Please send inline patches, and don't forget to set the patch series
version. Because the difference with the previous series is only about
formatting, I'l only review the previous one.
On Fri, Jul 05, 2024 at 12:58:10PM -0600, Tahera Fahimi wrote:
> This patch series introduces the optional scoping of abstract unix
> sockets. This feature aims to scope the connection of an abstract socket
> from a sandbox process to other sockets outside of the sandbox domain.
> (see [1, 2])
>
> The following changes are included in this series:
> [PATCH 1/2]: Introduce the "scoped" field to the ruleset structure in
> the user space interface, and add the restriction
> mechanism to Landlock.
> [PATCH 2/2]: Add three comprehensive tests for the new feature.
>
> Tahera Fahimi (2):
> Landlock: Add abstract unix socket connect restriction
> Landlock: Abstract unix socket restriction tests
>
> include/uapi/linux/landlock.h | 29 +
> security/landlock/limits.h | 3 +
> security/landlock/ruleset.c | 7 +-
> security/landlock/ruleset.h | 23 +-
> security/landlock/syscalls.c | 12 +-
> security/landlock/task.c | 62 ++
> .../testing/selftests/landlock/ptrace_test.c | 786 ++++++++++++++++++
> 7 files changed, 916 insertions(+), 6 deletions(-)
>
> [1]: https://lore.kernel.org/all/20231023.ahphah4Wii4v@digikod.net/
> [2]: https://lore.kernel.org/all/20231102.MaeWaepav8nu@digikod.net/
> --
> 2.34.1
>