WSL2-Linux-Kernel/security
Mickaël Salaün a6c13d23d9 landlock: Warn once if a Landlock action is requested while disabled
[ Upstream commit 782191c74875cc33b50263e21d76080b1411884d ]

Because sandboxing can be used as an opportunistic security measure,
user space may not log unsupported features.  Let the system
administrator know if an application tries to use Landlock but failed
because it isn't enabled at boot time.  This may be caused by boot
loader configurations with outdated "lsm" kernel's command-line
parameter.

Cc: stable@vger.kernel.org
Fixes: 265885daf3 ("landlock: Add syscall implementations")
Reviewed-by: Kees Cook <keescook@chromium.org>
Reviewed-by: Günther Noack <gnoack3000@gmail.com>
Link: https://lore.kernel.org/r/20240227110550.3702236-2-mic@digikod.net
Signed-off-by: Mickaël Salaün <mic@digikod.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2024-04-10 16:18:39 +02:00
..
apparmor apparmor: avoid crash when parsed profile name is empty 2024-01-25 14:52:52 -08:00
bpf
integrity ima: detect changes to the backing overlay file 2023-11-28 16:56:29 +00:00
keys keys, dns: Allow key types (eg. DNS) to be reclaimed immediately on expiry 2024-01-05 15:13:30 +01:00
landlock landlock: Warn once if a Landlock action is requested while disabled 2024-04-10 16:18:39 +02:00
loadpin LoadPin: Ignore the "contents" argument of the LSM hooks 2022-12-31 13:14:45 +01:00
lockdown
safesetid
selinux lsm: new security_file_ioctl_compat() hook 2024-02-23 08:54:25 +01:00
smack smack: Handle SMACK64TRANSMUTE in smack_inode_setsecurity() 2024-04-10 16:18:34 +02:00
tomoyo tomoyo: fix UAF write bug in tomoyo_write_control() 2024-03-06 14:38:48 +00:00
yama
Kconfig x86/retbleed: Add fine grained Kconfig knobs 2022-07-23 12:54:10 +02:00
Kconfig.hardening security: Restrict CONFIG_ZERO_CALL_USED_REGS to gcc or clang > 15.0.6 2022-12-31 13:14:46 +01:00
Makefile security: remove unneeded subdir-$(CONFIG_...) 2021-09-03 08:17:20 +09:00
commoncap.c capabilities: fix potential memleak on error path from vfs_getxattr_alloc() 2022-11-10 18:15:39 +01:00
device_cgroup.c device_cgroup: Roll back to original exceptions after copy failure 2023-01-12 11:58:59 +01:00
inode.c
lsm_audit.c
min_addr.c
security.c lsm: fix the logic in security_inode_getsecctx() 2024-02-23 08:55:05 +01:00