• M
    landlock: Enable user space to infer supported features · 3532b0b4
    Mickaël Salaün 提交于
    Add a new flag LANDLOCK_CREATE_RULESET_VERSION to
    landlock_create_ruleset(2).  This enables to retreive a Landlock ABI
    version that is useful to efficiently follow a best-effort security
    approach.  Indeed, it would be a missed opportunity to abort the whole
    sandbox building, because some features are unavailable, instead of
    protecting users as much as possible with the subset of features
    provided by the running kernel.
    
    This new flag enables user space to identify the minimum set of Landlock
    features supported by the running kernel without relying on a filesystem
    interface (e.g. /proc/version, which might be inaccessible) nor testing
    multiple syscall argument combinations (i.e. syscall bisection).  New
    Landlock features will be documented and tied to a minimum version
    number (greater than 1).  The current version will be incremented for
    each new kernel release supporting new Landlock features.  User space
    libraries can leverage this information to seamlessly restrict processes
    as much as possible while being compatible with newer APIs.
    
    This is a much more lighter approach than the previous
    landlock_get_features(2): the complexity is pushed to user space
    libraries.  This flag meets similar needs as securityfs versions:
    selinux/policyvers, apparmor/features/*/version* and tomoyo/version.
    
    Supporting this flag now will be convenient for backward compatibility.
    
    Cc: Arnd Bergmann <arnd@arndb.de>
    Cc: James Morris <jmorris@namei.org>
    Cc: Jann Horn <jannh@google.com>
    Cc: Kees Cook <keescook@chromium.org>
    Cc: Serge E. Hallyn <serge@hallyn.com>
    Signed-off-by: NMickaël Salaün <mic@linux.microsoft.com>
    Link: https://lore.kernel.org/r/20210422154123.13086-14-mic@digikod.netSigned-off-by: NJames Morris <jamorris@linux.microsoft.com>
    3532b0b4
syscalls.c 12.7 KB