• Linus Torvalds's avatar
    Merge tag 'landlock-6.2-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/mic/linux · 299e2b19
    Linus Torvalds authored
    Pull landlock updates from Mickaël Salaün:
     "This adds file truncation support to Landlock, contributed by Günther
      Noack. As described by Günther [1], the goal of these patches is to
      work towards a more complete coverage of file system operations that
      are restrictable with Landlock.
    
      The known set of currently unsupported file system operations in
      Landlock is described at [2]. Out of the operations listed there,
      truncate is the only one that modifies file contents, so these patches
      should make it possible to prevent the direct modification of file
      contents with Landlock.
    
      The new LANDLOCK_ACCESS_FS_TRUNCATE access right covers both the
      truncate(2) and ftruncate(2) families of syscalls, as well as open(2)
      with the O_TRUNC flag. This includes usages of creat() in the case
      where existing regular files are overwritten.
    
      Additionally, this introduces a new Landlock security blob associated
      with opened files, to track the available Landlock access rights at
      the time of opening the file. This is in line with Unix's general
      approach of checking the read and write permissions during open(), and
      associating this previously checked authorization with the opened
      file. An ongoing patch documents this use case [3].
    
      In order to treat truncate(2) and ftruncate(2) calls differently in an
      LSM hook, we split apart the existing security_path_truncate hook into
      security_path_truncate (for truncation by path) and
      security_file_truncate (for truncation of previously opened files)"
    
    Link: https://lore.kernel.org/r/20221018182216.301684-1-gnoack3000@gmail.com [1]
    Link: https://www.kernel.org/doc/html/v6.1/userspace-api/landlock.html#filesystem-flags [2]
    Link: https://lore.kernel.org/r/20221209193813.972012-1-mic@digikod.net [3]
    
    * tag 'landlock-6.2-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/mic/linux:
      samples/landlock: Document best-effort approach for LANDLOCK_ACCESS_FS_REFER
      landlock: Document Landlock's file truncation support
      samples/landlock: Extend sample tool to support LANDLOCK_ACCESS_FS_TRUNCATE
      selftests/landlock: Test ftruncate on FDs created by memfd_create(2)
      selftests/landlock: Test FD passing from restricted to unrestricted processes
      selftests/landlock: Locally define __maybe_unused
      selftests/landlock: Test open() and ftruncate() in multiple scenarios
      selftests/landlock: Test file truncation support
      landlock: Support file truncation
      landlock: Document init_layer_masks() helper
      landlock: Refactor check_access_path_dual() into is_access_to_paths_allowed()
      security: Create file_truncate hook from path_truncate hook
    299e2b19
lsm.c 50.9 KB