-
- Downloads
landlock: Add abstract UNIX socket scoping
Introduce a new "scoped" member to landlock_ruleset_attr that can specify LANDLOCK_SCOPE_ABSTRACT_UNIX_SOCKET to restrict connection to abstract UNIX sockets from a process outside of the socket's domain. Two hooks are implemented to enforce these restrictions: unix_stream_connect and unix_may_send. Closes: https://github.com/landlock-lsm/linux/issues/7 Signed-off-by:Tahera Fahimi <fahimitahera@gmail.com> Link: https://lore.kernel.org/r/5f7ad85243b78427242275b93481cfc7c127764b.1725494372.git.fahimitahera@gmail.com [mic: Fix commit message formatting, improve documentation, simplify hook_unix_may_send(), and cosmetic fixes including rename of LANDLOCK_SCOPED_ABSTRACT_UNIX_SOCKET] Co-developed-by:
Mickaël Salaün <mic@digikod.net> Signed-off-by:
Showing
- include/uapi/linux/landlock.h 27 additions, 0 deletionsinclude/uapi/linux/landlock.h
- security/landlock/limits.h 3 additions, 0 deletionssecurity/landlock/limits.h
- security/landlock/ruleset.c 5 additions, 2 deletionssecurity/landlock/ruleset.c
- security/landlock/ruleset.h 23 additions, 1 deletionsecurity/landlock/ruleset.h
- security/landlock/syscalls.c 12 additions, 5 deletionssecurity/landlock/syscalls.c
- security/landlock/task.c 137 additions, 0 deletionssecurity/landlock/task.c
- tools/testing/selftests/landlock/base_test.c 1 addition, 1 deletiontools/testing/selftests/landlock/base_test.c
Loading
Please register or sign in to comment