From: Simon Horman <horms@kernel.org>
To: Tahera Fahimi <fahimitahera@gmail.com>
Cc: "Mickaël Salaün" <mic@digikod.net>,
"Günther Noack" <gnoack@google.com>,
linux-security-module@vger.kernel.org,
linux-kernel@vger.kernel.org, "Paul Moore" <paul@paul-moore.com>,
"James Morris" <jmorris@namei.org>,
"Serge E. Hallyn" <serge@hallyn.com>,
"Björn Roy Baron" <bjorn3_gh@protonmail.com>,
"Jann Horn" <jannh@google.com>,
"netdev@vger.kernel.org" <netdev@vger.kernel.org>,
outreachy@lists.linux.dev
Subject: Re: [PATCH v3] landlock: Add abstract unix socket connect restriction
Date: Fri, 7 Jun 2024 14:24:10 +0100 [thread overview]
Message-ID: <20240607132410.GC27689@kernel.org> (raw)
In-Reply-To: <ZmE8u1LV6aOWV9tB@tahera-OptiPlex-5000>
On Wed, Jun 05, 2024 at 10:36:11PM -0600, Tahera Fahimi wrote:
> Abstract unix sockets are used for local inter-process communications
> without on a filesystem. Currently a sandboxed process can connect to a
> socket outside of the sandboxed environment, since landlock has no
> restriction for connecting to a unix socket in the abstract namespace.
> Access to such sockets for a sandboxed process should be scoped the same
> way ptrace is limited.
>
> Because of compatibility reasons and since landlock should be flexible,
> we extend the user space interface by adding a new "scoped" field. This
> field optionally contains a "LANDLOCK_SCOPED_ABSTRACT_UNIX_SOCKET" to
> specify that the ruleset will deny any connection from within the
> sandbox to its parents(i.e. any parent sandbox or non-sandbox processes)
>
> Closes: https://github.com/landlock-lsm/linux/issues/7
>
> Signed-off-by: Tahera Fahimi <fahimitahera@gmail.com>
...
> diff --git a/include/uapi/linux/landlock.h b/include/uapi/linux/landlock.h
> index 68625e728f43..1641aeb9eeaa 100644
> --- a/include/uapi/linux/landlock.h
> +++ b/include/uapi/linux/landlock.h
> @@ -37,6 +37,12 @@ struct landlock_ruleset_attr {
> * rule explicitly allow them.
> */
> __u64 handled_access_net;
> + /**
> + * scoped: Bitmask of actions (cf. `Scope access flags`_)
nit: s/scoped: /@scoped: /
Flagged by ./scripts/kernel-doc -none
> + * that is handled by this ruleset and should be permitted
> + * by default if no rule explicitly deny them.
> + */
> + __u64 scoped;
> };
>
> /*
...
next prev parent reply other threads:[~2024-06-07 13:24 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-06-06 4:36 [PATCH v3] landlock: Add abstract unix socket connect restriction Tahera Fahimi
2024-06-06 15:56 ` Mickaël Salaün
2024-06-07 13:24 ` Simon Horman [this message]
-- strict thread matches above, loose matches on Subject: below --
2024-06-06 23:44 Tahera Fahimi
2024-06-07 8:28 ` Günther Noack
2024-06-07 19:41 ` Tahera Fahimi
2024-06-10 16:36 ` Mickaël Salaün
2024-06-10 21:49 ` Jann Horn
2024-06-11 8:19 ` Mickaël Salaün
2024-06-10 22:27 ` Jann Horn
2024-06-11 8:19 ` Mickaël Salaün
2024-06-14 20:04 ` Günther Noack
2024-06-11 21:06 ` Tahera Fahimi
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240607132410.GC27689@kernel.org \
--to=horms@kernel.org \
--cc=bjorn3_gh@protonmail.com \
--cc=fahimitahera@gmail.com \
--cc=gnoack@google.com \
--cc=jannh@google.com \
--cc=jmorris@namei.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=mic@digikod.net \
--cc=netdev@vger.kernel.org \
--cc=outreachy@lists.linux.dev \
--cc=paul@paul-moore.com \
--cc=serge@hallyn.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.