proxmox-mirrors/mirror_ubuntu-kernels
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_ubuntu-kernels.git synced 2026-02-03 21:33:55 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
17ae69aba8
mirror_ubuntu-kernels/tools/testing/selftests
History
Linus Torvalds 17ae69aba8 Add Landlock, a new LSM from Mickaël Salaün <mic@linux.microsoft.com> 
-----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEgycj0O+d1G2aycA8rZhLv9lQBTwFAmCInP4ACgkQrZhLv9lQ
 BTza0g//dTeb9woC9H7qlEhK4l9yk62lTss60Q8X7m7ZSNfdL4tiEbi64SgK+iOW
 OOegbrOEb8Kzh4KJJYmVlVZ5YUWyH4szgmee1wnylBdsWiWaPLPF3Cflz77apy6T
 TiiBsJd7rRE29FKheaMt34B41BMh8QHESN+DzjzJWsFoi/uNxjgSs2W16XuSupKu
 bpRmB1pYNXMlrkzz7taL05jndZYE5arVriqlxgAsuLOFOp/ER7zecrjImdCM/4kL
 W6ej0R1fz2Geh6CsLBJVE+bKWSQ82q5a4xZEkSYuQHXgZV5eywE5UKu8ssQcRgQA
 VmGUY5k73rfY9Ofupf2gCaf/JSJNXKO/8Xjg0zAdklKtmgFjtna5Tyg9I90j7zn+
 5swSpKuRpilN8MQH+6GWAnfqQlNoviTOpFeq3LwBtNVVOh08cOg6lko/bmebBC+R
 TeQPACKS0Q0gCDPm9RYoU1pMUuYgfOwVfVRZK1prgi2Co7ZBUMOvYbNoKYoPIydr
 ENBYljlU1OYwbzgR2nE+24fvhU8xdNOVG1xXYPAEHShu+p7dLIWRLhl8UCtRQpSR
 1ofeVaJjgjrp29O+1OIQjB2kwCaRdfv/Gq1mztE/VlMU/r++E62OEzcH0aS+mnrg
 yzfyUdI8IFv1q6FGT9yNSifWUWxQPmOKuC8kXsKYfqfJsFwKmHM=
 =uCN4
 -----END PGP SIGNATURE-----

Merge tag 'landlock_v34' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security

Pull Landlock LSM from James Morris:
 "Add Landlock, a new LSM from Mickaël Salaün.

  Briefly, Landlock provides for unprivileged application sandboxing.

  From Mickaël's cover letter:
    "The goal of Landlock is to enable to restrict ambient rights (e.g.
     global filesystem access) for a set of processes. Because Landlock
     is a stackable LSM [1], it makes possible to create safe security
     sandboxes as new security layers in addition to the existing
     system-wide access-controls. This kind of sandbox is expected to
     help mitigate the security impact of bugs or unexpected/malicious
     behaviors in user-space applications. Landlock empowers any
     process, including unprivileged ones, to securely restrict
     themselves.

     Landlock is inspired by seccomp-bpf but instead of filtering
     syscalls and their raw arguments, a Landlock rule can restrict the
     use of kernel objects like file hierarchies, according to the
     kernel semantic. Landlock also takes inspiration from other OS
     sandbox mechanisms: XNU Sandbox, FreeBSD Capsicum or OpenBSD
     Pledge/Unveil.

     In this current form, Landlock misses some access-control features.
     This enables to minimize this patch series and ease review. This
     series still addresses multiple use cases, especially with the
     combined use of seccomp-bpf: applications with built-in sandboxing,
     init systems, security sandbox tools and security-oriented APIs [2]"

  The cover letter and v34 posting is here:

      https://lore.kernel.org/linux-security-module/20210422154123.13086-1-mic@digikod.net/

  See also:

      https://landlock.io/

  This code has had extensive design discussion and review over several
  years"

