bits/syscall.h: add landlock syscalls from linux v5.13

see linux commit a49f4f81cb48925e8d7cbd9e59068f516e984144 arch: Wire up Landlock syscalls linuxcommit 17ae69aba89dbfa2139b7f8024b757ab3cc42f59 Merge tag 'landlock_v34' of ... jmorris/linux-security Landlock provides for unprivileged application sandboxing. The goal of Landlock is to enable to restrict ambient rights (e.g. global filesystem access) for a set of processes. Landlock is inspired by seccomp-bpf but instead of filtering syscalls and their raw arguments, a Landlock rule can restrict the use of kernel objects like file hierarchies, according to the kernel semantic.
2021-07-04 16:34:15 +00:00 · 2021-07-04 16:34:15 +00:00 · ee05b11b67
parent 1ee8109ea0
commit ee05b11b67
16 changed files with 48 additions and 0 deletions
--- a/arch/aarch64/bits/syscall.h.in
+++ b/arch/aarch64/bits/syscall.h.in
@ -296,4 +296,7 @@
 #define __NR_process_madvise	440
 #define __NR_epoll_pwait2	441
 #define __NR_mount_setattr	442
+#define __NR_landlock_create_ruleset	444
+#define __NR_landlock_add_rule	445
+#define __NR_landlock_restrict_self	446

--- a/arch/arm/bits/syscall.h.in
+++ b/arch/arm/bits/syscall.h.in
@ -396,6 +396,9 @@
 #define __NR_process_madvise	440
 #define __NR_epoll_pwait2	441
 #define __NR_mount_setattr	442
+#define __NR_landlock_create_ruleset	444
+#define __NR_landlock_add_rule	445
+#define __NR_landlock_restrict_self	446

 #define __ARM_NR_breakpoint	0x0f0001
 #define __ARM_NR_cacheflush	0x0f0002
--- a/arch/i386/bits/syscall.h.in
+++ b/arch/i386/bits/syscall.h.in
@ -433,4 +433,7 @@
 #define __NR_process_madvise	440
 #define __NR_epoll_pwait2	441
 #define __NR_mount_setattr	442
+#define __NR_landlock_create_ruleset	444
+#define __NR_landlock_add_rule	445
+#define __NR_landlock_restrict_self	446

--- a/arch/m68k/bits/syscall.h.in
+++ b/arch/m68k/bits/syscall.h.in
@ -413,3 +413,6 @@
 #define __NR_process_madvise	440
 #define __NR_epoll_pwait2	441
 #define __NR_mount_setattr	442
+#define __NR_landlock_create_ruleset	444
+#define __NR_landlock_add_rule	445
+#define __NR_landlock_restrict_self	446
--- a/arch/microblaze/bits/syscall.h.in
+++ b/arch/microblaze/bits/syscall.h.in
@ -434,4 +434,7 @@
 #define __NR_process_madvise	440
 #define __NR_epoll_pwait2	441
 #define __NR_mount_setattr	442
+#define __NR_landlock_create_ruleset	444
+#define __NR_landlock_add_rule	445
+#define __NR_landlock_restrict_self	446

--- a/arch/mips/bits/syscall.h.in
+++ b/arch/mips/bits/syscall.h.in
@ -415,4 +415,7 @@
 #define __NR_process_madvise	4440
 #define __NR_epoll_pwait2	4441
 #define __NR_mount_setattr	4442
+#define __NR_landlock_create_ruleset	4444
+#define __NR_landlock_add_rule	4445
+#define __NR_landlock_restrict_self	4446

--- a/arch/mips64/bits/syscall.h.in
+++ b/arch/mips64/bits/syscall.h.in
@ -345,4 +345,7 @@
 #define __NR_process_madvise	5440
 #define __NR_epoll_pwait2	5441
 #define __NR_mount_setattr	5442
+#define __NR_landlock_create_ruleset	5444
+#define __NR_landlock_add_rule	5445
+#define __NR_landlock_restrict_self	5446

