sandbox domain.
(see [1, 2])

The following changes are included in this series:
  [PATCH 1/2]: Introduce the "scoped" field to the ruleset structure in
               the user space interface, and add the restriction
               mechanism to Landlock.
  [PATCH 2/2]: Add three comprehensive tests for the new feature.

Tahera Fahimi (2):
  Landlock: Add abstract unix socket connect restriction
  Landlock: Abstract unix socket restriction tests

 include/uapi/linux/landlock.h                 |  29 +
 security/landlock/limits.h                    |   3 +
 security/landlock/ruleset.c                   |   7 +-
 security/landlock/ruleset.h                   |  23 +-
 security/landlock/syscalls.c                  |  12 +-
 security/landlock/task.c                      |  62 ++
 .../testing/selftests/landlock/ptrace_test.c  | 786 ++++++++++++++++++
 7 files changed, 916 insertions(+), 6 deletions(-)

[1]: https://lore.kernel.org/all/20231023.ahphah4Wii4v@digikod.net/ (local)
[2]: https://lore.kernel.org/all/20231102.MaeWaepav8nu@digikod.net/ (local)
-- 
2.34.1

Attachments

0001-landlock-Add-abstract-unix-socket-connect-restrictio.patch [text/x-diff] 11704 bytes · preview
0002-landlock-Abstract-unix-socket-restriction-tests.patch [text/x-diff] 22379 bytes · preview

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help