# git rev-parse -q --verify 17ae69aba89dbfa2139b7f8024b757ab3cc42f59^{commit} 17ae69aba89dbfa2139b7f8024b757ab3cc42f59 already have revision, skipping fetch # git checkout -q -f -B kisskb 17ae69aba89dbfa2139b7f8024b757ab3cc42f59 # git clean -qxdf # < git log -1 # commit 17ae69aba89dbfa2139b7f8024b757ab3cc42f59 # Merge: e6f0bf09f066 3532b0b4352c # Author: Linus Torvalds # Date: Sat May 1 18:50:44 2021 -0700 # # Merge tag 'landlock_v34' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security # # Pull Landlock LSM from James Morris: # "Add Landlock, a new LSM from Mickaël Salaün. # # Briefly, Landlock provides for unprivileged application sandboxing. # # From Mickaël's cover letter: # "The goal of Landlock is to enable to restrict ambient rights (e.g. # global filesystem access) for a set of processes. Because Landlock # is a stackable LSM [1], it makes possible to create safe security # sandboxes as new security layers in addition to the existing # system-wide access-controls. This kind of sandbox is expected to # help mitigate the security impact of bugs or unexpected/malicious # behaviors in user-space applications. Landlock empowers any # process, including unprivileged ones, to securely restrict # themselves. # # Landlock is inspired by seccomp-bpf but instead of filtering # syscalls and their raw arguments, a Landlock rule can restrict the # use of kernel objects like file hierarchies, according to the # kernel semantic. Landlock also takes inspiration from other OS # sandbox mechanisms: XNU Sandbox, FreeBSD Capsicum or OpenBSD # Pledge/Unveil. # # In this current form, Landlock misses some access-control features. # This enables to minimize this patch series and ease review. This # series still addresses multiple use cases, especially with the # combined use of seccomp-bpf: applications with built-in sandboxing, # init systems, security sandbox tools and security-oriented APIs [2]" # # The cover letter and v34 posting is here: # # https://lore.kernel.org/linux-security-module/20210422154123.13086-1-mic@digikod.net/ # # See also: # # https://landlock.io/ # # This code has had extensive design discussion and review over several # years" # # Link: https://lore.kernel.org/lkml/50db058a-7dde-441b-a7f9-f6837fe8b69f@schaufler-ca.com/ [1] # Link: https://lore.kernel.org/lkml/f646e1c7-33cf-333f-070c-0a40ad0468cd@digikod.net/ [2] # # * tag 'landlock_v34' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: # landlock: Enable user space to infer supported features # landlock: Add user and kernel documentation # samples/landlock: Add a sandbox manager example # selftests/landlock: Add user space tests # landlock: Add syscall implementations # arch: Wire up Landlock syscalls # fs,security: Add sb_delete hook # landlock: Support filesystem access-control # LSM: Infrastructure management of the superblock # landlock: Add ptrace restrictions # landlock: Set up the security framework and manage credentials # landlock: Add ruleset and domain management # landlock: Add object management # < /opt/cross/kisskb/br-aarch64-glibc-2016.08-613-ge98b4dd/bin/aarch64-linux-gcc --version # < /opt/cross/kisskb/br-aarch64-glibc-2016.08-613-ge98b4dd/bin/aarch64-linux-ld --version # < git log --format=%s --max-count=1 17ae69aba89dbfa2139b7f8024b757ab3cc42f59 # < make -s -j 24 ARCH=arm64 O=/kisskb/build/linus_arm64-allmodconfig_arm64-gcc5.4 CROSS_COMPILE=/opt/cross/kisskb/br-aarch64-glibc-2016.08-613-ge98b4dd/bin/aarch64-linux- allmodconfig # < make -s -j 24 ARCH=arm64 O=/kisskb/build/linus_arm64-allmodconfig_arm64-gcc5.4 CROSS_COMPILE=/opt/cross/kisskb/br-aarch64-glibc-2016.08-613-ge98b4dd/bin/aarch64-linux- help # make -s -j 24 ARCH=arm64 O=/kisskb/build/linus_arm64-allmodconfig_arm64-gcc5.4 CROSS_COMPILE=/opt/cross/kisskb/br-aarch64-glibc-2016.08-613-ge98b4dd/bin/aarch64-linux- olddefconfig # make -s -j 24 ARCH=arm64 O=/kisskb/build/linus_arm64-allmodconfig_arm64-gcc5.4 CROSS_COMPILE=/opt/cross/kisskb/br-aarch64-glibc-2016.08-613-ge98b4dd/bin/aarch64-linux- /kisskb/src/arch/arm64/Makefile:25: ld does not support --fix-cortex-a53-843419; kernel may be susceptible to erratum /kisskb/src/arch/arm64/Makefile:33: LSE atomics not supported by binutils In file included from /opt/cross/kisskb/br-aarch64-glibc-2016.08-613-ge98b4dd/bin/../lib/gcc/aarch64-buildroot-linux-gnu/5.4.0/plugin/include/tm.h:27, from /opt/cross/kisskb/br-aarch64-glibc-2016.08-613-ge98b4dd/bin/../lib/gcc/aarch64-buildroot-linux-gnu/5.4.0/plugin/include/gcc-plugin.h:31, from /opt/cross/kisskb/br-aarch64-glibc-2016.08-613-ge98b4dd/bin/../lib/gcc/aarch64-buildroot-linux-gnu/5.4.0/plugin/include/plugin.h:23, from /kisskb/src/scripts/gcc-plugins/gcc-common.h:9, from /kisskb/src/scripts/gcc-plugins/latent_entropy_plugin.c:78: /opt/cross/kisskb/br-aarch64-glibc-2016.08-613-ge98b4dd/bin/../lib/gcc/aarch64-buildroot-linux-gnu/5.4.0/plugin/include/config/elfos.h:102:21: warning: invalid suffix on literal; C++11 requires a space between literal and string macro [-Wliteral-suffix] fprintf ((FILE), "%s"HOST_WIDE_INT_PRINT_UNSIGNED"\n",\ ^ /opt/cross/kisskb/br-aarch64-glibc-2016.08-613-ge98b4dd/bin/../lib/gcc/aarch64-buildroot-linux-gnu/5.4.0/plugin/include/config/elfos.h:170:24: warning: invalid suffix on literal; C++11 requires a space between literal and string macro [-Wliteral-suffix] fprintf ((FILE), ","HOST_WIDE_INT_PRINT_UNSIGNED",%u\n", \ ^ In file included from /opt/cross/kisskb/br-aarch64-glibc-2016.08-613-ge98b4dd/bin/../lib/gcc/aarch64-buildroot-linux-gnu/5.4.0/plugin/include/tm.h:44, from /opt/cross/kisskb/br-aarch64-glibc-2016.08-613-ge98b4dd/bin/../lib/gcc/aarch64-buildroot-linux-gnu/5.4.0/plugin/include/gcc-plugin.h:31, from /opt/cross/kisskb/br-aarch64-glibc-2016.08-613-ge98b4dd/bin/../lib/gcc/aarch64-buildroot-linux-gnu/5.4.0/plugin/include/plugin.h:23, from /kisskb/src/scripts/gcc-plugins/gcc-common.h:9, from /kisskb/src/scripts/gcc-plugins/latent_entropy_plugin.c:78: /opt/cross/kisskb/br-aarch64-glibc-2016.08-613-ge98b4dd/bin/../lib/gcc/aarch64-buildroot-linux-gnu/5.4.0/plugin/include/defaults.h:126:24: warning: invalid suffix on literal; C++11 requires a space between literal and string macro [-Wliteral-suffix] fprintf ((FILE), ","HOST_WIDE_INT_PRINT_UNSIGNED",%u\n", \ ^ In file included from /opt/cross/kisskb/br-aarch64-glibc-2016.08-613-ge98b4dd/bin/../lib/gcc/aarch64-buildroot-linux-gnu/5.4.0/plugin/include/tm.h:27, from /opt/cross/kisskb/br-aarch64-glibc-2016.08-613-ge98b4dd/bin/../lib/gcc/aarch64-buildroot-linux-gnu/5.4.0/plugin/include/gcc-plugin.h:31, from /opt/cross/kisskb/br-aarch64-glibc-2016.08-613-ge98b4dd/bin/../lib/gcc/aarch64-buildroot-linux-gnu/5.4.0/plugin/include/plugin.h:23, from /kisskb/src/scripts/gcc-plugins/gcc-common.h:9, from /kisskb/src/scripts/gcc-plugins/sancov_plugin.c:22: /opt/cross/kisskb/br-aarch64-glibc-2016.08-613-ge98b4dd/bin/../lib/gcc/aarch64-buildroot-linux-gnu/5.4.0/plugin/include/config/elfos.h:102:21: warning: invalid suffix on literal; C++11 requires a space between literal and string macro [-Wliteral-suffix] fprintf ((FILE), "%s"HOST_WIDE_INT_PRINT_UNSIGNED"\n",\ ^ /opt/cross/kisskb/br-aarch64-glibc-2016.08-613-ge98b4dd/bin/../lib/gcc/aarch64-buildroot-linux-gnu/5.4.0/plugin/include/config/elfos.h:170:24: warning: invalid suffix on literal; C++11 requires a space between literal and string macro [-Wliteral-suffix] fprintf ((FILE), ","HOST_WIDE_INT_PRINT_UNSIGNED",%u\n", \ ^ In file included from /opt/cross/kisskb/br-aarch64-glibc-2016.08-613-ge98b4dd/bin/../lib/gcc/aarch64-buildroot-linux-gnu/5.4.0/plugin/include/tm.h:44, from /opt/cross/kisskb/br-aarch64-glibc-2016.08-613-ge98b4dd/bin/../lib/gcc/aarch64-buildroot-linux-gnu/5.4.0/plugin/include/gcc-plugin.h:31, from /opt/cross/kisskb/br-aarch64-glibc-2016.08-613-ge98b4dd/bin/../lib/gcc/aarch64-buildroot-linux-gnu/5.4.0/plugin/include/plugin.h:23, from /kisskb/src/scripts/gcc-plugins/gcc-common.h:9, from /kisskb/src/scripts/gcc-plugins/sancov_plugin.c:22: /opt/cross/kisskb/br-aarch64-glibc-2016.08-613-ge98b4dd/bin/../lib/gcc/aarch64-buildroot-linux-gnu/5.4.0/plugin/include/defaults.h:126:24: warning: invalid suffix on literal; C++11 requires a space between literal and string macro [-Wliteral-suffix] fprintf ((FILE), ","HOST_WIDE_INT_PRINT_UNSIGNED",%u\n", \ ^ In file included from /opt/cross/kisskb/br-aarch64-glibc-2016.08-613-ge98b4dd/bin/../lib/gcc/aarch64-buildroot-linux-gnu/5.4.0/plugin/include/tm.h:27, from /opt/cross/kisskb/br-aarch64-glibc-2016.08-613-ge98b4dd/bin/../lib/gcc/aarch64-buildroot-linux-gnu/5.4.0/plugin/include/gcc-plugin.h:31, from /opt/cross/kisskb/br-aarch64-glibc-2016.08-613-ge98b4dd/bin/../lib/gcc/aarch64-buildroot-linux-gnu/5.4.0/plugin/include/plugin.h:23, from /kisskb/src/scripts/gcc-plugins/gcc-common.h:9, from /kisskb/src/scripts/gcc-plugins/structleak_plugin.c:32: /opt/cross/kisskb/br-aarch64-glibc-2016.08-613-ge98b4dd/bin/../lib/gcc/aarch64-buildroot-linux-gnu/5.4.0/plugin/include/config/elfos.h:102:21: warning: invalid suffix on literal; C++11 requires a space between literal and string macro [-Wliteral-suffix] fprintf ((FILE), "%s"HOST_WIDE_INT_PRINT_UNSIGNED"\n",\ ^ /opt/cross/kisskb/br-aarch64-glibc-2016.08-613-ge98b4dd/bin/../lib/gcc/aarch64-buildroot-linux-gnu/5.4.0/plugin/include/config/elfos.h:170:24: warning: invalid suffix on literal; C++11 requires a space between literal and string macro [-Wliteral-suffix] fprintf ((FILE), ","HOST_WIDE_INT_PRINT_UNSIGNED",%u\n", \ ^ In file included from /opt/cross/kisskb/br-aarch64-glibc-2016.08-613-ge98b4dd/bin/../lib/gcc/aarch64-buildroot-linux-gnu/5.4.0/plugin/include/tm.h:44, from /opt/cross/kisskb/br-aarch64-glibc-2016.08-613-ge98b4dd/bin/../lib/gcc/aarch64-buildroot-linux-gnu/5.4.0/plugin/include/gcc-plugin.h:31, from /opt/cross/kisskb/br-aarch64-glibc-2016.08-613-ge98b4dd/bin/../lib/gcc/aarch64-buildroot-linux-gnu/5.4.0/plugin/include/plugin.h:23, from /kisskb/src/scripts/gcc-plugins/gcc-common.h:9, from /kisskb/src/scripts/gcc-plugins/structleak_plugin.c:32: /opt/cross/kisskb/br-aarch64-glibc-2016.08-613-ge98b4dd/bin/../lib/gcc/aarch64-buildroot-linux-gnu/5.4.0/plugin/include/defaults.h:126:24: warning: invalid suffix on literal; C++11 requires a space between literal and string macro [-Wliteral-suffix] fprintf ((FILE), ","HOST_WIDE_INT_PRINT_UNSIGNED",%u\n", \ ^ In file included from /opt/cross/kisskb/br-aarch64-glibc-2016.08-613-ge98b4dd/bin/../lib/gcc/aarch64-buildroot-linux-gnu/5.4.0/plugin/include/tm.h:27, from /opt/cross/kisskb/br-aarch64-glibc-2016.08-613-ge98b4dd/bin/../lib/gcc/aarch64-buildroot-linux-gnu/5.4.0/plugin/include/gcc-plugin.h:31, from /opt/cross/kisskb/br-aarch64-glibc-2016.08-613-ge98b4dd/bin/../lib/gcc/aarch64-buildroot-linux-gnu/5.4.0/plugin/include/plugin.h:23, from /kisskb/src/scripts/gcc-plugins/gcc-common.h:9, from /kisskb/src/scripts/gcc-plugins/stackleak_plugin.c:30: /opt/cross/kisskb/br-aarch64-glibc-2016.08-613-ge98b4dd/bin/../lib/gcc/aarch64-buildroot-linux-gnu/5.4.0/plugin/include/config/elfos.h:102:21: warning: invalid suffix on literal; C++11 requires a space between literal and string macro [-Wliteral-suffix] fprintf ((FILE), "%s"HOST_WIDE_INT_PRINT_UNSIGNED"\n",\ ^ /opt/cross/kisskb/br-aarch64-glibc-2016.08-613-ge98b4dd/bin/../lib/gcc/aarch64-buildroot-linux-gnu/5.4.0/plugin/include/config/elfos.h:170:24: warning: invalid suffix on literal; C++11 requires a space between literal and string macro [-Wliteral-suffix] fprintf ((FILE), ","HOST_WIDE_INT_PRINT_UNSIGNED",%u\n", \ ^ In file included from /opt/cross/kisskb/br-aarch64-glibc-2016.08-613-ge98b4dd/bin/../lib/gcc/aarch64-buildroot-linux-gnu/5.4.0/plugin/include/tm.h:44, from /opt/cross/kisskb/br-aarch64-glibc-2016.08-613-ge98b4dd/bin/../lib/gcc/aarch64-buildroot-linux-gnu/5.4.0/plugin/include/gcc-plugin.h:31, from /opt/cross/kisskb/br-aarch64-glibc-2016.08-613-ge98b4dd/bin/../lib/gcc/aarch64-buildroot-linux-gnu/5.4.0/plugin/include/plugin.h:23, from /kisskb/src/scripts/gcc-plugins/gcc-common.h:9, from /kisskb/src/scripts/gcc-plugins/stackleak_plugin.c:30: /opt/cross/kisskb/br-aarch64-glibc-2016.08-613-ge98b4dd/bin/../lib/gcc/aarch64-buildroot-linux-gnu/5.4.0/plugin/include/defaults.h:126:24: warning: invalid suffix on literal; C++11 requires a space between literal and string macro [-Wliteral-suffix] fprintf ((FILE), ","HOST_WIDE_INT_PRINT_UNSIGNED",%u\n", \ ^ cc1plus: warning: