Bug#999551: Support Landlock by default in Debian kernels

2022-03-30 Thread Brad Tilley
I support enabling this in default Debian kernels. It would allow application developers to use landlock sandboxing while developing programs. By not enabling it, developers have to build custom kernels and ask that their customers do this as well to run landlock protected programs. It should not

Bug#999551: Support Landlock by default in Debian kernels

2021-11-12 Thread Mickaël Salaün
On 12/11/2021 13:34, Yves-Alexis Perez wrote: > Hey Mickaël, kernel team, > > On Fri, 2021-11-12 at 12:23 +0100, Mickaël Salaün wrote: >> - >> CONFIG_LSM="lockdown,yama,loadpin,safesetid,integrity,apparmor,selinux,smack >> ,to >> moyo" >> +CONFIG_LSM="landlock,lockdown,yama,loadpin,safesetid,int

Bug#999551: Support Landlock by default in Debian kernels

2021-11-12 Thread Mickaël Salaün
On 12/11/2021 13:45, Bastian Blank wrote: > Control: tag -1 wontfix > > On Fri, Nov 12, 2021 at 12:23:13PM +0100, Mickaël Salaün wrote: >> The Landlock security feature is built in Debian kernel since >> 5.13.12-1~exp1 which is great! However, it is not enough to enable the >> CONFIG_SECURITY_L

Processed: Re: Bug#999551: Support Landlock by default in Debian kernels

2021-11-12 Thread Debian Bug Tracking System
Processing control commands: > tag -1 wontfix Bug #999551 [src:linux] Support Landlock by default in Debian kernels Added tag(s) wontfix. -- 999551: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999551 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems

Bug#999551: Support Landlock by default in Debian kernels

2021-11-12 Thread Bastian Blank
Control: tag -1 wontfix On Fri, Nov 12, 2021 at 12:23:13PM +0100, Mickaël Salaün wrote: > The Landlock security feature is built in Debian kernel since > 5.13.12-1~exp1 which is great! However, it is not enough to enable the > CONFIG_SECURITY_LANDLOCK option as described in the related help. The

Bug#999551: Support Landlock by default in Debian kernels

2021-11-12 Thread Yves-Alexis Perez
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hey Mickaël, kernel team, On Fri, 2021-11-12 at 12:23 +0100, Mickaël Salaün wrote: > - > CONFIG_LSM="lockdown,yama,loadpin,safesetid,integrity,apparmor,selinux,smack > ,to > moyo" > +CONFIG_LSM="landlock,lockdown,yama,loadpin,safesetid,integrity,app

Bug#999551: Support Landlock by default in Debian kernels

2021-11-12 Thread Mickaël Salaün
Package: src:linux Version: 5.14.16-1 Severity: normal Tags: patch X-Debbugs-Cc: landl...@lists.linux.dev Hi, The Landlock security feature is built in Debian kernel since 5.13.12-1~exp1 which is great! However, it is not enough to enable the CONFIG_SECURITY_LANDLOCK option as described in the r