From ee05b11b67d59a6c5bb4b9d661bcc20bbd0bbe7a Mon Sep 17 00:00:00 2001 From: Szabolcs Nagy Date: Sun, 4 Jul 2021 16:34:15 +0000 Subject: bits/syscall.h: add landlock syscalls from linux v5.13 see linux commit a49f4f81cb48925e8d7cbd9e59068f516e984144 arch: Wire up Landlock syscalls linuxcommit 17ae69aba89dbfa2139b7f8024b757ab3cc42f59 Merge tag 'landlock_v34' of ... jmorris/linux-security Landlock provides for unprivileged application sandboxing. The goal of Landlock is to enable to restrict ambient rights (e.g. global filesystem access) for a set of processes. Landlock is inspired by seccomp-bpf but instead of filtering syscalls and their raw arguments, a Landlock rule can restrict the use of kernel objects like file hierarchies, according to the kernel semantic. --- arch/aarch64/bits/syscall.h.in | 3 +++ arch/arm/bits/syscall.h.in | 3 +++ arch/i386/bits/syscall.h.in | 3 +++ arch/m68k/bits/syscall.h.in | 3 +++ arch/microblaze/bits/syscall.h.in | 3 +++ arch/mips/bits/syscall.h.in | 3 +++ arch/mips64/bits/syscall.h.in | 3 +++ arch/mipsn32/bits/syscall.h.in | 3 +++ arch/or1k/bits/syscall.h.in | 3 +++ arch/powerpc/bits/syscall.h.in | 3 +++ arch/powerpc64/bits/syscall.h.in | 3 +++ arch/riscv64/bits/syscall.h.in | 3 +++ arch/s390x/bits/syscall.h.in | 3 +++ arch/sh/bits/syscall.h.in | 3 +++ arch/x32/bits/syscall.h.in | 3 +++ arch/x86_64/bits/syscall.h.in | 3 +++ 16 files changed, 48 insertions(+) (limited to 'arch') diff --git a/arch/aarch64/bits/syscall.h.in b/arch/aarch64/bits/syscall.h.in index 037da21..5f420e6 100644 --- a/arch/aarch64/bits/syscall.h.in +++ b/arch/aarch64/bits/syscall.h.in @@ -296,4 +296,7 @@ #define __NR_process_madvise 440 #define __NR_epoll_pwait2 441 #define __NR_mount_setattr 442 +#define __NR_landlock_create_ruleset 444 +#define __NR_landlock_add_rule 445 +#define __NR_landlock_restrict_self 446 diff --git a/arch/arm/bits/syscall.h.in b/arch/arm/bits/syscall.h.in index 8919137..048fdea 100644 --- a/arch/arm/bits/syscall.h.in +++ b/arch/arm/bits/syscall.h.in @@ -396,6 +396,9 @@ #define __NR_process_madvise 440 #define __NR_epoll_pwait2 441 #define __NR_mount_setattr 442 +#define __NR_landlock_create_ruleset 444 +#define __NR_landlock_add_rule 445 +#define __NR_landlock_restrict_self 446 #define __ARM_NR_breakpoint 0x0f0001 #define __ARM_NR_cacheflush 0x0f0002 diff --git a/arch/i386/bits/syscall.h.in b/arch/i386/bits/syscall.h.in index 4c04ea8..46ffe1d 100644 --- a/arch/i386/bits/syscall.h.in +++ b/arch/i386/bits/syscall.h.in @@ -433,4 +433,7 @@ #define __NR_process_madvise 440 #define __NR_epoll_pwait2 441 #define __NR_mount_setattr 442 +#define __NR_landlock_create_ruleset 444 +#define __NR_landlock_add_rule 445 +#define __NR_landlock_restrict_self 446 diff --git a/arch/m68k/bits/syscall.h.in b/arch/m68k/bits/syscall.h.in index 136775b..a0c6332 100644 --- a/arch/m68k/bits/syscall.h.in +++ b/arch/m68k/bits/syscall.h.in @@ -413,3 +413,6 @@ #define __NR_process_madvise 440 #define __NR_epoll_pwait2 441 #define __NR_mount_setattr 442 +#define __NR_landlock_create_ruleset 444 +#define __NR_landlock_add_rule 445 +#define __NR_landlock_restrict_self 446 diff --git a/arch/microblaze/bits/syscall.h.in b/arch/microblaze/bits/syscall.h.in index 10f27ab..931d791 100644 --- a/arch/microblaze/bits/syscall.h.in +++ b/arch/microblaze/bits/syscall.h.in @@ -434,4 +434,7 @@ #define __NR_process_madvise 440 #define __NR_epoll_pwait2 441 #define __NR_mount_setattr 442 +#define __NR_landlock_create_ruleset 444 +#define __NR_landlock_add_rule 445 +#define __NR_landlock_restrict_self 446 diff --git a/arch/mips/bits/syscall.h.in b/arch/mips/bits/syscall.h.in index 1d0deed..63e3503 100644 --- a/arch/mips/bits/syscall.h.in +++ b/arch/mips/bits/syscall.h.in @@ -415,4 +415,7 @@ #define __NR_process_madvise 4440 #define __NR_epoll_pwait2 4441 #define __NR_mount_setattr 4442 +#define __NR_landlock_create_ruleset 4444 +#define __NR_landlock_add_rule 4445 +#define __NR_landlock_restrict_self 4446 diff --git a/arch/mips64/bits/syscall.h.in b/arch/mips64/bits/syscall.h.in index b1b83f5..b89965d 100644 --- a/arch/mips64/bits/syscall.h.in +++ b/arch/mips64/bits/syscall.h.in @@ -345,4 +345,7 @@ #define __NR_process_madvise 5440 #define __NR_epoll_pwait2 5441 #define __NR_mount_setattr 5442 +#define __NR_landlock_create_ruleset 5444 +#define __NR_landlock_add_rule 5445 +#define __NR_landlock_restrict_self 5446 diff --git a/arch/mipsn32/bits/syscall.h.in b/arch/mipsn32/bits/syscall.h.in index bfaa080..bb2d04a 100644 --- a/arch/mipsn32/bits/syscall.h.in +++ b/arch/mipsn32/bits/syscall.h.in @@ -369,4 +369,7 @@ #define __NR_process_madvise 6440 #define __NR_epoll_pwait2 6441 #define __NR_mount_setattr 6442 +#define __NR_landlock_create_ruleset 6444 +#define __NR_landlock_add_rule 6445 +#define __NR_landlock_restrict_self 6446 diff --git a/arch/or1k/bits/syscall.h.in b/arch/or1k/bits/syscall.h.in index 3c60eda..2b5f205 100644 --- a/arch/or1k/bits/syscall.h.in +++ b/arch/or1k/bits/syscall.h.in @@ -318,4 +318,7 @@ #define __NR_process_madvise 440 #define __NR_epoll_pwait2 441 #define __NR_mount_setattr 442 +#define __NR_landlock_create_ruleset 444 +#define __NR_landlock_add_rule 445 +#define __NR_landlock_restrict_self 446 diff --git a/arch/powerpc/bits/syscall.h.in b/arch/powerpc/bits/syscall.h.in index 33e26e4..b1605a5 100644 --- a/arch/powerpc/bits/syscall.h.in +++ b/arch/powerpc/bits/syscall.h.in @@ -422,4 +422,7 @@ #define __NR_process_madvise 440 #define __NR_epoll_pwait2 441 #define __NR_mount_setattr 442 +#define __NR_landlock_create_ruleset 444 +#define __NR_landlock_add_rule 445 +#define __NR_landlock_restrict_self 446 diff --git a/arch/powerpc64/bits/syscall.h.in b/arch/powerpc64/bits/syscall.h.in index 38bb23c..b3a8fba 100644 --- a/arch/powerpc64/bits/syscall.h.in +++ b/arch/powerpc64/bits/syscall.h.in @@ -394,4 +394,7 @@ #define __NR_process_madvise 440 #define __NR_epoll_pwait2 441 #define __NR_mount_setattr 442 +#define __NR_landlock_create_ruleset 444 +#define __NR_landlock_add_rule 445 +#define __NR_landlock_restrict_self 446 diff --git a/arch/riscv64/bits/syscall.h.in b/arch/riscv64/bits/syscall.h.in index a9cbfb5..b534afe 100644 --- a/arch/riscv64/bits/syscall.h.in +++ b/arch/riscv64/bits/syscall.h.in @@ -296,6 +296,9 @@ #define __NR_process_madvise 440 #define __NR_epoll_pwait2 441 #define __NR_mount_setattr 442 +#define __NR_landlock_create_ruleset 444 +#define __NR_landlock_add_rule 445 +#define __NR_landlock_restrict_self 446 #define __NR_sysriscv __NR_arch_specific_syscall #define __NR_riscv_flush_icache (__NR_sysriscv + 15) diff --git a/arch/s390x/bits/syscall.h.in b/arch/s390x/bits/syscall.h.in index 88de514..dfc3847 100644 --- a/arch/s390x/bits/syscall.h.in +++ b/arch/s390x/bits/syscall.h.in @@ -359,4 +359,7 @@ #define __NR_process_madvise 440 #define __NR_epoll_pwait2 441 #define __NR_mount_setattr 442 +#define __NR_landlock_create_ruleset 444 +#define __NR_landlock_add_rule 445 +#define __NR_landlock_restrict_self 446 diff --git a/arch/sh/bits/syscall.h.in b/arch/sh/bits/syscall.h.in index 1a90026..ff14f54 100644 --- a/arch/sh/bits/syscall.h.in +++ b/arch/sh/bits/syscall.h.in @@ -406,4 +406,7 @@ #define __NR_process_madvise 440 #define __NR_epoll_pwait2 441 #define __NR_mount_setattr 442 +#define __NR_landlock_create_ruleset 444 +#define __NR_landlock_add_rule 445 +#define __NR_landlock_restrict_self 446 diff --git a/arch/x32/bits/syscall.h.in b/arch/x32/bits/syscall.h.in index d90cb15..5d22fa1 100644 --- a/arch/x32/bits/syscall.h.in +++ b/arch/x32/bits/syscall.h.in @@ -305,6 +305,9 @@ #define __NR_process_madvise (0x40000000 + 440) #define __NR_epoll_pwait2 (0x40000000 + 441) #define __NR_mount_setattr (0x40000000 + 442) +#define __NR_landlock_create_ruleset (0x40000000 + 444) +#define __NR_landlock_add_rule (0x40000000 + 445) +#define __NR_landlock_restrict_self (0x40000000 + 446) #define __NR_rt_sigaction (0x40000000 + 512) diff --git a/arch/x86_64/bits/syscall.h.in b/arch/x86_64/bits/syscall.h.in index 634e29f..c3882de 100644 --- a/arch/x86_64/bits/syscall.h.in +++ b/arch/x86_64/bits/syscall.h.in @@ -352,4 +352,7 @@ #define __NR_process_madvise 440 #define __NR_epoll_pwait2 441 #define __NR_mount_setattr 442 +#define __NR_landlock_create_ruleset 444 +#define __NR_landlock_add_rule 445 +#define __NR_landlock_restrict_self 446 -- cgit v1.1