From: "Mickaël Salaün" <mic@digikod.net>
To: Tahera Fahimi <fahimitahera@gmail.com>
Cc: "Günther Noack" <gnoack@google.com>,
"Paul Moore" <paul@paul-moore.com>,
"James Morris" <jmorris@namei.org>,
"Serge E. Hallyn" <serge@hallyn.com>,
linux-security-module@vger.kernel.org,
linux-kernel@vger.kernel.org,
"Björn Roy Baron" <bjorn3_gh@protonmail.com>,
"Jann Horn" <jannh@google.com>,
outreachy@lists.linux.dev, netdev@vger.kernel.org
Subject: Re: [PATCH 0/2] Landlock: Add abstract unix socket connect reastriction
Date: Mon, 8 Jul 2024 19:31:35 +0200 [thread overview]
Message-ID: <20240708.nujahgh6Zeec@digikod.net> (raw)
In-Reply-To: <cover.1720203255.git.fahimitahera@gmail.com>
Please send inline patches, and don't forget to set the patch series
version. Because the difference with the previous series is only about
formatting, I'l only review the previous one.
On Fri, Jul 05, 2024 at 12:58:10PM -0600, Tahera Fahimi wrote:
> This patch series introduces the optional scoping of abstract unix
> sockets. This feature aims to scope the connection of an abstract socket
> from a sandbox process to other sockets outside of the sandbox domain.
> (see [1, 2])
>
> The following changes are included in this series:
> [PATCH 1/2]: Introduce the "scoped" field to the ruleset structure in
> the user space interface, and add the restriction
> mechanism to Landlock.
> [PATCH 2/2]: Add three comprehensive tests for the new feature.
>
> Tahera Fahimi (2):
> Landlock: Add abstract unix socket connect restriction
> Landlock: Abstract unix socket restriction tests
>
> include/uapi/linux/landlock.h | 29 +
> security/landlock/limits.h | 3 +
> security/landlock/ruleset.c | 7 +-
> security/landlock/ruleset.h | 23 +-
> security/landlock/syscalls.c | 12 +-
> security/landlock/task.c | 62 ++
> .../testing/selftests/landlock/ptrace_test.c | 786 ++++++++++++++++++
> 7 files changed, 916 insertions(+), 6 deletions(-)
>
> [1]: https://lore.kernel.org/all/20231023.ahphah4Wii4v@digikod.net/
> [2]: https://lore.kernel.org/all/20231102.MaeWaepav8nu@digikod.net/
> --
> 2.34.1
>
prev parent reply other threads:[~2024-07-08 17:31 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-07-05 18:58 [PATCH 0/2] Landlock: Add abstract unix socket connect reastriction Tahera Fahimi
2024-07-08 17:31 ` Mickaël Salaün [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240708.nujahgh6Zeec@digikod.net \
--to=mic@digikod.net \
--cc=bjorn3_gh@protonmail.com \
--cc=fahimitahera@gmail.com \
--cc=gnoack@google.com \
--cc=jannh@google.com \
--cc=jmorris@namei.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=outreachy@lists.linux.dev \
--cc=paul@paul-moore.com \
--cc=serge@hallyn.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).