unrecognized command line option '-Wno-format-diag' cc1plus: warning: unrecognized command line option '-Wno-format-diag' cc1plus: warning: unrecognized command line option '-Wno-format-diag' cc1plus: warning: unrecognized command line option '-Wno-format-diag' In file included from /opt/cross/kisskb/br-aarch64-glibc-2016.08-613-ge98b4dd/bin/../lib/gcc/aarch64-buildroot-linux-gnu/5.4.0/plugin/include/tm.h:27, from /opt/cross/kisskb/br-aarch64-glibc-2016.08-613-ge98b4dd/bin/../lib/gcc/aarch64-buildroot-linux-gnu/5.4.0/plugin/include/gcc-plugin.h:31, from /opt/cross/kisskb/br-aarch64-glibc-2016.08-613-ge98b4dd/bin/../lib/gcc/aarch64-buildroot-linux-gnu/5.4.0/plugin/include/plugin.h:23, from /kisskb/src/scripts/gcc-plugins/gcc-common.h:9, from /kisskb/src/scripts/gcc-plugins/randomize_layout_plugin.c:19: /opt/cross/kisskb/br-aarch64-glibc-2016.08-613-ge98b4dd/bin/../lib/gcc/aarch64-buildroot-linux-gnu/5.4.0/plugin/include/config/elfos.h:102:21: warning: invalid suffix on literal; C++11 requires a space between literal and string macro [-Wliteral-suffix] fprintf ((FILE), "%s"HOST_WIDE_INT_PRINT_UNSIGNED"\n",\ ^ /opt/cross/kisskb/br-aarch64-glibc-2016.08-613-ge98b4dd/bin/../lib/gcc/aarch64-buildroot-linux-gnu/5.4.0/plugin/include/config/elfos.h:170:24: warning: invalid suffix on literal; C++11 requires a space between literal and string macro [-Wliteral-suffix] fprintf ((FILE), ","HOST_WIDE_INT_PRINT_UNSIGNED",%u\n", \ ^ In file included from /opt/cross/kisskb/br-aarch64-glibc-2016.08-613-ge98b4dd/bin/../lib/gcc/aarch64-buildroot-linux-gnu/5.4.0/plugin/include/tm.h:44, from /opt/cross/kisskb/br-aarch64-glibc-2016.08-613-ge98b4dd/bin/../lib/gcc/aarch64-buildroot-linux-gnu/5.4.0/plugin/include/gcc-plugin.h:31, from /opt/cross/kisskb/br-aarch64-glibc-2016.08-613-ge98b4dd/bin/../lib/gcc/aarch64-buildroot-linux-gnu/5.4.0/plugin/include/plugin.h:23, from /kisskb/src/scripts/gcc-plugins/gcc-common.h:9, from /kisskb/src/scripts/gcc-plugins/randomize_layout_plugin.c:19: /opt/cross/kisskb/br-aarch64-glibc-2016.08-613-ge98b4dd/bin/../lib/gcc/aarch64-buildroot-linux-gnu/5.4.0/plugin/include/defaults.h:126:24: warning: invalid suffix on literal; C++11 requires a space between literal and string macro [-Wliteral-suffix] fprintf ((FILE), ","HOST_WIDE_INT_PRINT_UNSIGNED",%u\n", \ ^ cc1plus: warning: unrecognized command line option '-Wno-format-diag' /kisskb/src/samples/seccomp/user-trap.c: In function 'send_fd': /kisskb/src/samples/seccomp/user-trap.c:50:2: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing] *((int *)CMSG_DATA(cmsg)) = fd; ^ /kisskb/src/samples/seccomp/user-trap.c: In function 'recv_fd': /kisskb/src/samples/seccomp/user-trap.c:83:2: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing] return *((int *)CMSG_DATA(cmsg)); ^ /kisskb/src/lib/bitfield_kunit.c: In function 'test_bitfields_constants': /kisskb/src/lib/bitfield_kunit.c:93:1: warning: the frame size of 7440 bytes is larger than 2048 bytes [-Wframe-larger-than=] } ^ Completed OK # rm -rf /kisskb/build/linus_arm64-allmodconfig_arm64-gcc5.4 # Build took: 0:32:31.562778