e1b061b444
-----BEGIN PGP SIGNATURE----- iIYEABYKAC4WIQSVyBthFV4iTW/VU1/l49DojIL20gUCZvGpchAcbWljQGRpZ2lr b2QubmV0AAoJEOXj0OiMgvbSTzMBAIpcYKf75IyC4DXqiXlko508YdyI2YfYeWdd 5yVZbSHgAP0aEFO4AOvJ26pPlGF+8zVIHq+HNAhrAalZBulxASePCA== =nsAF -----END PGP SIGNATURE----- Merge tag 'landlock-6.12-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/mic/linux Pull landlock updates from Mickaël Salaün: "We can now scope a Landlock domain thanks to a new "scoped" field that can deny interactions with resources outside of this domain. The LANDLOCK_SCOPE_ABSTRACT_UNIX_SOCKET flag denies connections to an abstract UNIX socket created outside of the current scoped domain, and the LANDLOCK_SCOPE_SIGNAL flag denies sending a signal to processes outside of the current scoped domain. These restrictions also apply to nested domains according to their scope. The related changes will also be useful to support other kind of IPC isolations" * tag 'landlock-6.12-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/mic/linux: landlock: Document LANDLOCK_SCOPE_SIGNAL samples/landlock: Add support for signal scoping selftests/landlock: Test signal created by out-of-bound message selftests/landlock: Test signal scoping for threads selftests/landlock: Test signal scoping landlock: Add signal scoping landlock: Document LANDLOCK_SCOPE_ABSTRACT_UNIX_SOCKET samples/landlock: Add support for abstract UNIX socket scoping selftests/landlock: Test inherited restriction of abstract UNIX socket selftests/landlock: Test connected and unconnected datagram UNIX socket selftests/landlock: Test UNIX sockets with any address formats selftests/landlock: Test abstract UNIX socket scoping selftests/landlock: Test handling of unknown scope landlock: Add abstract UNIX socket scoping |
||
---|---|---|
.. | ||
accelerators | ||
ebpf | ||
gpio | ||
ioctl | ||
media | ||
netlink | ||
dcdbas.rst | ||
dma-buf-alloc-exchange.rst | ||
ELF.rst | ||
futex2.rst | ||
index.rst | ||
iommufd.rst | ||
isapnp.rst | ||
landlock.rst | ||
lsm.rst | ||
mfd_noexec.rst | ||
mseal.rst | ||
no_new_privs.rst | ||
perf_ring_buffer.rst | ||
seccomp_filter.rst | ||
spec_ctrl.rst | ||
sysfs-platform_profile.rst | ||
tee.rst | ||
unshare.rst | ||
vduse.rst |