path: root/security/landlock/ptrace.h
diff options
authorMickaël Salaün <>2021-04-22 17:41:14 +0200
committerJames Morris <>2021-04-22 12:22:10 -0700
commitafe81f754117dd96853677c5cb815f49abef0ba0 (patch)
tree9c89ace4b459dece96d08922e6ae9be04bf22091 /security/landlock/ptrace.h
parent385975dca53eb41031d0cbd1de318eb1bc5d6bb9 (diff)
landlock: Add ptrace restrictions
Using ptrace(2) and related debug features on a target process can lead to a privilege escalation. Indeed, ptrace(2) can be used by an attacker to impersonate another task and to remain undetected while performing malicious activities. Thanks to ptrace_may_access(), various part of the kernel can check if a tracer is more privileged than a tracee. A landlocked process has fewer privileges than a non-landlocked process and must then be subject to additional restrictions when manipulating processes. To be allowed to use ptrace(2) and related syscalls on a target process, a landlocked process must have a subset of the target process's rules (i.e. the tracee must be in a sub-domain of the tracer). Cc: James Morris <> Signed-off-by: Mickaël Salaün <> Reviewed-by: Jann Horn <> Acked-by: Serge Hallyn <> Reviewed-by: Kees Cook <> Link: Signed-off-by: James Morris <>
Diffstat (limited to 'security/landlock/ptrace.h')
1 files changed, 14 insertions, 0 deletions
diff --git a/security/landlock/ptrace.h b/security/landlock/ptrace.h
new file mode 100644
index 000000000000..265b220ae3bf
--- /dev/null
+++ b/security/landlock/ptrace.h
@@ -0,0 +1,14 @@
+/* SPDX-License-Identifier: GPL-2.0-only */
+ * Landlock LSM - Ptrace hooks
+ *
+ * Copyright © 2017-2019 Mickaël Salaün <>
+ * Copyright © 2019 ANSSI
+ */
+__init void landlock_add_ptrace_hooks(void);