diff options
| author | Mickaël Salaün <mic@linux.microsoft.com> | 2021-01-05 20:19:49 +0100 |
|---|---|---|
| committer | Dmitry Vyukov <dvyukov@google.com> | 2021-03-19 16:08:51 +0100 |
| commit | e101f6b4ca824f8bf4b0bbf376ff6ced9378271e (patch) | |
| tree | 320fc44d0fd2dd8d5df1c9dc588c5977c1232943 /sys/linux | |
| parent | a2e07427ccd476b741d2c97f4715e99cf6e700ef (diff) | |
sys/linux: add Landlock syscalls
Based on Linux next-20210319:
https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=f00397ee41c79b6155b9b44abd0055b2c0621349
Co-developed-by: Vincent Dagonneau <vincent.dagonneau@ssi.gouv.fr>
Signed-off-by: Vincent Dagonneau <vincent.dagonneau@ssi.gouv.fr>
Signed-off-by: Mickaël Salaün <mic@linux.microsoft.com>
Diffstat (limited to 'sys/linux')
| -rw-r--r-- | sys/linux/landlock.txt | 21 | ||||
| -rw-r--r-- | sys/linux/landlock.txt.const | 19 |
2 files changed, 40 insertions, 0 deletions
diff --git a/sys/linux/landlock.txt b/sys/linux/landlock.txt new file mode 100644 index 000000000..c3d03d96a --- /dev/null +++ b/sys/linux/landlock.txt @@ -0,0 +1,21 @@ +# Copyright 2021 syzkaller project authors. All rights reserved. +# Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file. + +include <uapi/linux/landlock.h> + +resource fd_ruleset[fd] + +landlock_create_ruleset(attr ptr[in, landlock_ruleset_attr], size bytesize[attr], flags const[0]) fd_ruleset +landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(ruleset_fd fd_ruleset, rule_type const[LANDLOCK_RULE_PATH_BENEATH], rule_attr ptr[in, landlock_path_beneath_attr], flags const[0]) +landlock_restrict_self(ruleset_fd fd_ruleset, flags const[0]) + +landlock_ruleset_attr { + handled_fs_access flags[landlock_access_flags, int64] +} + +landlock_path_beneath_attr { + allowed_access flags[landlock_access_flags, int64] + parent_fd fd +} [packed] + +landlock_access_flags = LANDLOCK_ACCESS_FS_EXECUTE, LANDLOCK_ACCESS_FS_MAKE_BLOCK, LANDLOCK_ACCESS_FS_MAKE_CHAR, LANDLOCK_ACCESS_FS_MAKE_DIR, LANDLOCK_ACCESS_FS_MAKE_FIFO, LANDLOCK_ACCESS_FS_MAKE_REG, LANDLOCK_ACCESS_FS_MAKE_SOCK, LANDLOCK_ACCESS_FS_MAKE_SYM, LANDLOCK_ACCESS_FS_READ_DIR, LANDLOCK_ACCESS_FS_READ_FILE, LANDLOCK_ACCESS_FS_REMOVE_DIR, LANDLOCK_ACCESS_FS_REMOVE_FILE, LANDLOCK_ACCESS_FS_WRITE_FILE diff --git a/sys/linux/landlock.txt.const b/sys/linux/landlock.txt.const new file mode 100644 index 000000000..bf0609781 --- /dev/null +++ b/sys/linux/landlock.txt.const @@ -0,0 +1,19 @@ +# Code generated by syz-sysgen. DO NOT EDIT. +arches = 386, amd64, arm, arm64, mips64le, ppc64le, riscv64, s390x +LANDLOCK_ACCESS_FS_EXECUTE = 1 +LANDLOCK_ACCESS_FS_MAKE_BLOCK = 2048 +LANDLOCK_ACCESS_FS_MAKE_CHAR = 64 +LANDLOCK_ACCESS_FS_MAKE_DIR = 128 +LANDLOCK_ACCESS_FS_MAKE_FIFO = 1024 +LANDLOCK_ACCESS_FS_MAKE_REG = 256 +LANDLOCK_ACCESS_FS_MAKE_SOCK = 512 +LANDLOCK_ACCESS_FS_MAKE_SYM = 4096 +LANDLOCK_ACCESS_FS_READ_DIR = 8 +LANDLOCK_ACCESS_FS_READ_FILE = 4 +LANDLOCK_ACCESS_FS_REMOVE_DIR = 16 +LANDLOCK_ACCESS_FS_REMOVE_FILE = 32 +LANDLOCK_ACCESS_FS_WRITE_FILE = 2 +LANDLOCK_RULE_PATH_BENEATH = 1 +__NR_landlock_add_rule = 445, mips64le:5445 +__NR_landlock_create_ruleset = 444, mips64le:5444 +__NR_landlock_restrict_self = 446, mips64le:5446 |