MR: https://gitlab.com/redhat/centos-stream/src/kernel/centos-stream-9/-/merge_requests/5490
JIRA: https://issues.redhat.com/browse/RHEL-8810
Depends on: https://gitlab.com/cki-project/kernel-ark/-/merge_requests/3454
Landlock allows unprivileged user processes to build security sandboxes. It is used by various user-space programs so it's beneficial to enable it also for RHEL users. This backport moves landlock in line with Linux v6.10-rc1, as further improvements will require more extensive backports to the Linux filesystem.
Requested by Mickaël Salaün <mic@digikod.net> during LPC this year.
Omitted-fix: 39ba2b9ac6fd ("ubifs: add support for FS_IOC_GETFSSYSFSPATH")
Omitted-fix: 9e3f1c593675 ("selftests/move_mount_set_group:Make tests build with old libc")
Omitted-fix: 4cfa8a873d3e ("tools/include: Sync uapi/linux/fs.h with the kernel sources")
Omitted-fix: 54a6e6bbf3be ("landlock: Add signal scoping")
Signed-off-by: Ryan Sullivan <rysulliv@redhat.com>
Approved-by: Marcelo Ricardo Leitner <mleitner@redhat.com>
Approved-by: Ondrej Mosnáček <omosnacek@gmail.com>
Approved-by: Wander Lairson Costa <wander@redhat.com>
Approved-by: Ricardo Robaina <rrobaina@redhat.com>
Approved-by: CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com>
Merged-by: Patrick Talbert <ptalbert@redhat.com>
9039cec1ed