[PR PATCH] linux5.15+: Add landlock to CONFIG_LSM

Github messages for voidlinux
 help / color / mirror / Atom feed

From: crtxcr <crtxcr@users.noreply.github.com>
To: ml@inbox.vuxu.org
Subject: [PR PATCH] linux5.15+: Add landlock to CONFIG_LSM
Date: Thu, 29 Dec 2022 00:09:18 +0100	[thread overview]
Message-ID: <gh-mailinglist-notifications-41a7ca26-5023-4802-975b-f1789d68868e-void-packages-41337@inbox.vuxu.org> (raw)

[-- Attachment #1: Type: text/plain, Size: 696 bytes --]

There is a new pull request by crtxcr against master on the void-packages repository

https://github.com/crtxcr/void-packages linux_enable_landlock
https://github.com/void-linux/void-packages/pull/41337

linux5.15+: Add landlock to CONFIG_LSM
#### Testing the changes
- I tested the changes in this PR: **NO**

I answered NO here since I don't run voids kernel config (but have my own with it enabled)

For landlock to be available CONFIG_SECURITY_LANDLOCK=y is not enough, it should also be added to CONFIG_LSM: https://docs.kernel.org/userspace-api/landlock.html#kernel-support



CC @sgn 



A patch file from https://github.com/void-linux/void-packages/pull/41337.patch is attached

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-linux_enable_landlock-41337.patch --]
[-- Type: text/x-diff, Size: 10813 bytes --]

From c7a9540906c9efe69277ade7e3f3fcd3c23192cf Mon Sep 17 00:00:00 2001
From: Albert Schwarzkopf <dev-voidlinux@quitesimple.org>
Date: Thu, 29 Dec 2022 00:01:04 +0100
Subject: [PATCH] linux5.15+: Add landlock to CONFIG_LSM

---
 srcpkgs/linux5.15/files/arm64-dotconfig   | 2 +-
 srcpkgs/linux5.15/files/i386-dotconfig    | 2 +-
 srcpkgs/linux5.15/files/ppc-dotconfig     | 2 +-
 srcpkgs/linux5.15/files/ppc64-dotconfig   | 2 +-
 srcpkgs/linux5.15/files/ppc64le-dotconfig | 2 +-
 srcpkgs/linux5.15/files/x86_64-dotconfig  | 2 +-
 srcpkgs/linux6.0/files/arm64-dotconfig    | 2 +-
 srcpkgs/linux6.0/files/i386-dotconfig     | 2 +-
 srcpkgs/linux6.0/files/ppc-dotconfig      | 2 +-
 srcpkgs/linux6.0/files/ppc64-dotconfig    | 2 +-
 srcpkgs/linux6.0/files/ppc64le-dotconfig  | 2 +-
 srcpkgs/linux6.0/files/x86_64-dotconfig   | 2 +-
 srcpkgs/linux6.1/files/arm64-dotconfig    | 2 +-
 srcpkgs/linux6.1/files/i386-dotconfig     | 2 +-
 srcpkgs/linux6.1/files/ppc-dotconfig      | 2 +-
 srcpkgs/linux6.1/files/ppc64-dotconfig    | 2 +-
 srcpkgs/linux6.1/files/ppc64le-dotconfig  | 2 +-
 srcpkgs/linux6.1/files/x86_64-dotconfig   | 2 +-
 18 files changed, 18 insertions(+), 18 deletions(-)

diff --git a/srcpkgs/linux5.15/files/arm64-dotconfig b/srcpkgs/linux5.15/files/arm64-dotconfig
index 40c18915d3bc..c3d64f6203ad 100644
--- a/srcpkgs/linux5.15/files/arm64-dotconfig
+++ b/srcpkgs/linux5.15/files/arm64-dotconfig
@@ -11226,7 +11226,7 @@ CONFIG_INTEGRITY_AUDIT=y
 # CONFIG_EVM is not set
 CONFIG_DEFAULT_SECURITY_APPARMOR=y
 # CONFIG_DEFAULT_SECURITY_DAC is not set
-CONFIG_LSM="yama,loadpin,safesetid,integrity"
+CONFIG_LSM="landlock,yama,loadpin,safesetid,integrity"
 
