Re: [PATCH v30 00/12] Landlock LSM

2021-03-19 Thread Mickaël Salaün 


On 19/03/2021 00:26, James Morris wrote:
> I've queued this patchset here:
> 
> git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security.git 
> landlock_lsm
> 
> and pulled it into next-testing, which will get it coverage in linux-next.
> 
> All going well, I'll aim to push this to Linus in the next merge window. 
> More review and testing during that time will be helpful.

Good, thanks! The syzkaller changes are now merged and up-to-date with
linux-next:
https://github.com/google/syzkaller/commits/3d01c4de549b4e4bddba6102715c212bbcff2fbb

Re: [PATCH v30 00/12] Landlock LSM

2021-03-18 Thread James Morris 
I've queued this patchset here:

git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security.git 
landlock_lsm

and pulled it into next-testing, which will get it coverage in linux-next.

All going well, I'll aim to push this to Linus in the next merge window. 
More review and testing during that time will be helpful.


-- 
James Morris

[PATCH v30 00/12] Landlock LSM

2021-03-16 Thread Mickaël Salaün 
Hi,

This patch series is mainly a rebase on top of v5.12-rc3 and a
synchronization with the new mount_setattr(2).  A light cleanup of
hook_sb_delete() and new tests are also included.

The SLOC count is 1329 for security/landlock/ and 2556 for
tools/testing/selftest/landlock/ .  Test coverage for security/landlock/
is 93.6% of lines.  The code not covered only deals with internal kernel
errors (e.g. memory allocation) and race conditions.  This series is
being fuzzed by syzkaller (which may cover internal kernel errors), and
patches are on their way: https://github.com/google/syzkaller/pull/2380

The compiled documentation is available here:
https://landlock.io/linux-doc/landlock-v30/userspace-api/landlock.html

This series can be applied on top of v5.12-rc3 .  This can be tested with
CONFIG_SECURITY_LANDLOCK, CONFIG_SAMPLE_LANDLOCK and by prepending
"landlock," to CONFIG_LSM.  This patch series can be found in a Git
repository here:
https://github.com/landlock-lsm/linux/commits/landlock-v30
This patch series seems ready for upstream and I would really appreciate
final reviews.


Landlock LSM


The goal of Landlock is to enable to restrict ambient rights (e.g.
global filesystem access) for a set of processes.  Because Landlock is a
stackable LSM [1], it makes possible to create safe security sandboxes
as new security layers in addition to the existing system-wide
access-controls. This kind of sandbox is expected to help mitigate the
security impact of bugs or unexpected/malicious behaviors in user-space
applications. Landlock empowers any process, including unprivileged
ones, to securely restrict themselves.

Landlock is inspired by seccomp-bpf but instead of filtering syscalls
and their raw arguments, a Landlock rule can restrict the use of kernel
objects like file hierarchies, according to the kernel semantic.
Landlock also takes inspiration from other OS sandbox mechanisms: XNU
Sandbox, FreeBSD Capsicum or OpenBSD Pledge/Unveil.

In this current form, Landlock misses some access-control features.
This enables to minimize this patch series and ease review.  This series
still addresses multiple use cases, especially with the combined use of
seccomp-bpf: applications with built-in sandboxing, init systems,
security sandbox tools and security-oriented APIs [2].

[1] 
https://lore.kernel.org/lkml/50db058a-7dde-441b-a7f9-f6837fe8b...@schaufler-ca.com/
[2] 
https://lore.kernel.org/lkml/f646e1c7-33cf-333f-070c-0a40ad046...@digikod.net/

Previous versions:
v29: https://lore.kernel.org/lkml/20210225190614.2181147-1-...@digikod.net/
v28: https://lore.kernel.org/lkml/20210202162710.657398-1-...@digikod.net/
v27: https://lore.kernel.org/lkml/20210121205119.793296-1-...@digikod.net/
v26: https://lore.kernel.org/lkml/20201209192839.1396820-1-...@digikod.net/
v25: https://lore.kernel.org/lkml/20201201192322.213239-1-...@digikod.net/
v24: https://lore.kernel.org/lkml/20201112205141.775752-1-...@digikod.net/
v23: https://lore.kernel.org/lkml/20201103182109.1014179-1-...@digikod.net/
v22: https://lore.kernel.org/lkml/20201027200358.557003-1-...@digikod.net/
v21: https://lore.kernel.org/lkml/20201008153103.1155388-1-...@digikod.net/
v20: https://lore.kernel.org/lkml/20200802215903.91936-1-...@digikod.net/
v19: https://lore.kernel.org/lkml/20200707180955.53024-1-...@digikod.net/
v18: https://lore.kernel.org/lkml/20200526205322.23465-1-...@digikod.net/
v17: https://lore.kernel.org/lkml/20200511192156.1618284-1-...@digikod.net/
v16: https://lore.kernel.org/lkml/20200416103955.145757-1-...@digikod.net/
v15: https://lore.kernel.org/lkml/20200326202731.693608-1-...@digikod.net/
v14: https://lore.kernel.org/lkml/20200224160215.4136-1-...@digikod.net/
v13: https://lore.kernel.org/lkml/20191104172146.30797-1-...@digikod.net/
v12: https://lore.kernel.org/lkml/20191031164445.29426-1-...@digikod.net/
v11: https://lore.kernel.org/lkml/20191029171505.6650-1-...@digikod.net/
v10: https://lore.kernel.org/lkml/20190721213116.23476-1-...@digikod.net/
v9: https://lore.kernel.org/lkml/20190625215239.11136-1-...@digikod.net/
v8: https://lore.kernel.org/lkml/20180227004121.3633-1-...@digikod.net/
v7: https://lore.kernel.org/lkml/20170821000933.13024-1-...@digikod.net/
v6: https://lore.kernel.org/lkml/20170328234650.19695-1-...@digikod.net/
v5: https://lore.kernel.org/lkml/20170222012632.4196-1-...@digikod.net/
v4: https://lore.kernel.org/lkml/20161026065654.19166-1-...@digikod.net/
v3: https://lore.kernel.org/lkml/20160914072415.26021-1-...@digikod.net/
v2: 
https://lore.kernel.org/lkml/1472121165-29071-1-git-send-email-...@digikod.net/
v1: 
https://lore.kernel.org/kernel-hardening/1458784008-16277-1-git-send-email-...@digikod.net/

Casey Schaufler (1):
  LSM: Infrastructure management of the superblock

Mickaël Salaün (11):
  landlock: Add object management
  landlock: Add ruleset and domain management
  landlock: Set up the security framework and manage credentials
  landlock: Add ptrace restrictions
  fs,security: Add sb_delete