[PATCH v1 0/1] Enable Landlock by default
Mickaël Salaün
mic at digikod.net
Fri Dec 3 18:52:25 UTC 2021
Hi,
The Landlock security feature is built in Ubuntu kernel since 5.13 which
is great! However, it is not enough to enable the
CONFIG_SECURITY_LANDLOCK option as described in the related help. The
CONFIG_LSM option needs to be prepended by "landlock," to make Landlock
system calls available without modifying the kernel boot arguments.
Could you please apply the attached patch to make this feature more
broadly available?
This can be validated with the tests provided by the kernel sources:
fakeroot make -C tools/testing/selftests TARGETS=landlock gen_tar
tar -xf
tools/testing/selftests/kselftest_install/kselftest-packages/kselftest.tar.gz
# as root:
./run_kselftest.sh
If Yama is enabled, half of the ptrace tests may failed, which is OK.
Regards,
Mickaël Salaün (1):
UBUNTU: [Config] Enable Landlock by default
debian.master/config/config.common.ubuntu | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
base-commit: 86d5f4d4ce66d96657de67b735dacb25b8ab8a1b
--
2.33.1
More information about the kernel-team
mailing list