| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
| |
Add IOCTL support to the Landlock sample tool.
The IOCTL right is grouped with the read-write rights in the sample
tool, as some IOCTL requests provide features that mutate state.
Signed-off-by: Günther Noack <gnoack@google.com>
Link: https://lore.kernel.org/r/20240419161122.2023765-9-gnoack@google.com
Signed-off-by: Mickaël Salaün <mic@digikod.net>
|
|
|
|
|
|
|
|
|
|
|
| |
Pointer env_port_name changes after strsep(). Memory allocated via
strdup() will not be freed if landlock_add_rule() returns non-zero value.
Fixes: 5e990dcef12e ("samples/landlock: Support TCP restrictions")
Signed-off-by: Ivanov Mikhail <ivanov.mikhail1@huawei-partners.com>
Reviewed-by: Konstantin Meskhidze <konstantin.meskhidze@huawei.com>
Link: https://lore.kernel.org/r/20240326095625.3576164-1-ivanov.mikhail1@huawei-partners.com
Signed-off-by: Mickaël Salaün <mic@digikod.net>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Instead of creating a hard error and aborting the sandbox creation,
accept file path not usable in the LL_FS_RO and LL_FS_RW environment
variables but only print a warning. This makes it easier to test, for
instance with LL_FS_RO="${PATH}:/usr/lib:/lib"
Print that we are going to execute the command in the sandbox before
doing so.
Rename "launch" to "execute", and improve header description.
Reviewed-by: Günther Noack <gnoack@google.com>
Link: https://lore.kernel.org/r/20240307143849.1517218-1-mic@digikod.net
[mic: Improve header description as suggested by Günther]
Signed-off-by: Mickaël Salaün <mic@digikod.net>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add TCP restrictions to the sandboxer demo. It's possible to allow a
sandboxer to bind/connect to a list of specified ports restricting
network actions to the rest of them. This is controlled with the new
LL_TCP_BIND and LL_TCP_CONNECT environment variables.
Rename ENV_PATH_TOKEN to ENV_DELIMITER.
Signed-off-by: Konstantin Meskhidze <konstantin.meskhidze@huawei.com>
Link: https://lore.kernel.org/r/20231026014751.414649-12-konstantin.meskhidze@huawei.com
[mic: Extend commit message]
Signed-off-by: Mickaël Salaün <mic@digikod.net>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add a comment to clarify how to handle best-effort backwards
compatibility for LANDLOCK_ACCESS_FS_REFER.
The "refer" access is special because these operations are always
forbidden in ABI 1, unlike most other operations, which are permitted
when using Landlock ABI levels where they are not supported yet.
Signed-off-by: Günther Noack <gnoack3000@gmail.com>
Link: https://lore.kernel.org/r/20221107181651.4555-1-gnoack3000@gmail.com
Signed-off-by: Mickaël Salaün <mic@digikod.net>
|
|
|
|
|
|
|
|
|
|
|
| |
Update the sandboxer sample to restrict truncate actions. This is
automatically enabled by default if the running kernel supports
LANDLOCK_ACCESS_FS_TRUNCATE, except for the paths listed in the
LL_FS_RW environment variable.
Signed-off-by: Günther Noack <gnoack3000@gmail.com>
Link: https://lore.kernel.org/r/20221018182216.301684-11-gnoack3000@gmail.com
Signed-off-by: Mickaël Salaün <mic@digikod.net>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Extend the help with the latest Landlock ABI version supported by the
sandboxer.
Inform users about the sandboxer or the kernel not being up-to-date.
Make the version check code easier to update and harder to misuse.
Cc: Paul Moore <paul@paul-moore.com>
Signed-off-by: Mickaël Salaün <mic@digikod.net>
Reviewed-by: Günther Noack <gnoack3000@gmail.com>
Link: https://lore.kernel.org/r/20220923154207.3311629-2-mic@digikod.net
|
|
|
|
|
|
|
|
|
|
| |
Add LANDLOCK_ACCESS_FS_REFER to the "roughly write" access rights and
leverage the Landlock ABI version to only try to enforce it if it is
supported by the running kernel.
Reviewed-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: Mickaël Salaün <mic@digikod.net>
Link: https://lore.kernel.org/r/20220506161102.525323-10-mic@digikod.net
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Let's follow a consistent and documented coding style. Everything may
not be to our liking but it is better than tacit knowledge. Moreover,
this will help maintain style consistency between different developers.
This contains only whitespace changes.
Automatically formatted with:
clang-format-14 -i samples/landlock/*.[ch]
Link: https://lore.kernel.org/r/20220506160513.523257-8-mic@digikod.net
Cc: stable@vger.kernel.org
Signed-off-by: Mickaël Salaün <mic@digikod.net>
|
|
|
|
|
|
|
|
|
|
|
| |
In preparation to a following commit, add clang-format on and
clang-format off stanzas around constant definitions. This enables to
keep aligned values, which is much more readable than packed
definitions.
Link: https://lore.kernel.org/r/20220506160513.523257-7-mic@digikod.net
Cc: stable@vger.kernel.org
Signed-off-by: Mickaël Salaün <mic@digikod.net>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Clang static analysis reports this error
sandboxer.c:134:8: warning: Potential leak of memory
pointed to by 'path_list'
ret = 0;
^
path_list is allocated in parse_path() but never freed.
Signed-off-by: Tom Rix <trix@redhat.com>
Link: https://lore.kernel.org/r/20210428213852.2874324-1-trix@redhat.com
Cc: stable@vger.kernel.org
Signed-off-by: Mickaël Salaün <mic@linux.microsoft.com>
|
|
Add a basic sandbox tool to launch a command which can only access a
list of file hierarchies in a read-only or read-write way.
Cc: James Morris <jmorris@namei.org>
Cc: Serge E. Hallyn <serge@hallyn.com>
Signed-off-by: Mickaël Salaün <mic@linux.microsoft.com>
Reviewed-by: Jann Horn <jannh@google.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
Link: https://lore.kernel.org/r/20210422154123.13086-12-mic@digikod.net
Signed-off-by: James Morris <jamorris@linux.microsoft.com>
|