All of lore.kernel.org
 help / color / mirror / Atom feed
From: "Mickaël Salaün" <mic@digikod.net>
To: musl@lists.openwall.com
Cc: "Mickaël Salaün" <mic@digikod.net>,
	"Rich Felker" <dalias@aerifal.cx>,
	landlock@lists.linux.dev,
	"Mickaël Salaün" <mic@linux.microsoft.com>
Subject: [PATCH v1] bits/syscall.h: add landlock_* from linux v5.13
Date: Tue, 10 Aug 2021 17:54:06 +0200	[thread overview]
Message-ID: <20210810155406.2772584-1-mic@digikod.net> (raw)

From: Mickaël Salaün <mic@linux.microsoft.com>

Add three system calls for all architectures:
* landlock_create_ruleset
* landlock_add_rule
* landlock_restrict_self

They enable creating unprivileged security sandboxes, see

  linux commit a49f4f81cb48925e8d7cbd9e59068f516e984144
  arch: Wire up Landlock syscalls

https://www.kernel.org/doc/html/latest/userspace-api/landlock.html

Signed-off-by: Mickaël Salaün <mic@linux.microsoft.com>
Link: https://lore.kernel.org/r/20210810155406.2772584-1-mic@digikod.net
---
 arch/aarch64/bits/syscall.h.in    | 3 +++
 arch/arm/bits/syscall.h.in        | 3 +++
 arch/i386/bits/syscall.h.in       | 3 +++
 arch/m68k/bits/syscall.h.in       | 3 +++
 arch/microblaze/bits/syscall.h.in | 3 +++
 arch/mips/bits/syscall.h.in       | 3 +++
 arch/mips64/bits/syscall.h.in     | 3 +++
 arch/mipsn32/bits/syscall.h.in    | 3 +++
 arch/or1k/bits/syscall.h.in       | 3 +++
 arch/powerpc/bits/syscall.h.in    | 3 +++
 arch/powerpc64/bits/syscall.h.in  | 3 +++
 arch/riscv64/bits/syscall.h.in    | 3 +++
 arch/s390x/bits/syscall.h.in      | 3 +++
 arch/sh/bits/syscall.h.in         | 3 +++
 arch/x86_64/bits/syscall.h.in     | 3 +++
 15 files changed, 45 insertions(+)

diff --git a/arch/aarch64/bits/syscall.h.in b/arch/aarch64/bits/syscall.h.in
index 1ad467c0d32e..b94a1706994f 100644
--- a/arch/aarch64/bits/syscall.h.in
+++ b/arch/aarch64/bits/syscall.h.in
@@ -294,4 +294,7 @@
 #define __NR_pidfd_getfd	438
 #define __NR_faccessat2		439
 #define __NR_process_madvise	440
+#define __NR_landlock_create_ruleset 444
+#define __NR_landlock_add_rule 445
+#define __NR_landlock_restrict_self 446
 
diff --git a/arch/arm/bits/syscall.h.in b/arch/arm/bits/syscall.h.in
index cf9e34117109..9364cb335022 100644
--- a/arch/arm/bits/syscall.h.in
+++ b/arch/arm/bits/syscall.h.in
@@ -394,6 +394,9 @@
 #define __NR_pidfd_getfd	438
 #define __NR_faccessat2		439
 #define __NR_process_madvise	440
+#define __NR_landlock_create_ruleset 444
+#define __NR_landlock_add_rule 445
+#define __NR_landlock_restrict_self 446
 
