Linux kernel stable tree (mirror) https://git.radix-linux.su/kernel/linux.git/atom?h=v6.6.132 2025-02-08T08:51:57+00:00 2025-02-08T08:51:57+00:00 Zichen Xie zichenxie0106@gmail.com 2024-11-28T03:29:56+00:00 urn:sha1:9450b3c3c4ff26e03090d95dc653246cce9cddfc [ Upstream commit 078bf9438a31567e2c0587159ccefde835fb1ced ] malloc() may return NULL, leading to NULL dereference. Add a NULL check. Fixes: ba84b0bf5a16 ("samples/landlock: Add a sandbox manager example") Signed-off-by: Zichen Xie <zichenxie0106@gmail.com> Link: https://lore.kernel.org/r/20241128032955.11711-1-zichenxie0106@gmail.com [mic: Simplify fix] Signed-off-by: Mickaël Salaün <mic@digikod.net> Signed-off-by: Sasha Levin <sashal@kernel.org> 2022-11-07T19:49:50+00:00 Günther Noack gnoack3000@gmail.com 2022-11-07T18:16:51+00:00 urn:sha1:f6e53fb2d7bd70547ba53232415976cb70ad6d97 Add a comment to clarify how to handle best-effort backwards compatibility for LANDLOCK_ACCESS_FS_REFER. The "refer" access is special because these operations are always forbidden in ABI 1, unlike most other operations, which are permitted when using Landlock ABI levels where they are not supported yet. Signed-off-by: Günther Noack <gnoack3000@gmail.com> Link: https://lore.kernel.org/r/20221107181651.4555-1-gnoack3000@gmail.com Signed-off-by: Mickaël Salaün <mic@digikod.net> 2022-10-19T07:01:47+00:00 Günther Noack gnoack3000@gmail.com 2022-10-18T18:22:15+00:00 urn:sha1:faeb9197669c23d983f6485d278b20f0194432f4 Update the sandboxer sample to restrict truncate actions. This is automatically enabled by default if the running kernel supports LANDLOCK_ACCESS_FS_TRUNCATE, except for the paths listed in the LL_FS_RW environment variable. Signed-off-by: Günther Noack <gnoack3000@gmail.com> Link: https://lore.kernel.org/r/20221018182216.301684-11-gnoack3000@gmail.com Signed-off-by: Mickaël Salaün <mic@digikod.net> 2022-09-29T16:43:01+00:00 Mickaël Salaün mic@digikod.net 2022-09-23T15:42:05+00:00 urn:sha1:903cfe8a7aa8894ae60ef47a9c011e551d7bafef Extend the help with the latest Landlock ABI version supported by the sandboxer. Inform users about the sandboxer or the kernel not being up-to-date. Make the version check code easier to update and harder to misuse. Cc: Paul Moore <paul@paul-moore.com> Signed-off-by: Mickaël Salaün <mic@digikod.net> Reviewed-by: Günther Noack <gnoack3000@gmail.com> Link: https://lore.kernel.org/r/20220923154207.3311629-2-mic@digikod.net 2022-05-23T11:28:00+00:00 Mickaël Salaün mic@digikod.net 2022-05-06T16:10:59+00:00 urn:sha1:76b902f874ff4de9c1078489d4c7678a64105ea6 Add LANDLOCK_ACCESS_FS_REFER to the "roughly write" access rights and leverage the Landlock ABI version to only try to enforce it if it is supported by the running kernel. Reviewed-by: Paul Moore <paul@paul-moore.com> Signed-off-by: Mickaël Salaün <mic@digikod.net> Link: https://lore.kernel.org/r/20220506161102.525323-10-mic@digikod.net 2022-05-23T11:27:46+00:00 Mickaël Salaün mic@digikod.net 2022-05-06T16:05:13+00:00 urn:sha1:81709f3dccacf4104a4bc2daa80bdd767a9c4c54 Let's follow a consistent and documented coding style. Everything may not be to our liking but it is better than tacit knowledge. Moreover, this will help maintain style consistency between different developers. This contains only whitespace changes. Automatically formatted with: clang-format-14 -i samples/landlock/*.[ch] Link: https://lore.kernel.org/r/20220506160513.523257-8-mic@digikod.net Cc: stable@vger.kernel.org Signed-off-by: Mickaël Salaün <mic@digikod.net> 2022-05-23T11:27:46+00:00 Mickaël Salaün mic@digikod.net 2022-05-06T16:05:12+00:00 urn:sha1:9805a722db071e1772b80e6e0ff33f35355639ac In preparation to a following commit, add clang-format on and clang-format off stanzas around constant definitions. This enables to keep aligned values, which is much more readable than packed definitions. Link: https://lore.kernel.org/r/20220506160513.523257-7-mic@digikod.net Cc: stable@vger.kernel.org Signed-off-by: Mickaël Salaün <mic@digikod.net> 2022-02-04T13:07:39+00:00 Tom Rix trix@redhat.com 2021-04-28T21:38:52+00:00 urn:sha1:66b513b7c64a7290c1fbb88e657f7cece992e131 Clang static analysis reports this error sandboxer.c:134:8: warning: Potential leak of memory pointed to by 'path_list' ret = 0; ^ path_list is allocated in parse_path() but never freed. Signed-off-by: Tom Rix <trix@redhat.com> Link: https://lore.kernel.org/r/20210428213852.2874324-1-trix@redhat.com Cc: stable@vger.kernel.org Signed-off-by: Mickaël Salaün <mic@linux.microsoft.com> 2021-04-22T19:22:11+00:00 Mickaël Salaün mic@linux.microsoft.com 2021-04-22T15:41:21+00:00 urn:sha1:ba84b0bf5a164f0f523656c1e37568c30f3f3303 Add a basic sandbox tool to launch a command which can only access a list of file hierarchies in a read-only or read-write way. Cc: James Morris <jmorris@namei.org> Cc: Serge E. Hallyn <serge@hallyn.com> Signed-off-by: Mickaël Salaün <mic@linux.microsoft.com> Reviewed-by: Jann Horn <jannh@google.com> Reviewed-by: Kees Cook <keescook@chromium.org> Link: https://lore.kernel.org/r/20210422154123.13086-12-mic@digikod.net Signed-off-by: James Morris <jamorris@linux.microsoft.com>