www.infradead.org Git - users/jedix/linux-maple.git/commit

author	Mickaël Salaün <mic@digikod.net>
	Thu, 20 Mar 2025 19:07:07 +0000 (20:07 +0100)
committer	Mickaël Salaün <mic@digikod.net>
	Wed, 26 Mar 2025 12:59:43 +0000 (13:59 +0100)
commit	ead9079f75696a028aea8860787770c80eddb8f9
tree	d934ecd9e37a3f82bcc46b1fcee6fe9b23eead15	tree
parent	12bfcda73ac2cf3083c9d6d05724af92da3a4b4b	commit \| diff

landlock: Add LANDLOCK_RESTRICT_SELF_LOG_SUBDOMAINS_OFF

Add LANDLOCK_RESTRICT_SELF_LOG_SUBDOMAINS_OFF for the case of sandboxer
tools, init systems, or runtime containers launching programs sandboxing
themselves in an inconsistent way. Setting this flag should only
depends on runtime configuration (i.e. not hardcoded).

We don't create a new ruleset's option because this should not be part
of the security policy: only the task that enforces the policy (not the
one that create it) knows if itself or its children may request denied
actions.

This is the first and only flag that can be set without actually
restricting the caller (i.e. without providing a ruleset).

Extend struct landlock_cred_security with a u8 log_subdomains_off.
struct landlock_file_security is still 16 bytes.

Cc: Günther Noack <gnoack@google.com>
Cc: Paul Moore <paul@paul-moore.com>
Closes: https://github.com/landlock-lsm/linux/issues/3
Link: https://lore.kernel.org/r/20250320190717.2287696-19-mic@digikod.net
[mic: Fix comment]
Signed-off-by: Mickaël Salaün <mic@digikod.net>

include/uapi/linux/landlock.h		diff \| blob \| history
security/landlock/cred.h		diff \| blob \| history
security/landlock/limits.h		diff \| blob \| history
security/landlock/syscalls.c		diff \| blob \| history