--- a/arch/mipsn32/bits/syscall.h.in
+++ b/arch/mipsn32/bits/syscall.h.in
@ -369,4 +369,7 @@
 #define __NR_process_madvise	6440
 #define __NR_epoll_pwait2	6441
 #define __NR_mount_setattr	6442
+#define __NR_landlock_create_ruleset	6444
+#define __NR_landlock_add_rule	6445
+#define __NR_landlock_restrict_self	6446

--- a/arch/or1k/bits/syscall.h.in
+++ b/arch/or1k/bits/syscall.h.in
@ -318,4 +318,7 @@
 #define __NR_process_madvise	440
 #define __NR_epoll_pwait2	441
 #define __NR_mount_setattr	442
+#define __NR_landlock_create_ruleset	444
+#define __NR_landlock_add_rule	445
+#define __NR_landlock_restrict_self	446

--- a/arch/powerpc/bits/syscall.h.in
+++ b/arch/powerpc/bits/syscall.h.in
@ -422,4 +422,7 @@
 #define __NR_process_madvise	440
 #define __NR_epoll_pwait2	441
 #define __NR_mount_setattr	442
+#define __NR_landlock_create_ruleset	444
+#define __NR_landlock_add_rule	445
+#define __NR_landlock_restrict_self	446

--- a/arch/powerpc64/bits/syscall.h.in
+++ b/arch/powerpc64/bits/syscall.h.in
@ -394,4 +394,7 @@
 #define __NR_process_madvise	440
 #define __NR_epoll_pwait2	441
 #define __NR_mount_setattr	442
+#define __NR_landlock_create_ruleset	444
+#define __NR_landlock_add_rule	445
+#define __NR_landlock_restrict_self	446

--- a/arch/riscv64/bits/syscall.h.in
+++ b/arch/riscv64/bits/syscall.h.in
@ -296,6 +296,9 @@
 #define __NR_process_madvise	440
 #define __NR_epoll_pwait2	441
 #define __NR_mount_setattr	442
+#define __NR_landlock_create_ruleset	444
+#define __NR_landlock_add_rule	445
+#define __NR_landlock_restrict_self	446

 #define __NR_sysriscv __NR_arch_specific_syscall
 #define __NR_riscv_flush_icache (__NR_sysriscv + 15)
--- a/arch/s390x/bits/syscall.h.in
+++ b/arch/s390x/bits/syscall.h.in
@ -359,4 +359,7 @@
 #define __NR_process_madvise	440
 #define __NR_epoll_pwait2	441
 #define __NR_mount_setattr	442
+#define __NR_landlock_create_ruleset	444
+#define __NR_landlock_add_rule	445
+#define __NR_landlock_restrict_self	446

--- a/arch/sh/bits/syscall.h.in
+++ b/arch/sh/bits/syscall.h.in
@ -406,4 +406,7 @@
 #define __NR_process_madvise	440
 #define __NR_epoll_pwait2	441
 #define __NR_mount_setattr	442
+#define __NR_landlock_create_ruleset	444
+#define __NR_landlock_add_rule	445
+#define __NR_landlock_restrict_self	446

--- a/arch/x32/bits/syscall.h.in
+++ b/arch/x32/bits/syscall.h.in
@ -305,6 +305,9 @@
 #define __NR_process_madvise	(0x40000000 + 440)
 #define __NR_epoll_pwait2	(0x40000000 + 441)
 #define __NR_mount_setattr	(0x40000000 + 442)
+#define __NR_landlock_create_ruleset	(0x40000000 + 444)
+#define __NR_landlock_add_rule	(0x40000000 + 445)
+#define __NR_landlock_restrict_self	(0x40000000 + 446)


 #define __NR_rt_sigaction (0x40000000 + 512)
--- a/arch/x86_64/bits/syscall.h.in
+++ b/arch/x86_64/bits/syscall.h.in
@ -352,4 +352,7 @@
 #define __NR_process_madvise	440
 #define __NR_epoll_pwait2	441
 #define __NR_mount_setattr	442
+#define __NR_landlock_create_ruleset	444
+#define __NR_landlock_add_rule	445
+#define __NR_landlock_restrict_self	446