 #
 # Kernel hardening options
diff --git a/srcpkgs/linux5.15/files/i386-dotconfig b/srcpkgs/linux5.15/files/i386-dotconfig
index 1f90e83f094c..a76b25edb7d3 100644
--- a/srcpkgs/linux5.15/files/i386-dotconfig
+++ b/srcpkgs/linux5.15/files/i386-dotconfig
@@ -9544,7 +9544,7 @@ CONFIG_INTEGRITY_AUDIT=y
 # CONFIG_DEFAULT_SECURITY_SELINUX is not set
 # CONFIG_DEFAULT_SECURITY_APPARMOR is not set
 CONFIG_DEFAULT_SECURITY_DAC=y
-CONFIG_LSM="yama,loadpin,safesetid,integrity"
+CONFIG_LSM="landlock,yama,loadpin,safesetid,integrity"
 
 #
 # Kernel hardening options
diff --git a/srcpkgs/linux5.15/files/ppc-dotconfig b/srcpkgs/linux5.15/files/ppc-dotconfig
index 56421d1745f2..891c36f5e592 100644
--- a/srcpkgs/linux5.15/files/ppc-dotconfig
+++ b/srcpkgs/linux5.15/files/ppc-dotconfig
@@ -7674,7 +7674,7 @@ CONFIG_INTEGRITY_AUDIT=y
 # CONFIG_DEFAULT_SECURITY_SELINUX is not set
 CONFIG_DEFAULT_SECURITY_APPARMOR=y
 # CONFIG_DEFAULT_SECURITY_DAC is not set
-CONFIG_LSM="yama,loadpin,safesetid,integrity,apparmor,selinux,smack,tomoyo"
+CONFIG_LSM="landlock,yama,loadpin,safesetid,integrity,apparmor,selinux,smack,tomoyo"
 
 #
 # Kernel hardening options
diff --git a/srcpkgs/linux5.15/files/ppc64-dotconfig b/srcpkgs/linux5.15/files/ppc64-dotconfig
index 601f1d55d2ee..4cbbc7be7c99 100644
--- a/srcpkgs/linux5.15/files/ppc64-dotconfig
+++ b/srcpkgs/linux5.15/files/ppc64-dotconfig
@@ -9658,7 +9658,7 @@ CONFIG_INTEGRITY_AUDIT=y
 # CONFIG_DEFAULT_SECURITY_SELINUX is not set
 # CONFIG_DEFAULT_SECURITY_APPARMOR is not set
 CONFIG_DEFAULT_SECURITY_DAC=y
-CONFIG_LSM="yama,loadpin,safesetid,integrity"
+CONFIG_LSM="landlock,yama,loadpin,safesetid,integrity"
 
 #
 # Kernel hardening options
diff --git a/srcpkgs/linux5.15/files/ppc64le-dotconfig b/srcpkgs/linux5.15/files/ppc64le-dotconfig
index 5fafdb797f0b..c4220b08d1c9 100644
--- a/srcpkgs/linux5.15/files/ppc64le-dotconfig
+++ b/srcpkgs/linux5.15/files/ppc64le-dotconfig
@@ -9380,7 +9380,7 @@ CONFIG_INTEGRITY_AUDIT=y
 # CONFIG_DEFAULT_SECURITY_SELINUX is not set
 # CONFIG_DEFAULT_SECURITY_APPARMOR is not set
 CONFIG_DEFAULT_SECURITY_DAC=y
-CONFIG_LSM="yama,loadpin,safesetid,integrity"
+CONFIG_LSM="landlock,yama,loadpin,safesetid,integrity"
 
