bits/syscall.h: add landlock syscalls from linux v5.13

see

  linux commit a49f4f81cb48925e8d7cbd9e59068f516e984144
  arch: Wire up Landlock syscalls

  linuxcommit 17ae69aba89dbfa2139b7f8024b757ab3cc42f59
  Merge tag 'landlock_v34' of ... jmorris/linux-security

Landlock provides for unprivileged application sandboxing. The goal of
Landlock is to enable to restrict ambient rights (e.g. global filesystem
access) for a set of processes. Landlock is inspired by seccomp-bpf but
instead of filtering syscalls and their raw arguments, a Landlock rule
can restrict the use of kernel objects like file hierarchies, according
to the kernel semantic.

diff --git a/arch/aarch64/bits/syscall.h.in b/arch/aarch64/bits/syscall.h.in
index 037da21..5f420e6 100644 (file)
--- a/arch/aarch64/bits/syscall.h.in
+++ b/arch/aarch64/bits/syscall.h.in
@@ -296,4 +296,7 @@
 #define __NR_process_madvise   440
 #define __NR_epoll_pwait2      441
 #define __NR_mount_setattr     442
+#define __NR_landlock_create_ruleset   444
+#define __NR_landlock_add_rule 445
+#define __NR_landlock_restrict_self    446
 

diff --git a/arch/arm/bits/syscall.h.in b/arch/arm/bits/syscall.h.in
index 8919137..048fdea 100644 (file)
--- a/arch/arm/bits/syscall.h.in
+++ b/arch/arm/bits/syscall.h.in
@@ -396,6 +396,9 @@
 #define __NR_process_madvise   440
 #define __NR_epoll_pwait2      441
 #define __NR_mount_setattr     442
+#define __NR_landlock_create_ruleset   444
+#define __NR_landlock_add_rule 445
+#define __NR_landlock_restrict_self    446
 
 #define __ARM_NR_breakpoint    0x0f0001
 #define __ARM_NR_cacheflush    0x0f0002

diff --git a/arch/i386/bits/syscall.h.in b/arch/i386/bits/syscall.h.in
index 4c04ea8..46ffe1d 100644 (file)
--- a/arch/i386/bits/syscall.h.in
+++ b/arch/i386/bits/syscall.h.in
@@ -433,4 +433,7 @@
 #define __NR_process_madvise   440
 #define __NR_epoll_pwait2      441
 #define __NR_mount_setattr     442
+#define __NR_landlock_create_ruleset   444
+#define __NR_landlock_add_rule 445
+#define __NR_landlock_restrict_self    446
 

diff --git a/arch/m68k/bits/syscall.h.in b/arch/m68k/bits/syscall.h.in
index 136775b..a0c6332 100644 (file)
--- a/arch/m68k/bits/syscall.h.in
+++ b/arch/m68k/bits/syscall.h.in
@@ -413,3 +413,6 @@
 #define __NR_process_madvise   440
 #define __NR_epoll_pwait2      441
 #define __NR_mount_setattr     442
+#define __NR_landlock_create_ruleset   444
+#define __NR_landlock_add_rule 445
+#define __NR_landlock_restrict_self    446

diff --git a/arch/microblaze/bits/syscall.h.in b/arch/microblaze/bits/syscall.h.in
index 10f27ab..931d791 100644 (file)
--- a/arch/microblaze/bits/syscall.h.in
+++ b/arch/microblaze/bits/syscall.h.in
@@ -434,4 +434,7 @@
 #define __NR_process_madvise   440
 #define __NR_epoll_pwait2      441
 #define __NR_mount_setattr     442
+#define __NR_landlock_create_ruleset   444
+#define __NR_landlock_add_rule 445
+#define __NR_landlock_restrict_self    446
 

diff --git a/arch/mips/bits/syscall.h.in b/arch/mips/bits/syscall.h.in
index 1d0deed..63e3503 100644 (file)
--- a/arch/mips/bits/syscall.h.in
+++ b/arch/mips/bits/syscall.h.in
@@ -415,4 +415,7 @@
 #define __NR_process_madvise   4440
 #define __NR_epoll_pwait2      4441
 #define __NR_mount_setattr     4442
+#define __NR_landlock_create_ruleset   4444
+#define __NR_landlock_add_rule 4445
+#define __NR_landlock_restrict_self    4446
 

diff --git a/arch/mips64/bits/syscall.h.in b/arch/mips64/bits/syscall.h.in
index b1b83f5..b89965d 100644 (file)
--- a/arch/mips64/bits/syscall.h.in
+++ b/arch/mips64/bits/syscall.h.in
@@ -345,4 +345,7 @@
 #define __NR_process_madvise   5440
 #define __NR_epoll_pwait2      5441
 #define __NR_mount_setattr     5442
+#define __NR_landlock_create_ruleset   5444
+#define __NR_landlock_add_rule 5445
+#define __NR_landlock_restrict_self    5446
 

diff --git a/arch/mipsn32/bits/syscall.h.in b/arch/mipsn32/bits/syscall.h.in
index bfaa080..bb2d04a 100644 (file)
--- a/arch/mipsn32/bits/syscall.h.in
+++ b/arch/mipsn32/bits/syscall.h.in
@@ -369,4 +369,7 @@
 #define __NR_process_madvise   6440
 #define __NR_epoll_pwait2      6441
 #define __NR_mount_setattr     6442
+#define __NR_landlock_create_ruleset   6444
+#define __NR_landlock_add_rule 6445
+#define __NR_landlock_restrict_self    6446
 

