Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <20210810155406.2772584-1-mic@digikod.net>
Date: Tue, 10 Aug 2021 17:54:06 +0200
From: Mickaël Salaün <mic@...ikod.net>
To: musl@...ts.openwall.com
Cc: Mickaël Salaün <mic@...ikod.net>,
	Rich Felker <dalias@...ifal.cx>,
	landlock@...ts.linux.dev,
	Mickaël Salaün <mic@...ux.microsoft.com>
Subject: [PATCH v1] bits/syscall.h: add landlock_* from linux v5.13

From: Mickaël Salaün <mic@...ux.microsoft.com>

Add three system calls for all architectures:
* landlock_create_ruleset
* landlock_add_rule
* landlock_restrict_self

They enable creating unprivileged security sandboxes, see

  linux commit a49f4f81cb48925e8d7cbd9e59068f516e984144
  arch: Wire up Landlock syscalls

https://www.kernel.org/doc/html/latest/userspace-api/landlock.html

Signed-off-by: Mickaël Salaün <mic@...ux.microsoft.com>
Link: https://lore.kernel.org/r/20210810155406.2772584-1-mic@digikod.net
---
 arch/aarch64/bits/syscall.h.in    | 3 +++
 arch/arm/bits/syscall.h.in        | 3 +++
 arch/i386/bits/syscall.h.in       | 3 +++
 arch/m68k/bits/syscall.h.in       | 3 +++
 arch/microblaze/bits/syscall.h.in | 3 +++
 arch/mips/bits/syscall.h.in       | 3 +++
 arch/mips64/bits/syscall.h.in     | 3 +++
 arch/mipsn32/bits/syscall.h.in    | 3 +++
 arch/or1k/bits/syscall.h.in       | 3 +++
 arch/powerpc/bits/syscall.h.in    | 3 +++
 arch/powerpc64/bits/syscall.h.in  | 3 +++
 arch/riscv64/bits/syscall.h.in    | 3 +++
 arch/s390x/bits/syscall.h.in      | 3 +++
 arch/sh/bits/syscall.h.in         | 3 +++
 arch/x86_64/bits/syscall.h.in     | 3 +++
 15 files changed, 45 insertions(+)

diff --git a/arch/aarch64/bits/syscall.h.in b/arch/aarch64/bits/syscall.h.in
index 1ad467c0d32e..b94a1706994f 100644
--- a/arch/aarch64/bits/syscall.h.in
+++ b/arch/aarch64/bits/syscall.h.in
@@ -294,4 +294,7 @@
 #define __NR_pidfd_getfd	438
 #define __NR_faccessat2		439
 #define __NR_process_madvise	440
+#define __NR_landlock_create_ruleset 444
+#define __NR_landlock_add_rule 445
+#define __NR_landlock_restrict_self 446
 
diff --git a/arch/arm/bits/syscall.h.in b/arch/arm/bits/syscall.h.in
index cf9e34117109..9364cb335022 100644
--- a/arch/arm/bits/syscall.h.in
+++ b/arch/arm/bits/syscall.h.in
@@ -394,6 +394,9 @@
 #define __NR_pidfd_getfd	438
 #define __NR_faccessat2		439
 #define __NR_process_madvise	440
+#define __NR_landlock_create_ruleset 444
+#define __NR_landlock_add_rule 445
+#define __NR_landlock_restrict_self 446
 
 #define __ARM_NR_breakpoint	0x0f0001
 #define __ARM_NR_cacheflush	0x0f0002
diff --git a/arch/i386/bits/syscall.h.in b/arch/i386/bits/syscall.h.in
index 5d1c4d7a576d..1f45968c5ca4 100644
--- a/arch/i386/bits/syscall.h.in
+++ b/arch/i386/bits/syscall.h.in
@@ -431,4 +431,7 @@
 #define __NR_pidfd_getfd	438
 #define __NR_faccessat2		439
 #define __NR_process_madvise	440
+#define __NR_landlock_create_ruleset 444
+#define __NR_landlock_add_rule 445
+#define __NR_landlock_restrict_self 446
 
diff --git a/arch/m68k/bits/syscall.h.in b/arch/m68k/bits/syscall.h.in
index 6794b1a06220..297b0923b3b2 100644
--- a/arch/m68k/bits/syscall.h.in
+++ b/arch/m68k/bits/syscall.h.in
@@ -411,3 +411,6 @@
 #define __NR_pidfd_getfd	438
 #define __NR_faccessat2		439
 #define __NR_process_madvise	440
+#define __NR_landlock_create_ruleset 444
+#define __NR_landlock_add_rule 445
+#define __NR_landlock_restrict_self 446
diff --git a/arch/microblaze/bits/syscall.h.in b/arch/microblaze/bits/syscall.h.in
index 7f71df3b581c..637943b56a99 100644
--- a/arch/microblaze/bits/syscall.h.in
+++ b/arch/microblaze/bits/syscall.h.in
@@ -432,4 +432,7 @@
 #define __NR_pidfd_getfd	438
 #define __NR_faccessat2		439
 #define __NR_process_madvise	440
+#define __NR_landlock_create_ruleset 444
+#define __NR_landlock_add_rule 445
+#define __NR_landlock_restrict_self 446
 
diff --git a/arch/mips/bits/syscall.h.in b/arch/mips/bits/syscall.h.in
index d54845b22890..bb7378dfa032 100644
--- a/arch/mips/bits/syscall.h.in
+++ b/arch/mips/bits/syscall.h.in
@@ -413,4 +413,7 @@
 #define __NR_pidfd_getfd	4438
 #define __NR_faccessat2		4439
 #define __NR_process_madvise	4440
+#define __NR_landlock_create_ruleset 4444
+#define __NR_landlock_add_rule 4445
+#define __NR_landlock_restrict_self 4446
 