 #
 # Kernel hardening options
diff --git a/srcpkgs/linux5.15/files/x86_64-dotconfig b/srcpkgs/linux5.15/files/x86_64-dotconfig
index 7c711c66f9da..e452c0f08396 100644
--- a/srcpkgs/linux5.15/files/x86_64-dotconfig
+++ b/srcpkgs/linux5.15/files/x86_64-dotconfig
@@ -9728,7 +9728,7 @@ CONFIG_INTEGRITY_AUDIT=y
 # CONFIG_EVM is not set
 # CONFIG_DEFAULT_SECURITY_APPARMOR is not set
 CONFIG_DEFAULT_SECURITY_DAC=y
-CONFIG_LSM="yama,loadpin,safesetid,integrity"
+CONFIG_LSM="landlock,yama,loadpin,safesetid,integrity"
 
 #
 # Kernel hardening options
diff --git a/srcpkgs/linux6.0/files/arm64-dotconfig b/srcpkgs/linux6.0/files/arm64-dotconfig
index c708bc401cb3..60a19732fb42 100644
--- a/srcpkgs/linux6.0/files/arm64-dotconfig
+++ b/srcpkgs/linux6.0/files/arm64-dotconfig
@@ -11759,7 +11759,7 @@ CONFIG_INTEGRITY_AUDIT=y
 # CONFIG_EVM is not set
 CONFIG_DEFAULT_SECURITY_APPARMOR=y
 # CONFIG_DEFAULT_SECURITY_DAC is not set
-CONFIG_LSM="yama,loadpin,safesetid,integrity"
+CONFIG_LSM="landlock,yama,loadpin,safesetid,integrity"
 
 #
 # Kernel hardening options
diff --git a/srcpkgs/linux6.0/files/i386-dotconfig b/srcpkgs/linux6.0/files/i386-dotconfig
index eb5ad6fce09a..ea5bddf4685d 100644
--- a/srcpkgs/linux6.0/files/i386-dotconfig
+++ b/srcpkgs/linux6.0/files/i386-dotconfig
@@ -9964,7 +9964,7 @@ CONFIG_INTEGRITY_AUDIT=y
 # CONFIG_DEFAULT_SECURITY_SELINUX is not set
 # CONFIG_DEFAULT_SECURITY_APPARMOR is not set
 CONFIG_DEFAULT_SECURITY_DAC=y
-CONFIG_LSM="yama,loadpin,safesetid,integrity"
+CONFIG_LSM="landlock,yama,loadpin,safesetid,integrity"
 
 #
 # Kernel hardening options
diff --git a/srcpkgs/linux6.0/files/ppc-dotconfig b/srcpkgs/linux6.0/files/ppc-dotconfig
index 62a721ff52cb..2bf2cb2411a6 100644
--- a/srcpkgs/linux6.0/files/ppc-dotconfig
+++ b/srcpkgs/linux6.0/files/ppc-dotconfig
@@ -8005,7 +8005,7 @@ CONFIG_INTEGRITY_AUDIT=y
 # CONFIG_DEFAULT_SECURITY_SELINUX is not set
 CONFIG_DEFAULT_SECURITY_APPARMOR=y
 # CONFIG_DEFAULT_SECURITY_DAC is not set
-CONFIG_LSM="yama,loadpin,safesetid,integrity,apparmor,selinux,smack,tomoyo"
+CONFIG_LSM="landlock,yama,loadpin,safesetid,integrity,apparmor,selinux,smack,tomoyo"
 
 #
 # Kernel hardening options
diff --git a/srcpkgs/linux6.0/files/ppc64-dotconfig b/srcpkgs/linux6.0/files/ppc64-dotconfig
index 841ae1a350d3..d8c80c856e9f 100644
--- a/srcpkgs/linux6.0/files/ppc64-dotconfig
+++ b/srcpkgs/linux6.0/files/ppc64-dotconfig
@@ -10030,7 +10030,7 @@ CONFIG_INTEGRITY_AUDIT=y
 # CONFIG_DEFAULT_SECURITY_SELINUX is not set
 # CONFIG_DEFAULT_SECURITY_APPARMOR is not set
 CONFIG_DEFAULT_SECURITY_DAC=y
-CONFIG_LSM="yama,loadpin,safesetid,integrity"
+CONFIG_LSM="landlock,yama,loadpin,safesetid,integrity"
 
