APPLIED[J]: [PATCH v1 0/1] Enable Landlock by default
Mickaël Salaün
mic at digikod.net
Wed Dec 22 12:06:03 UTC 2021
On 15/12/2021 16:06, Andrea Righi wrote:
> On Fri, Dec 03, 2021 at 07:52:25PM +0100, Mickaël Salaün wrote:
>> Hi,
>>
>> The Landlock security feature is built in Ubuntu kernel since 5.13 which
>> is great! However, it is not enough to enable the
>> CONFIG_SECURITY_LANDLOCK option as described in the related help. The
>> CONFIG_LSM option needs to be prepended by "landlock," to make Landlock
>> system calls available without modifying the kernel boot arguments.
>>
>> Could you please apply the attached patch to make this feature more
>> broadly available?
>>
>> This can be validated with the tests provided by the kernel sources:
>>
>> fakeroot make -C tools/testing/selftests TARGETS=landlock gen_tar
>> tar -xf
>> tools/testing/selftests/kselftest_install/kselftest-packages/kselftest.tar.gz
>> # as root:
>> ./run_kselftest.sh
>>
>> If Yama is enabled, half of the ptrace tests may failed, which is OK.
>>
>> Regards,
>>
>> Mickaël Salaün (1):
>> UBUNTU: [Config] Enable Landlock by default
>
> It makes sense to enable this security feature by default to me, it's
> also what upstream is doing.
>
> Applied to jammy:linux (with an additional change to update CONFIG_LSM
> in debian.master/config/annotations).
>
> Thanks,
> -Andrea
>
Thanks Andrea!
More information about the kernel-team
mailing list