Link: https://lore.kernel.org/lkml/50db058a-7dde-441b-a7f9-f6837fe8b69f@schaufler-ca.com/ [1]
Link: https://lore.kernel.org/lkml/f646e1c7-33cf-333f-070c-0a40ad0468cd@digikod.net/ [2]

* tag 'landlock_v34' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security:
  landlock: Enable user space to infer supported features
  landlock: Add user and kernel documentation
  samples/landlock: Add a sandbox manager example
  selftests/landlock: Add user space tests
  landlock: Add syscall implementations
  arch: Wire up Landlock syscalls
  fs,security: Add sb_delete hook
  landlock: Support filesystem access-control
  LSM: Infrastructure management of the superblock
  landlock: Add ptrace restrictions
  landlock: Set up the security framework and manage credentials
  landlock: Add ruleset and domain management
  landlock: Add object management
2021-05-01 18:50:44 -07:00
..
arm64 arm64 updates for 5.13: 2021-04-26 10:25:03 -07:00
bpf Kbuild updates for v5.13 2021-04-29 14:24:39 -07:00
breakpoints selftests: breakpoints: Use correct error messages in breakpoint_test_arm64.c 2021-02-08 17:04:41 -07:00
capabilities
cgroup kselftests: cgroup: update kmem test for new vmstat implementation 2021-04-30 11:20:38 -07:00
clone3 selftests/clone3: Fix build error 2020-12-07 14:34:55 -07:00
core selftests/core: add regression test for CLOSE_RANGE_UNSHARE | CLOSE_RANGE_CLOEXEC 2020-12-19 16:23:19 +01:00
cpu-hotplug
cpufreq
dma dma-mapping: benchmark: pretend DMA is transmitting 2021-02-05 12:48:46 +01:00
dmabuf-heaps kselftests: dmabuf-heaps: Add extra checking that allocated buffers are zeroed 2021-02-08 16:25:53 -07:00
drivers selftests: mlxsw: Fix mausezahn invocation in ERSPAN scale test 2021-04-23 14:01:28 -07:00
efivarfs
exec tools/testing/selftests: add self-test for verifying load alignment 2020-10-16 11:11:21 -07:00
filesystems selftests/filesystems: expand epoll with epoll_pwait2 2020-12-19 11:18:38 -08:00
firmware firmware_loader: Remove unnecessary conversion to bool 2021-03-23 14:51:50 +01:00
fpu
ftrace selftests/ftrace: Add '!event' synthetic event syntax check 2021-02-11 16:22:32 -05:00
futex
gpio selftests: gpio: update .gitignore 2021-03-08 11:59:16 +01:00
ia64
intel_pstate selftests: intel_pstate: ftime() is deprecated 2020-11-10 14:41:32 -07:00
ipc selftests/ipc: remove unneeded semicolon 2021-02-08 16:32:43 -07:00
ir
kcmp
kexec
kmod selftests: kmod: use variable NAME in kmod_test_0001() 2020-08-12 10:58:01 -07:00
kselftest tweewide: Fix most Shebang lines 2020-12-08 23:30:04 +09:00
kvm ARM: 2021-05-01 10:14:08 -07:00
landlock landlock: Enable user space to infer supported features 2021-04-22 12:22:11 -07:00
lib
livepatch selftests/livepatch: Do not check order when using "comm" for dmesg checking 2020-08-27 15:27:24 +02:00
lkdtm lkdtm: Add REPORT_STACK for checking stack offsets 2021-04-08 14:05:20 +02:00
locking
media_tests
membarrier
memfd selftests/memfd: Fix implicit declaration warnings 2020-11-10 14:42:04 -07:00
memory-hotplug
mincore selftests: add mincore() tests 2020-08-07 11:33:27 -07:00
mount selftests: mount: add nosymfollow tests 2020-08-27 16:06:47 -04:00