 #
 # Kernel hardening options
diff --git a/srcpkgs/linux6.0/files/ppc64le-dotconfig b/srcpkgs/linux6.0/files/ppc64le-dotconfig
index a32850c87f39..f263d08b03ef 100644
--- a/srcpkgs/linux6.0/files/ppc64le-dotconfig
+++ b/srcpkgs/linux6.0/files/ppc64le-dotconfig
@@ -9750,7 +9750,7 @@ CONFIG_INTEGRITY_AUDIT=y
 # CONFIG_DEFAULT_SECURITY_SELINUX is not set
 # CONFIG_DEFAULT_SECURITY_APPARMOR is not set
 CONFIG_DEFAULT_SECURITY_DAC=y
-CONFIG_LSM="yama,loadpin,safesetid,integrity"
+CONFIG_LSM="landlock,yama,loadpin,safesetid,integrity"
 
 #
 # Kernel hardening options
diff --git a/srcpkgs/linux6.0/files/x86_64-dotconfig b/srcpkgs/linux6.0/files/x86_64-dotconfig
index fc67dc699926..b592092a4bf7 100644
--- a/srcpkgs/linux6.0/files/x86_64-dotconfig
+++ b/srcpkgs/linux6.0/files/x86_64-dotconfig
@@ -10188,7 +10188,7 @@ CONFIG_INTEGRITY_AUDIT=y
 # CONFIG_EVM is not set
 # CONFIG_DEFAULT_SECURITY_APPARMOR is not set
 CONFIG_DEFAULT_SECURITY_DAC=y
-CONFIG_LSM="yama,loadpin,safesetid,integrity"
+CONFIG_LSM="landlock,yama,loadpin,safesetid,integrity"
 
 #
 # Kernel hardening options
diff --git a/srcpkgs/linux6.1/files/arm64-dotconfig b/srcpkgs/linux6.1/files/arm64-dotconfig
index c244e5af74ee..138dfb47a123 100644
--- a/srcpkgs/linux6.1/files/arm64-dotconfig
+++ b/srcpkgs/linux6.1/files/arm64-dotconfig
@@ -11785,7 +11785,7 @@ CONFIG_INTEGRITY_AUDIT=y
 # CONFIG_EVM is not set
 CONFIG_DEFAULT_SECURITY_APPARMOR=y
 # CONFIG_DEFAULT_SECURITY_DAC is not set
-CONFIG_LSM="yama,loadpin,safesetid,integrity"
+CONFIG_LSM="landlock,yama,loadpin,safesetid,integrity"
 
 #
 # Kernel hardening options
diff --git a/srcpkgs/linux6.1/files/i386-dotconfig b/srcpkgs/linux6.1/files/i386-dotconfig
index d549a8932534..f484941f12e5 100644
--- a/srcpkgs/linux6.1/files/i386-dotconfig
+++ b/srcpkgs/linux6.1/files/i386-dotconfig
@@ -9981,7 +9981,7 @@ CONFIG_INTEGRITY_AUDIT=y
 # CONFIG_DEFAULT_SECURITY_SELINUX is not set
 # CONFIG_DEFAULT_SECURITY_APPARMOR is not set
 CONFIG_DEFAULT_SECURITY_DAC=y
-CONFIG_LSM="yama,loadpin,safesetid,integrity"
+CONFIG_LSM="landlock,yama,loadpin,safesetid,integrity"
 