diff --git a/arch/or1k/bits/syscall.h.in b/arch/or1k/bits/syscall.h.in
index 3c60eda..2b5f205 100644 (file)
--- a/arch/or1k/bits/syscall.h.in
+++ b/arch/or1k/bits/syscall.h.in
@@ -318,4 +318,7 @@
 #define __NR_process_madvise   440
 #define __NR_epoll_pwait2      441
 #define __NR_mount_setattr     442
+#define __NR_landlock_create_ruleset   444
+#define __NR_landlock_add_rule 445
+#define __NR_landlock_restrict_self    446
 

diff --git a/arch/powerpc/bits/syscall.h.in b/arch/powerpc/bits/syscall.h.in
index 33e26e4..b1605a5 100644 (file)
--- a/arch/powerpc/bits/syscall.h.in
+++ b/arch/powerpc/bits/syscall.h.in
@@ -422,4 +422,7 @@
 #define __NR_process_madvise   440
 #define __NR_epoll_pwait2      441
 #define __NR_mount_setattr     442
+#define __NR_landlock_create_ruleset   444
+#define __NR_landlock_add_rule 445
+#define __NR_landlock_restrict_self    446
 

diff --git a/arch/powerpc64/bits/syscall.h.in b/arch/powerpc64/bits/syscall.h.in
index 38bb23c..b3a8fba 100644 (file)
--- a/arch/powerpc64/bits/syscall.h.in
+++ b/arch/powerpc64/bits/syscall.h.in
@@ -394,4 +394,7 @@
 #define __NR_process_madvise   440
 #define __NR_epoll_pwait2      441
 #define __NR_mount_setattr     442
+#define __NR_landlock_create_ruleset   444
+#define __NR_landlock_add_rule 445
+#define __NR_landlock_restrict_self    446
 

diff --git a/arch/riscv64/bits/syscall.h.in b/arch/riscv64/bits/syscall.h.in
index a9cbfb5..b534afe 100644 (file)
--- a/arch/riscv64/bits/syscall.h.in
+++ b/arch/riscv64/bits/syscall.h.in
@@ -296,6 +296,9 @@
 #define __NR_process_madvise   440
 #define __NR_epoll_pwait2      441
 #define __NR_mount_setattr     442
+#define __NR_landlock_create_ruleset   444
+#define __NR_landlock_add_rule 445
+#define __NR_landlock_restrict_self    446
 
 #define __NR_sysriscv __NR_arch_specific_syscall
 #define __NR_riscv_flush_icache (__NR_sysriscv + 15)

diff --git a/arch/s390x/bits/syscall.h.in b/arch/s390x/bits/syscall.h.in
index 88de514..dfc3847 100644 (file)
--- a/arch/s390x/bits/syscall.h.in
+++ b/arch/s390x/bits/syscall.h.in
@@ -359,4 +359,7 @@
 #define __NR_process_madvise   440
 #define __NR_epoll_pwait2      441
 #define __NR_mount_setattr     442
+#define __NR_landlock_create_ruleset   444
+#define __NR_landlock_add_rule 445
+#define __NR_landlock_restrict_self    446
 

diff --git a/arch/sh/bits/syscall.h.in b/arch/sh/bits/syscall.h.in
index 1a90026..ff14f54 100644 (file)
--- a/arch/sh/bits/syscall.h.in
+++ b/arch/sh/bits/syscall.h.in
@@ -406,4 +406,7 @@
 #define __NR_process_madvise   440
 #define __NR_epoll_pwait2      441
 #define __NR_mount_setattr     442
+#define __NR_landlock_create_ruleset   444
+#define __NR_landlock_add_rule 445
+#define __NR_landlock_restrict_self    446
 

diff --git a/arch/x32/bits/syscall.h.in b/arch/x32/bits/syscall.h.in
index d90cb15..5d22fa1 100644 (file)
--- a/arch/x32/bits/syscall.h.in
+++ b/arch/x32/bits/syscall.h.in
@@ -305,6 +305,9 @@
 #define __NR_process_madvise   (0x40000000 + 440)
 #define __NR_epoll_pwait2      (0x40000000 + 441)
 #define __NR_mount_setattr     (0x40000000 + 442)
+#define __NR_landlock_create_ruleset   (0x40000000 + 444)
+#define __NR_landlock_add_rule (0x40000000 + 445)
+#define __NR_landlock_restrict_self    (0x40000000 + 446)
 
 
 #define __NR_rt_sigaction (0x40000000 + 512)

diff --git a/arch/x86_64/bits/syscall.h.in b/arch/x86_64/bits/syscall.h.in
index 634e29f..c3882de 100644 (file)
--- a/arch/x86_64/bits/syscall.h.in
+++ b/arch/x86_64/bits/syscall.h.in
@@ -352,4 +352,7 @@
 #define __NR_process_madvise   440
 #define __NR_epoll_pwait2      441
 #define __NR_mount_setattr     442
+#define __NR_landlock_create_ruleset   444
+#define __NR_landlock_add_rule 445
+#define __NR_landlock_restrict_self    446