APPLIED[J]: [PATCH v1 0/1] Enable Landlock by default
Andrea Righi
andrea.righi at canonical.com
Wed Dec 15 15:06:14 UTC 2021
On Fri, Dec 03, 2021 at 07:52:25PM +0100, Mickaël Salaün wrote:
> Hi,
>
> The Landlock security feature is built in Ubuntu kernel since 5.13 which
> is great! However, it is not enough to enable the
> CONFIG_SECURITY_LANDLOCK option as described in the related help. The
> CONFIG_LSM option needs to be prepended by "landlock," to make Landlock
> system calls available without modifying the kernel boot arguments.
>
> Could you please apply the attached patch to make this feature more
> broadly available?
>
> This can be validated with the tests provided by the kernel sources:
>
> fakeroot make -C tools/testing/selftests TARGETS=landlock gen_tar
> tar -xf
> tools/testing/selftests/kselftest_install/kselftest-packages/kselftest.tar.gz
> # as root:
> ./run_kselftest.sh
>
> If Yama is enabled, half of the ptrace tests may failed, which is OK.
>
> Regards,
>
> Mickaël Salaün (1):
> UBUNTU: [Config] Enable Landlock by default
It makes sense to enable this security feature by default to me, it's
also what upstream is doing.
Applied to jammy:linux (with an additional change to update CONFIG_LSM
in debian.master/config/annotations).
Thanks,
-Andrea
More information about the kernel-team
mailing list