 #define __ARM_NR_breakpoint	0x0f0001
 #define __ARM_NR_cacheflush	0x0f0002
diff --git a/arch/i386/bits/syscall.h.in b/arch/i386/bits/syscall.h.in
index 5d1c4d7a576d..1f45968c5ca4 100644
--- a/arch/i386/bits/syscall.h.in
+++ b/arch/i386/bits/syscall.h.in
@@ -431,4 +431,7 @@
 #define __NR_pidfd_getfd	438
 #define __NR_faccessat2		439
 #define __NR_process_madvise	440
+#define __NR_landlock_create_ruleset 444
+#define __NR_landlock_add_rule 445
+#define __NR_landlock_restrict_self 446
 
diff --git a/arch/m68k/bits/syscall.h.in b/arch/m68k/bits/syscall.h.in
index 6794b1a06220..297b0923b3b2 100644
--- a/arch/m68k/bits/syscall.h.in
+++ b/arch/m68k/bits/syscall.h.in
@@ -411,3 +411,6 @@
 #define __NR_pidfd_getfd	438
 #define __NR_faccessat2		439
 #define __NR_process_madvise	440
+#define __NR_landlock_create_ruleset 444
+#define __NR_landlock_add_rule 445
+#define __NR_landlock_restrict_self 446
diff --git a/arch/microblaze/bits/syscall.h.in b/arch/microblaze/bits/syscall.h.in
index 7f71df3b581c..637943b56a99 100644
--- a/arch/microblaze/bits/syscall.h.in
+++ b/arch/microblaze/bits/syscall.h.in
@@ -432,4 +432,7 @@
 #define __NR_pidfd_getfd	438
 #define __NR_faccessat2		439
 #define __NR_process_madvise	440
+#define __NR_landlock_create_ruleset 444
+#define __NR_landlock_add_rule 445
+#define __NR_landlock_restrict_self 446
 
diff --git a/arch/mips/bits/syscall.h.in b/arch/mips/bits/syscall.h.in
index d54845b22890..bb7378dfa032 100644
--- a/arch/mips/bits/syscall.h.in
+++ b/arch/mips/bits/syscall.h.in
@@ -413,4 +413,7 @@
 #define __NR_pidfd_getfd	4438
 #define __NR_faccessat2		4439
 #define __NR_process_madvise	4440
+#define __NR_landlock_create_ruleset 4444
+#define __NR_landlock_add_rule 4445
+#define __NR_landlock_restrict_self 4446
 
diff --git a/arch/mips64/bits/syscall.h.in b/arch/mips64/bits/syscall.h.in
index 920b43589d9e..028a30b5817e 100644
--- a/arch/mips64/bits/syscall.h.in
+++ b/arch/mips64/bits/syscall.h.in
@@ -343,4 +343,7 @@
 #define __NR_pidfd_getfd	5438
 #define __NR_faccessat2		5439
 #define __NR_process_madvise	5440
+#define __NR_landlock_create_ruleset 5444
+#define __NR_landlock_add_rule 5445
+#define __NR_landlock_restrict_self 5446
 
diff --git a/arch/mipsn32/bits/syscall.h.in b/arch/mipsn32/bits/syscall.h.in
index e6dad6881f9c..d08f079bdb32 100644
--- a/arch/mipsn32/bits/syscall.h.in
+++ b/arch/mipsn32/bits/syscall.h.in
@@ -367,4 +367,7 @@
 #define __NR_pidfd_getfd	6438
 #define __NR_faccessat2		6439
 #define __NR_process_madvise	6440
+#define __NR_landlock_create_ruleset 6444
+#define __NR_landlock_add_rule 6445
+#define __NR_landlock_restrict_self 6446
 
diff --git a/arch/or1k/bits/syscall.h.in b/arch/or1k/bits/syscall.h.in
index 463ee901a55d..495c36ce47b7 100644
--- a/arch/or1k/bits/syscall.h.in
+++ b/arch/or1k/bits/syscall.h.in
@@ -316,4 +316,7 @@
 #define __NR_pidfd_getfd	438
 #define __NR_faccessat2		439
 #define __NR_process_madvise	440
+#define __NR_landlock_create_ruleset 444
+#define __NR_landlock_add_rule 445
+#define __NR_landlock_restrict_self 446
 
diff --git a/arch/powerpc/bits/syscall.h.in b/arch/powerpc/bits/syscall.h.in
index db4d0ca47c15..6a123c52aa7f 100644
--- a/arch/powerpc/bits/syscall.h.in
+++ b/arch/powerpc/bits/syscall.h.in
@@ -420,4 +420,7 @@
 #define __NR_pidfd_getfd	438
 #define __NR_faccessat2		439
 #define __NR_process_madvise	440
+#define __NR_landlock_create_ruleset 444
+#define __NR_landlock_add_rule 445
+#define __NR_landlock_restrict_self 446
 
diff --git a/arch/powerpc64/bits/syscall.h.in b/arch/powerpc64/bits/syscall.h.in
index a128890b8f20..947c814a704b 100644
--- a/arch/powerpc64/bits/syscall.h.in
+++ b/arch/powerpc64/bits/syscall.h.in
@@ -392,4 +392,7 @@
 #define __NR_pidfd_getfd	438
 #define __NR_faccessat2		439
 #define __NR_process_madvise	440
+#define __NR_landlock_create_ruleset 444
+#define __NR_landlock_add_rule 445
+#define __NR_landlock_restrict_self 446
 
diff --git a/arch/riscv64/bits/syscall.h.in b/arch/riscv64/bits/syscall.h.in
index 39c0d650b1c8..fbfa614d00c4 100644
--- a/arch/riscv64/bits/syscall.h.in
+++ b/arch/riscv64/bits/syscall.h.in
@@ -294,6 +294,9 @@
 #define __NR_pidfd_getfd	438
 #define __NR_faccessat2		439
 #define __NR_process_madvise	440
+#define __NR_landlock_create_ruleset 444
+#define __NR_landlock_add_rule 445
+#define __NR_landlock_restrict_self 446
 
 #define __NR_sysriscv __NR_arch_specific_syscall
 #define __NR_riscv_flush_icache (__NR_sysriscv + 15)
diff --git a/arch/s390x/bits/syscall.h.in b/arch/s390x/bits/syscall.h.in
index 9c8d984ed25c..766b8daee2c2 100644
--- a/arch/s390x/bits/syscall.h.in
+++ b/arch/s390x/bits/syscall.h.in
@@ -357,4 +357,7 @@
 #define __NR_pidfd_getfd	438
 #define __NR_faccessat2		439
 #define __NR_process_madvise	440
+#define __NR_landlock_create_ruleset 444
+#define __NR_landlock_add_rule 445
+#define __NR_landlock_restrict_self 446
 
diff --git a/arch/sh/bits/syscall.h.in b/arch/sh/bits/syscall.h.in
index 17dd7e07435a..aab269ea7cfd 100644
--- a/arch/sh/bits/syscall.h.in
+++ b/arch/sh/bits/syscall.h.in
@@ -404,4 +404,7 @@
 #define __NR_pidfd_getfd	438
 #define __NR_faccessat2		439
 #define __NR_process_madvise	440
+#define __NR_landlock_create_ruleset 444
+#define __NR_landlock_add_rule 445
+#define __NR_landlock_restrict_self 446
 
diff --git a/arch/x86_64/bits/syscall.h.in b/arch/x86_64/bits/syscall.h.in
index e943883db974..9ddabc04b70e 100644
--- a/arch/x86_64/bits/syscall.h.in
+++ b/arch/x86_64/bits/syscall.h.in
@@ -350,4 +350,7 @@
 #define __NR_pidfd_getfd	438
 #define __NR_faccessat2		439
 #define __NR_process_madvise	440
+#define __NR_landlock_create_ruleset 444
+#define __NR_landlock_add_rule 445
+#define __NR_landlock_restrict_self 446
 

base-commit: 3f701faace7addc75d16dea8a6cd769fa5b3f260
-- 
2.32.0


             reply	other threads:[~2021-08-10 16:27 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-08-10 15:54 Mickaël Salaün [this message]
2021-08-11 14:56 ` [musl] " Szabolcs Nagy
2021-08-11 15:05   ` Mickaël Salaün

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20210810155406.2772584-1-mic@digikod.net \
    --to=mic@digikod.net \
    --cc=dalias@aerifal.cx \
    --cc=landlock@lists.linux.dev \
    --cc=mic@linux.microsoft.com \
    --cc=musl@lists.openwall.com \
    --subject='Re: [PATCH v1] bits/syscall.h: add landlock_* from linux v5.13' \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.