mount_setattr tests: add mount_setattr() selftests 2021-01-24 14:43:45 +01:00
mqueue
nci selftests: Add nci suite 2021-01-29 18:03:33 -08:00
net selftests/net: bump timeout to 5 minutes 2021-04-23 14:08:58 -07:00
netfilter selftests: netfilter: flowtable bridge and vlan support 2021-03-24 12:48:39 -07:00
nsfs
ntb
openat2 selftests: openat2: add RESOLVE_ conflict test 2020-12-03 10:16:28 +01:00
perf_events signal, perf: Fix siginfo_t by avoiding u64 on 32-bit architectures 2021-04-23 09:03:16 +02:00
pid_namespace
pidfd selftests: pidfd: drop needless linux/kcmp.h inclusion in pidfd_setns_test.c 2020-10-27 17:04:01 -06:00
powerpc powerpc updates for 5.13 2021-04-30 12:22:28 -07:00
prctl
proc selftests: proc: fix warning: _GNU_SOURCE redefined 2020-11-05 10:08:14 -07:00
pstore
ptp
ptrace selftests: Add missing gitignore entries 2020-09-23 10:19:25 -06:00
rcutorture Merge branches 'bitmaprange.2021.03.08a', 'fixes.2021.03.15a', 'kvfree_rcu.2021.03.08a', 'mmdumpobj.2021.03.08a', 'nocb.2021.03.15a', 'poll.2021.03.24a', 'rt.2021.03.08a', 'tasks.2021.03.08a', 'torture.2021.03.08a' and 'torturescript.2021.03.22a' into HEAD 2021-03-24 17:20:18 -07:00
resctrl selftests/resctrl: Change a few printed messages 2021-04-07 16:37:49 -06:00
rseq rseq/selftests: Fix MEMBARRIER_CMD_PRIVATE_EXPEDITED_RSEQ build error under other arch. 2020-12-07 14:09:45 -07:00
rtc
safesetid
seccomp kconfig for kcmp syscall 2021-02-22 17:15:30 -08:00
sgx x86/sgx: Expose SGX architectural definitions to the kernel 2021-04-06 09:43:41 +02:00
sigaltstack
size
sparc64
splice selftests: splice: Check behavior of full and short splices 2020-08-07 10:50:11 -07:00
static_keys
sync
syscall_user_dispatch entry: Use different define for selector variable in SUD 2021-02-06 00:21:42 +01:00
sysctl
tc-testing tc-testing: add simple action test to verify batch change cleanup 2021-04-08 13:50:14 -07:00
timens selftests/timens: Fix gettime_perf to work on powerpc 2021-04-21 22:52:32 +10:00
timers selftests/timers: Fix spelling mistake "clocksourc" -> "clocksource" 2021-03-26 11:37:17 -06:00
tmpfs
tpm2
uevent
user
vDSO selftests/vDSO: fix ABI selftest on riscv 2021-02-08 16:38:34 -07:00
vm vm/test_vmalloc.sh: adapt for updated driver interface 2021-04-30 11:20:40 -07:00
watchdog
wireguard wireguard: selftests: test multiple parallel streams 2021-02-23 15:54:07 -08:00
x86 selftests/x86: Add a missing .note.GNU-stack section to thunks_32.S 2021-03-18 11:05:14 +01:00
zram
.gitignore
gen_kselftest_tar.sh
kselftest_deps.sh selftests: remove obsolete gpio references from kselftest_deps.sh 2021-02-15 11:43:28 +01:00
kselftest_harness.h selftests: kselftest_harness.h: partially fix kernel-doc markups 2021-01-21 14:06:00 -07:00
kselftest_install.sh
kselftest_module.h kselftest: add support for skipped tests 2021-02-15 11:07:42 +01:00
kselftest.h linux-kselftest-5.9-rc1 2020-08-05 10:28:25 -07:00
lib.mk Networking changes for 5.13. 2021-04-29 11:57:23 -07:00
Makefile selftests/landlock: Add user space tests 2021-04-22 12:22:11 -07:00
run_kselftest.sh selftests/run_kselftest.sh: fix dry-run typo 2020-11-10 14:51:39 -07:00