From: "Mickaël Salaün" <mic@digikod.net>
To: musl@lists.openwall.com
Cc: "Mickaël Salaün" <mic@digikod.net>,
"Rich Felker" <dalias@aerifal.cx>,
landlock@lists.linux.dev,
"Mickaël Salaün" <mic@linux.microsoft.com>
Subject: [musl] [PATCH v1] bits/syscall.h: add landlock_* from linux v5.13
Date: Tue, 10 Aug 2021 17:54:06 +0200 [thread overview]
Message-ID: <20210810155406.2772584-1-mic@digikod.net> (raw)
From: Mickaël Salaün <mic@linux.microsoft.com>
Add three system calls for all architectures:
* landlock_create_ruleset
* landlock_add_rule
* landlock_restrict_self
They enable creating unprivileged security sandboxes, see
linux commit a49f4f81cb48925e8d7cbd9e59068f516e984144
arch: Wire up Landlock syscalls
https://www.kernel.org/doc/html/latest/userspace-api/landlock.html
Signed-off-by: Mickaël Salaün <mic@linux.microsoft.com>
Link: https://lore.kernel.org/r/20210810155406.2772584-1-mic@digikod.net
---
arch/aarch64/bits/syscall.h.in | 3 +++
arch/arm/bits/syscall.h.in | 3 +++
arch/i386/bits/syscall.h.in | 3 +++
arch/m68k/bits/syscall.h.in | 3 +++
arch/microblaze/bits/syscall.h.in | 3 +++
arch/mips/bits/syscall.h.in | 3 +++
arch/mips64/bits/syscall.h.in | 3 +++
arch/mipsn32/bits/syscall.h.in | 3 +++
arch/or1k/bits/syscall.h.in | 3 +++
arch/powerpc/bits/syscall.h.in | 3 +++
arch/powerpc64/bits/syscall.h.in | 3 +++
arch/riscv64/bits/syscall.h.in | 3 +++
arch/s390x/bits/syscall.h.in | 3 +++
arch/sh/bits/syscall.h.in | 3 +++
arch/x86_64/bits/syscall.h.in | 3 +++
15 files changed, 45 insertions(+)
diff --git a/arch/aarch64/bits/syscall.h.in b/arch/aarch64/bits/syscall.h.in
index 1ad467c0d32e..b94a1706994f 100644
--- a/arch/aarch64/bits/syscall.h.in
+++ b/arch/aarch64/bits/syscall.h.in
@@ -294,4 +294,7 @@
#define __NR_pidfd_getfd 438
#define __NR_faccessat2 439
#define __NR_process_madvise 440
+#define __NR_landlock_create_ruleset 444
+#define __NR_landlock_add_rule 445
+#define __NR_landlock_restrict_self 446
diff --git a/arch/arm/bits/syscall.h.in b/arch/arm/bits/syscall.h.in
index cf9e34117109..9364cb335022 100644
--- a/arch/arm/bits/syscall.h.in
+++ b/arch/arm/bits/syscall.h.in
@@ -394,6 +394,9 @@
#define __NR_pidfd_getfd 438
#define __NR_faccessat2 439
#define __NR_process_madvise 440
+#define __NR_landlock_create_ruleset 444
+#define __NR_landlock_add_rule 445
+#define __NR_landlock_restrict_self 446
#define __ARM_NR_breakpoint 0x0f0001
#define __ARM_NR_cacheflush 0x0f0002
diff --git a/arch/i386/bits/syscall.h.in b/arch/i386/bits/syscall.h.in
index 5d1c4d7a576d..1f45968c5ca4 100644
--- a/arch/i386/bits/syscall.h.in
+++ b/arch/i386/bits/syscall.h.in
@@ -431,4 +431,7 @@
#define __NR_pidfd_getfd 438
#define __NR_faccessat2 439
#define __NR_process_madvise 440
+#define __NR_landlock_create_ruleset 444
+#define __NR_landlock_add_rule 445
+#define __NR_landlock_restrict_self 446
