github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-05-15 01:43:11 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity
54a6e6bbf3
linux/tools/testing
History
Tahera Fahimi 54a6e6bbf3
landlock: Add signal scoping 
Currently, a sandbox process is not restricted to sending a signal (e.g.
SIGKILL) to a process outside the sandbox environment.  The ability to
send a signal for a sandboxed process should be scoped the same way
abstract UNIX sockets are scoped. Therefore, we extend the "scoped"
field in a ruleset with LANDLOCK_SCOPE_SIGNAL to specify that a ruleset
will deny sending any signal from within a sandbox process to its parent
(i.e. any parent sandbox or non-sandboxed processes).

This patch adds file_set_fowner and file_free_security hooks to set and
release a pointer to the file owner's domain. This pointer, fown_domain
in landlock_file_security will be used in file_send_sigiotask to check
if the process can send a signal.

The ruleset_with_unknown_scope test is updated to support
LANDLOCK_SCOPE_SIGNAL.

This depends on two new changes:
- commit 1934b21261 ("file: reclaim 24 bytes from f_owner"): replace
  container_of(fown, struct file, f_owner) with fown->file .
- commit 26f204380a ("fs: Fix file_set_fowner LSM hook
  inconsistencies"): lock before calling the hook.

Signed-off-by: Tahera Fahimi <fahimitahera@gmail.com>
Closes: https://github.com/landlock-lsm/linux/issues/8
Link: https://lore.kernel.org/r/df2b4f880a2ed3042992689a793ea0951f6798a5.1725657727.git.fahimitahera@gmail.com
[mic: Update landlock_get_current_domain()'s return type, improve and
fix locking in hook_file_set_fowner(), simplify and fix sleepable call
and locking issue in hook_file_send_sigiotask() and rebase on the latest
VFS tree, simplify hook_task_kill() and quickly return when not
sandboxed, improve comments, rename LANDLOCK_SCOPED_SIGNAL]
Co-developed-by: Mickaël Salaün <mic@digikod.net>
Signed-off-by: Mickaël Salaün <mic@digikod.net>
2024-09-16 23:50:52 +02:00
..
crypto/chacha20-s390
cxl cxl/test: Skip cxl_setup_parent_dport() for emulated dports 2024-08-09 15:14:12 -07:00
fault-injection
ktest ktest: force $buildonly = 1 for 'make_warnings_file' test type 2024-03-15 12:36:19 -04:00
kunit RISC-V SoC Kconfig Updates for v6.10 2024-05-07 11:02:56 +02:00
memblock memblock tests: add memblock_overlaps_region_checks 2024-06-05 10:22:22 +03:00
nvdimm testing: nvdimm: Add MODULE_DESCRIPTION() macros 2024-06-17 18:43:08 -05:00
radix-tree bitmap-6.11-rc1 2024-07-26 09:50:36 -07:00
scatterlist
selftests landlock: Add signal scoping 2024-09-16 23:50:52 +02:00
vsock test/vsock: add ioctl unsent bytes test 2024-08-02 09:20:28 +01:00