landlock: Log scoped denials - kernel - saturneric's kernel source tree

diff options

author	Mickaël Salaün <[email protected]>	2025-03-20 19:07:05 +0000
committer	Mickaël Salaün <[email protected]>	2025-03-26 12:59:42 +0000
commit	1176a15b5ec02925ea89bae05b5c860ddcce1e2e (patch)
tree	5e291e10e1008628322c561a17f45feb5bf22a73 /drivers/gpu/drm/amd/amdgpu/amdgpu_virt.h
parent	landlock: Log TCP bind and connect denials (diff)
download	kernel-1176a15b5ec02925ea89bae05b5c860ddcce1e2e.tar.gz kernel-1176a15b5ec02925ea89bae05b5c860ddcce1e2e.zip

landlock: Log scoped denials

Add audit support for unix_stream_connect, unix_may_send, task_kill, and file_send_sigiotask hooks. The related blockers are: - scope.abstract_unix_socket - scope.signal Audit event sample for abstract unix socket: type=LANDLOCK_DENY msg=audit(1729738800.268:30): domain=195ba459b blockers=scope.abstract_unix_socket path=00666F6F Audit event sample for signal: type=LANDLOCK_DENY msg=audit(1729738800.291:31): domain=195ba459b blockers=scope.signal opid=1 ocomm="systemd" Refactor and simplify error handling in LSM hooks. Extend struct landlock_file_security with fown_layer and use it to log the blocking domain. The struct aligned size is still 16 bytes. Cc: Günther Noack <[email protected]> Cc: Tahera Fahimi <[email protected]> Link: https://lore.kernel.org/r/[email protected] Signed-off-by: Mickaël Salaün <[email protected]>

Diffstat (limited to 'drivers/gpu/drm/amd/amdgpu/amdgpu_virt.h')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: