diff options
| -rw-r--r-- | AUTHORS | 1 | ||||
| -rw-r--r-- | CONTRIBUTORS | 2 | ||||
| -rw-r--r-- | sys/linux/landlock.txt | 21 | ||||
| -rw-r--r-- | sys/linux/landlock.txt.const | 19 |
4 files changed, 43 insertions, 0 deletions
@@ -44,3 +44,4 @@ Christian Brauner Johannes Wellhöfer Microsoft Corporation Muhammad Usama Anjum +ANSSI diff --git a/CONTRIBUTORS b/CONTRIBUTORS index 0db8c5126..f94409fb8 100644 --- a/CONTRIBUTORS +++ b/CONTRIBUTORS @@ -88,3 +88,5 @@ Christian Brauner Johannes Wellhöfer Microsoft Corporation Mickaël Salaün +ANSSI + Vincent Dagonneau diff --git a/sys/linux/landlock.txt b/sys/linux/landlock.txt new file mode 100644 index 000000000..c3d03d96a --- /dev/null +++ b/sys/linux/landlock.txt @@ -0,0 +1,21 @@ +# Copyright 2021 syzkaller project authors. All rights reserved. +# Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file. + +include <uapi/linux/landlock.h> + +resource fd_ruleset[fd] + +landlock_create_ruleset(attr ptr[in, landlock_ruleset_attr], size bytesize[attr], flags const[0]) fd_ruleset +landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(ruleset_fd fd_ruleset, rule_type const[LANDLOCK_RULE_PATH_BENEATH], rule_attr ptr[in, landlock_path_beneath_attr], flags const[0]) +landlock_restrict_self(ruleset_fd fd_ruleset, flags const[0]) + +landlock_ruleset_attr { + handled_fs_access flags[landlock_access_flags, int64] +} + +landlock_path_beneath_attr { + allowed_access flags[landlock_access_flags, int64] + parent_fd fd +} [packed] + +landlock_access_flags = LANDLOCK_ACCESS_FS_EXECUTE, LANDLOCK_ACCESS_FS_MAKE_BLOCK, LANDLOCK_ACCESS_FS_MAKE_CHAR, LANDLOCK_ACCESS_FS_MAKE_DIR, LANDLOCK_ACCESS_FS_MAKE_FIFO, LANDLOCK_ACCESS_FS_MAKE_REG, LANDLOCK_ACCESS_FS_MAKE_SOCK, LANDLOCK_ACCESS_FS_MAKE_SYM, LANDLOCK_ACCESS_FS_READ_DIR, LANDLOCK_ACCESS_FS_READ_FILE, LANDLOCK_ACCESS_FS_REMOVE_DIR, LANDLOCK_ACCESS_FS_REMOVE_FILE, LANDLOCK_ACCESS_FS_WRITE_FILE diff --git a/sys/linux/landlock.txt.const b/sys/linux/landlock.txt.const new file mode 100644 index 000000000..bf0609781 --- /dev/null +++ b/sys/linux/landlock.txt.const @@ -0,0 +1,19 @@ +# Code generated by syz-sysgen. DO NOT EDIT. +arches = 386, amd64, arm, arm64, mips64le, ppc64le, riscv64, s390x +LANDLOCK_ACCESS_FS_EXECUTE = 1 +LANDLOCK_ACCESS_FS_MAKE_BLOCK = 2048 +LANDLOCK_ACCESS_FS_MAKE_CHAR = 64 +LANDLOCK_ACCESS_FS_MAKE_DIR = 128 +LANDLOCK_ACCESS_FS_MAKE_FIFO = 1024 +LANDLOCK_ACCESS_FS_MAKE_REG = 256 +LANDLOCK_ACCESS_FS_MAKE_SOCK = 512 +LANDLOCK_ACCESS_FS_MAKE_SYM = 4096 +LANDLOCK_ACCESS_FS_READ_DIR = 8 +LANDLOCK_ACCESS_FS_READ_FILE = 4 +LANDLOCK_ACCESS_FS_REMOVE_DIR = 16 +LANDLOCK_ACCESS_FS_REMOVE_FILE = 32 +LANDLOCK_ACCESS_FS_WRITE_FILE = 2 +LANDLOCK_RULE_PATH_BENEATH = 1 +__NR_landlock_add_rule = 445, mips64le:5445 +__NR_landlock_create_ruleset = 444, mips64le:5444 +__NR_landlock_restrict_self = 446, mips64le:5446 |