diff --git a/arch/m68k/bits/syscall.h.in b/arch/m68k/bits/syscall.h.in
index 6794b1a06220..297b0923b3b2 100644
--- a/arch/m68k/bits/syscall.h.in
+++ b/arch/m68k/bits/syscall.h.in
@@ -411,3 +411,6 @@
#define __NR_pidfd_getfd 438
#define __NR_faccessat2 439
#define __NR_process_madvise 440
+#define __NR_landlock_create_ruleset 444
+#define __NR_landlock_add_rule 445
+#define __NR_landlock_restrict_self 446
diff --git a/arch/microblaze/bits/syscall.h.in b/arch/microblaze/bits/syscall.h.in
index 7f71df3b581c..637943b56a99 100644
--- a/arch/microblaze/bits/syscall.h.in
+++ b/arch/microblaze/bits/syscall.h.in
@@ -432,4 +432,7 @@
#define __NR_pidfd_getfd 438
#define __NR_faccessat2 439
#define __NR_process_madvise 440
+#define __NR_landlock_create_ruleset 444
+#define __NR_landlock_add_rule 445
+#define __NR_landlock_restrict_self 446
diff --git a/arch/mips/bits/syscall.h.in b/arch/mips/bits/syscall.h.in
index d54845b22890..bb7378dfa032 100644
--- a/arch/mips/bits/syscall.h.in
+++ b/arch/mips/bits/syscall.h.in
@@ -413,4 +413,7 @@
#define __NR_pidfd_getfd 4438
#define __NR_faccessat2 4439
#define __NR_process_madvise 4440
+#define __NR_landlock_create_ruleset 4444
+#define __NR_landlock_add_rule 4445
+#define __NR_landlock_restrict_self 4446
diff --git a/arch/mips64/bits/syscall.h.in b/arch/mips64/bits/syscall.h.in
index 920b43589d9e..028a30b5817e 100644
--- a/arch/mips64/bits/syscall.h.in
+++ b/arch/mips64/bits/syscall.h.in
@@ -343,4 +343,7 @@
#define __NR_pidfd_getfd 5438
#define __NR_faccessat2 5439
#define __NR_process_madvise 5440
+#define __NR_landlock_create_ruleset 5444
+#define __NR_landlock_add_rule 5445
+#define __NR_landlock_restrict_self 5446
diff --git a/arch/mipsn32/bits/syscall.h.in b/arch/mipsn32/bits/syscall.h.in
index e6dad6881f9c..d08f079bdb32 100644
--- a/arch/mipsn32/bits/syscall.h.in
+++ b/arch/mipsn32/bits/syscall.h.in
@@ -367,4 +367,7 @@
#define __NR_pidfd_getfd 6438
#define __NR_faccessat2 6439
#define __NR_process_madvise 6440
+#define __NR_landlock_create_ruleset 6444
+#define __NR_landlock_add_rule 6445
+#define __NR_landlock_restrict_self 6446
diff --git a/arch/or1k/bits/syscall.h.in b/arch/or1k/bits/syscall.h.in
index 463ee901a55d..495c36ce47b7 100644
--- a/arch/or1k/bits/syscall.h.in
+++ b/arch/or1k/bits/syscall.h.in
@@ -316,4 +316,7 @@
#define __NR_pidfd_getfd 438
#define __NR_faccessat2 439
#define __NR_process_madvise 440
+#define __NR_landlock_create_ruleset 444
+#define __NR_landlock_add_rule 445
+#define __NR_landlock_restrict_self 446
diff --git a/arch/powerpc/bits/syscall.h.in b/arch/powerpc/bits/syscall.h.in
index db4d0ca47c15..6a123c52aa7f 100644
--- a/arch/powerpc/bits/syscall.h.in
+++ b/arch/powerpc/bits/syscall.h.in
@@ -420,4 +420,7 @@
#define __NR_pidfd_getfd 438
#define __NR_faccessat2 439
#define __NR_process_madvise 440
+#define __NR_landlock_create_ruleset 444
+#define __NR_landlock_add_rule 445