diff --git a/arch/mips64/bits/syscall.h.in b/arch/mips64/bits/syscall.h.in
index 920b43589d9e..028a30b5817e 100644
--- a/arch/mips64/bits/syscall.h.in
+++ b/arch/mips64/bits/syscall.h.in
@@ -343,4 +343,7 @@
 #define __NR_pidfd_getfd	5438
 #define __NR_faccessat2		5439
 #define __NR_process_madvise	5440
+#define __NR_landlock_create_ruleset 5444
+#define __NR_landlock_add_rule 5445
+#define __NR_landlock_restrict_self 5446
 
diff --git a/arch/mipsn32/bits/syscall.h.in b/arch/mipsn32/bits/syscall.h.in
index e6dad6881f9c..d08f079bdb32 100644
--- a/arch/mipsn32/bits/syscall.h.in
+++ b/arch/mipsn32/bits/syscall.h.in
@@ -367,4 +367,7 @@
 #define __NR_pidfd_getfd	6438
 #define __NR_faccessat2		6439
 #define __NR_process_madvise	6440
+#define __NR_landlock_create_ruleset 6444
+#define __NR_landlock_add_rule 6445
+#define __NR_landlock_restrict_self 6446
 
diff --git a/arch/or1k/bits/syscall.h.in b/arch/or1k/bits/syscall.h.in
index 463ee901a55d..495c36ce47b7 100644
--- a/arch/or1k/bits/syscall.h.in
+++ b/arch/or1k/bits/syscall.h.in
@@ -316,4 +316,7 @@
 #define __NR_pidfd_getfd	438
 #define __NR_faccessat2		439
 #define __NR_process_madvise	440
+#define __NR_landlock_create_ruleset 444
+#define __NR_landlock_add_rule 445
+#define __NR_landlock_restrict_self 446
 
diff --git a/arch/powerpc/bits/syscall.h.in b/arch/powerpc/bits/syscall.h.in
index db4d0ca47c15..6a123c52aa7f 100644
--- a/arch/powerpc/bits/syscall.h.in
+++ b/arch/powerpc/bits/syscall.h.in
@@ -420,4 +420,7 @@
 #define __NR_pidfd_getfd	438
 #define __NR_faccessat2		439
 #define __NR_process_madvise	440
+#define __NR_landlock_create_ruleset 444
+#define __NR_landlock_add_rule 445
+#define __NR_landlock_restrict_self 446
 
diff --git a/arch/powerpc64/bits/syscall.h.in b/arch/powerpc64/bits/syscall.h.in
index a128890b8f20..947c814a704b 100644
--- a/arch/powerpc64/bits/syscall.h.in
+++ b/arch/powerpc64/bits/syscall.h.in
@@ -392,4 +392,7 @@
 #define __NR_pidfd_getfd	438
 #define __NR_faccessat2		439
 #define __NR_process_madvise	440
+#define __NR_landlock_create_ruleset 444
+#define __NR_landlock_add_rule 445
+#define __NR_landlock_restrict_self 446
 
diff --git a/arch/riscv64/bits/syscall.h.in b/arch/riscv64/bits/syscall.h.in
index 39c0d650b1c8..fbfa614d00c4 100644
--- a/arch/riscv64/bits/syscall.h.in
+++ b/arch/riscv64/bits/syscall.h.in
@@ -294,6 +294,9 @@
 #define __NR_pidfd_getfd	438
 #define __NR_faccessat2		439
 #define __NR_process_madvise	440
+#define __NR_landlock_create_ruleset 444
+#define __NR_landlock_add_rule 445
+#define __NR_landlock_restrict_self 446
 
 #define __NR_sysriscv __NR_arch_specific_syscall
 #define __NR_riscv_flush_icache (__NR_sysriscv + 15)
diff --git a/arch/s390x/bits/syscall.h.in b/arch/s390x/bits/syscall.h.in
index 9c8d984ed25c..766b8daee2c2 100644
--- a/arch/s390x/bits/syscall.h.in
+++ b/arch/s390x/bits/syscall.h.in
@@ -357,4 +357,7 @@
 #define __NR_pidfd_getfd	438
 #define __NR_faccessat2		439
 #define __NR_process_madvise	440
+#define __NR_landlock_create_ruleset 444
+#define __NR_landlock_add_rule 445
+#define __NR_landlock_restrict_self 446
 
diff --git a/arch/sh/bits/syscall.h.in b/arch/sh/bits/syscall.h.in
index 17dd7e07435a..aab269ea7cfd 100644
--- a/arch/sh/bits/syscall.h.in
+++ b/arch/sh/bits/syscall.h.in
@@ -404,4 +404,7 @@
 #define __NR_pidfd_getfd	438
 #define __NR_faccessat2		439
 #define __NR_process_madvise	440
+#define __NR_landlock_create_ruleset 444
+#define __NR_landlock_add_rule 445
+#define __NR_landlock_restrict_self 446
 
diff --git a/arch/x86_64/bits/syscall.h.in b/arch/x86_64/bits/syscall.h.in
index e943883db974..9ddabc04b70e 100644
--- a/arch/x86_64/bits/syscall.h.in
+++ b/arch/x86_64/bits/syscall.h.in
@@ -350,4 +350,7 @@
 #define __NR_pidfd_getfd	438
 #define __NR_faccessat2		439
 #define __NR_process_madvise	440
+#define __NR_landlock_create_ruleset 444
+#define __NR_landlock_add_rule 445
+#define __NR_landlock_restrict_self 446
 

base-commit: 3f701faace7addc75d16dea8a6cd769fa5b3f260
-- 
2.32.0

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.