[PATCH v1 0/1] Enable Landlock by default
Mickaël Salaün
mic at digikod.net
Tue Dec 7 13:13:52 UTC 2021
At least yes, but it would be great if it could be enabled for all
versions with kernels >= 5.13 .
On 07/12/2021 13:43, Tim Gardner wrote:
> I assume this patch is destined for Jammy (22.04) ?
>
> Dropped landlock at lists.linux.dev
>
> rtg
>
> On 12/3/21 11:52 AM, Mickaël Salaün wrote:
>> Hi,
>>
>> The Landlock security feature is built in Ubuntu kernel since 5.13 which
>> is great! However, it is not enough to enable the
>> CONFIG_SECURITY_LANDLOCK option as described in the related help. The
>> CONFIG_LSM option needs to be prepended by "landlock," to make Landlock
>> system calls available without modifying the kernel boot arguments.
>>
>> Could you please apply the attached patch to make this feature more
>> broadly available?
>>
>> This can be validated with the tests provided by the kernel sources:
>>
>> fakeroot make -C tools/testing/selftests TARGETS=landlock gen_tar
>> tar -xf
>> tools/testing/selftests/kselftest_install/kselftest-packages/kselftest.tar.gz
>>
>> # as root:
>> ./run_kselftest.sh
>>
>> If Yama is enabled, half of the ptrace tests may failed, which is OK.
>>
>> Regards,
>>
>> Mickaël Salaün (1):
>> UBUNTU: [Config] Enable Landlock by default
>>
>> debian.master/config/config.common.ubuntu | 2 +-
>> 1 file changed, 1 insertion(+), 1 deletion(-)
>>
>>
>> base-commit: 86d5f4d4ce66d96657de67b735dacb25b8ab8a1b
>>
>
More information about the kernel-team
mailing list