mirror of https://github.com/torvalds/linux.git
cb44e4f061
Important changes: * improve the path_rename LSM hook implementations for RENAME_EXCHANGE; * fix a too-restrictive filesystem control for a rare corner case; * set the nested sandbox limitation to 16 layers; * add a new LANDLOCK_ACCESS_FS_REFER access right to properly handle file reparenting (i.e. full rename and link support); * add new tests and documentation; * format code with clang-format to make it easier to maintain and contribute. Related patch series: * [PATCH v1 0/7] Landlock: Clean up coding style with clang-format https://lore.kernel.org/r/20220506160513.523257-1-mic@digikod.net * [PATCH v2 00/10] Minor Landlock fixes and new tests https://lore.kernel.org/r/20220506160820.524344-1-mic@digikod.net * [PATCH v3 00/12] Landlock: file linking and renaming support https://lore.kernel.org/r/20220506161102.525323-1-mic@digikod.net * [PATCH v2] landlock: Explain how to support Landlock https://lore.kernel.org/r/20220513112743.156414-1-mic@digikod.net -----BEGIN PGP SIGNATURE----- iIYEABYIAC4WIQSVyBthFV4iTW/VU1/l49DojIL20gUCYousmBAcbWljQGRpZ2lr b2QubmV0AAoJEOXj0OiMgvbSWToA/32m9xJhfppiTBHqw6Dt47v4sjuE/3ScwO/O 40rzaqs3AQD8AWHeqvPuM2lwPp1NQS4mcfv7K3DSCGBbUjHqdcl3Aw== =+tJO -----END PGP SIGNATURE----- Merge tag 'landlock-5.19-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/mic/linux Pull Landlock updates from Mickaël Salaün: - improve the path_rename LSM hook implementations for RENAME_EXCHANGE; - fix a too-restrictive filesystem control for a rare corner case; - set the nested sandbox limitation to 16 layers; - add a new LANDLOCK_ACCESS_FS_REFER access right to properly handle file reparenting (i.e. full rename and link support); - add new tests and documentation; - format code with clang-format to make it easier to maintain and contribute. * tag 'landlock-5.19-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/mic/linux: (30 commits) landlock: Explain how to support Landlock landlock: Add design choices documentation for filesystem access rights landlock: Document good practices about filesystem policies landlock: Document LANDLOCK_ACCESS_FS_REFER and ABI versioning samples/landlock: Add support for file reparenting selftests/landlock: Add 11 new test suites dedicated to file reparenting landlock: Add support for file reparenting with LANDLOCK_ACCESS_FS_REFER LSM: Remove double path_rename hook calls for RENAME_EXCHANGE landlock: Move filesystem helpers and add a new one landlock: Fix same-layer rule unions landlock: Create find_rule() from unmask_layers() landlock: Reduce the maximum number of layers to 16 landlock: Define access_mask_t to enforce a consistent access mask size selftests/landlock: Test landlock_create_ruleset(2) argument check ordering landlock: Change landlock_restrict_self(2) check ordering landlock: Change landlock_add_rule(2) argument check ordering selftests/landlock: Add tests for O_PATH selftests/landlock: Fully test file rename with "remove" access selftests/landlock: Extend access right tests to directories selftests/landlock: Add tests for unknown access rights ... |
||
|---|---|---|
| .. | ||
| acrn | ||
| auxdisplay | ||
| binderfs | ||
| bpf | ||
| configfs | ||
| connector | ||
| coresight | ||
| fanotify | ||
| fprobe | ||
| ftrace | ||
| hidraw | ||
| hw_breakpoint | ||
| kdb | ||
| kfifo | ||
| kmemleak | ||
| kobject | ||
| kprobes | ||
| landlock | ||
| livepatch | ||
| mei | ||
| nitro_enclaves | ||
| pidfd | ||
| pktgen | ||
| qmi | ||
| rpmsg | ||
| seccomp | ||
| timers | ||
| trace_events | ||
| trace_printk | ||
| uhid | ||
| user_events | ||
| v4l | ||
| vfio-mdev | ||
| vfs | ||
| watch_queue | ||
| watchdog | ||
| Kconfig | ||
| Makefile | ||