+#define __NR_landlock_restrict_self 446
diff --git a/arch/powerpc64/bits/syscall.h.in b/arch/powerpc64/bits/syscall.h.in
index a128890b8f20..947c814a704b 100644
--- a/arch/powerpc64/bits/syscall.h.in
+++ b/arch/powerpc64/bits/syscall.h.in
@@ -392,4 +392,7 @@
#define __NR_pidfd_getfd 438
#define __NR_faccessat2 439
#define __NR_process_madvise 440
+#define __NR_landlock_create_ruleset 444
+#define __NR_landlock_add_rule 445
+#define __NR_landlock_restrict_self 446
diff --git a/arch/riscv64/bits/syscall.h.in b/arch/riscv64/bits/syscall.h.in
index 39c0d650b1c8..fbfa614d00c4 100644
--- a/arch/riscv64/bits/syscall.h.in
+++ b/arch/riscv64/bits/syscall.h.in
@@ -294,6 +294,9 @@
#define __NR_pidfd_getfd 438
#define __NR_faccessat2 439
#define __NR_process_madvise 440
+#define __NR_landlock_create_ruleset 444
+#define __NR_landlock_add_rule 445
+#define __NR_landlock_restrict_self 446
#define __NR_sysriscv __NR_arch_specific_syscall
#define __NR_riscv_flush_icache (__NR_sysriscv + 15)
diff --git a/arch/s390x/bits/syscall.h.in b/arch/s390x/bits/syscall.h.in
index 9c8d984ed25c..766b8daee2c2 100644
--- a/arch/s390x/bits/syscall.h.in
+++ b/arch/s390x/bits/syscall.h.in
@@ -357,4 +357,7 @@
#define __NR_pidfd_getfd 438
#define __NR_faccessat2 439
#define __NR_process_madvise 440
+#define __NR_landlock_create_ruleset 444
+#define __NR_landlock_add_rule 445
+#define __NR_landlock_restrict_self 446
diff --git a/arch/sh/bits/syscall.h.in b/arch/sh/bits/syscall.h.in
index 17dd7e07435a..aab269ea7cfd 100644
--- a/arch/sh/bits/syscall.h.in
+++ b/arch/sh/bits/syscall.h.in
@@ -404,4 +404,7 @@
#define __NR_pidfd_getfd 438
#define __NR_faccessat2 439
#define __NR_process_madvise 440
+#define __NR_landlock_create_ruleset 444
+#define __NR_landlock_add_rule 445
+#define __NR_landlock_restrict_self 446
diff --git a/arch/x86_64/bits/syscall.h.in b/arch/x86_64/bits/syscall.h.in
index e943883db974..9ddabc04b70e 100644
--- a/arch/x86_64/bits/syscall.h.in
+++ b/arch/x86_64/bits/syscall.h.in
@@ -350,4 +350,7 @@
#define __NR_pidfd_getfd 438
#define __NR_faccessat2 439
#define __NR_process_madvise 440
+#define __NR_landlock_create_ruleset 444
+#define __NR_landlock_add_rule 445
+#define __NR_landlock_restrict_self 446
base-commit: 3f701faace7addc75d16dea8a6cd769fa5b3f260
--
2.32.0
next reply other threads:[~2021-08-11 11:06 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-08-10 15:54 Mickaël Salaün [this message]
2021-08-11 14:56 ` Szabolcs Nagy
2021-08-11 15:05 ` Mickaël Salaün
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210810155406.2772584-1-mic@digikod.net \
--to=mic@digikod.net \
--cc=dalias@aerifal.cx \
--cc=landlock@lists.linux.dev \
--cc=mic@linux.microsoft.com \
--cc=musl@lists.openwall.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.vuxu.org/mirror/musl/
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).