 #
 # Kernel hardening options
diff --git a/srcpkgs/linux6.1/files/ppc-dotconfig b/srcpkgs/linux6.1/files/ppc-dotconfig
index 1aa3fc01e3cb..42533d89a6e6 100644
--- a/srcpkgs/linux6.1/files/ppc-dotconfig
+++ b/srcpkgs/linux6.1/files/ppc-dotconfig
@@ -8009,7 +8009,7 @@ CONFIG_INTEGRITY_AUDIT=y
 # CONFIG_DEFAULT_SECURITY_SELINUX is not set
 CONFIG_DEFAULT_SECURITY_APPARMOR=y
 # CONFIG_DEFAULT_SECURITY_DAC is not set
-CONFIG_LSM="yama,loadpin,safesetid,integrity,apparmor,selinux,smack,tomoyo"
+CONFIG_LSM="landlock,yama,loadpin,safesetid,integrity,apparmor,selinux,smack,tomoyo"
 
 #
 # Kernel hardening options
diff --git a/srcpkgs/linux6.1/files/ppc64-dotconfig b/srcpkgs/linux6.1/files/ppc64-dotconfig
index 82058e328ec9..cb41cf4b037f 100644
--- a/srcpkgs/linux6.1/files/ppc64-dotconfig
+++ b/srcpkgs/linux6.1/files/ppc64-dotconfig
@@ -10050,7 +10050,7 @@ CONFIG_INTEGRITY_AUDIT=y
 # CONFIG_DEFAULT_SECURITY_SELINUX is not set
 # CONFIG_DEFAULT_SECURITY_APPARMOR is not set
 CONFIG_DEFAULT_SECURITY_DAC=y
-CONFIG_LSM="yama,loadpin,safesetid,integrity"
+CONFIG_LSM="landlock,yama,loadpin,safesetid,integrity"
 
 #
 # Kernel hardening options
diff --git a/srcpkgs/linux6.1/files/ppc64le-dotconfig b/srcpkgs/linux6.1/files/ppc64le-dotconfig
index 1881ce75cecf..2d85dcc227c1 100644
--- a/srcpkgs/linux6.1/files/ppc64le-dotconfig
+++ b/srcpkgs/linux6.1/files/ppc64le-dotconfig
@@ -9771,7 +9771,7 @@ CONFIG_INTEGRITY_AUDIT=y
 # CONFIG_DEFAULT_SECURITY_SELINUX is not set
 # CONFIG_DEFAULT_SECURITY_APPARMOR is not set
 CONFIG_DEFAULT_SECURITY_DAC=y
-CONFIG_LSM="yama,loadpin,safesetid,integrity"
+CONFIG_LSM="landlock,yama,loadpin,safesetid,integrity"
 
 #
 # Kernel hardening options
diff --git a/srcpkgs/linux6.1/files/x86_64-dotconfig b/srcpkgs/linux6.1/files/x86_64-dotconfig
index d6ed831e1921..20579c094dee 100644
--- a/srcpkgs/linux6.1/files/x86_64-dotconfig
+++ b/srcpkgs/linux6.1/files/x86_64-dotconfig
@@ -10219,7 +10219,7 @@ CONFIG_INTEGRITY_AUDIT=y
 # CONFIG_EVM is not set
 # CONFIG_DEFAULT_SECURITY_APPARMOR is not set
 CONFIG_DEFAULT_SECURITY_DAC=y
-CONFIG_LSM="yama,loadpin,safesetid,integrity"
+CONFIG_LSM="landlock,yama,loadpin,safesetid,integrity"
 
 #
 # Kernel hardening options

next             reply	other threads:[~2022-12-28 23:09 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-12-28 23:09 crtxcr [this message]
2022-12-28 23:14 ` paper42
2022-12-28 23:40 ` crtxcr
2022-12-29  1:42 ` sgn
2022-12-29  1:44 ` sgn
2022-12-29  7:34 ` crtxcr
2022-12-29  7:44 ` [PR PATCH] [Merged]: " sgn

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=gh-mailinglist-notifications-41a7ca26-5023-4802-975b-f1789d68868e-void-packages-41337@inbox.vuxu.org \
    --to=crtxcr@users.noreply.github.com \
    --cc=ml@inbox.vuxu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).