[PATCH v1 0/1] Enable Landlock by default
Tim Gardner
tim.gardner at canonical.com
Tue Dec 7 12:43:37 UTC 2021
I assume this patch is destined for Jammy (22.04) ?
Dropped landlock at lists.linux.dev
rtg
On 12/3/21 11:52 AM, Mickaël Salaün wrote:
> Hi,
>
> The Landlock security feature is built in Ubuntu kernel since 5.13 which
> is great! However, it is not enough to enable the
> CONFIG_SECURITY_LANDLOCK option as described in the related help. The
> CONFIG_LSM option needs to be prepended by "landlock," to make Landlock
> system calls available without modifying the kernel boot arguments.
>
> Could you please apply the attached patch to make this feature more
> broadly available?
>
> This can be validated with the tests provided by the kernel sources:
>
> fakeroot make -C tools/testing/selftests TARGETS=landlock gen_tar
> tar -xf
> tools/testing/selftests/kselftest_install/kselftest-packages/kselftest.tar.gz
> # as root:
> ./run_kselftest.sh
>
> If Yama is enabled, half of the ptrace tests may failed, which is OK.
>
> Regards,
>
> Mickaël Salaün (1):
> UBUNTU: [Config] Enable Landlock by default
>
> debian.master/config/config.common.ubuntu | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
>
> base-commit: 86d5f4d4ce66d96657de67b735dacb25b8ab8a1b
>
--
-----------
Tim Gardner
Canonical, Inc
More information about the kernel-team
mailing list