Question about using Landlock

["Marek Küthe" <m.k@mk16.de>]

[-- Attachment #1: Type: text/plain, Size: 3232 bytes --]

Hello,

I would like to use Landlock in my program to improve security under
Linux. I have a few questions about this:

1. The documentation uses the Landlock functions without syscall. [1]
For example, `landlock_create_ruleset` instead of `int
syscall(SYS_landlock_create_ruleset, ...)`. In which header file are
these landlock_* functions declared? My compiler says it cannot find
them. As a workaround, I currently check whether these functions exist
when configuring the project [2], and if not, I create them [3].
However, this workaround also has problems: syscall returns a long and
the Landlock functions return int, which means I have to perform a
conversion, but there is a possible loss of information from long to
int.

2. I don't quite understand how to add rules to Lockland's rule set.
When accessing the file system, I'm supposed to specify the fd of the
file, but then I already have that file open. And that's exactly what
Lockland is supposed to control. Another problem is that I work with
several libraries: for example, `yaml-cpp` to read my configuration
file, `libtuntap` to create a TAP device, and boost.asio to read and
write from this TAP device. These libraries create files without me
controlling this with my own syscall. How could I integrate Lockland
there?

For example, I create the TAP device (before Lockland controls it) and
then try to restrict access with Lockland. [4] However, I am unsure
whether I am using Lockland correctly.
```
tun_tap dev(config.get_device_name(), tun_tap_mode::tap);
[...]
landlock_ruleset_loop.add_path_beneath_rule(LANDLOCK_ACCESS_FS_WRITE_FILE
| LANDLOCK_ACCESS_FS_READ_FILE | LANDLOCK_ACCESS_FS_IOCTL_DEV,
dev.native_handler());
landlock_ruleset_loop.restrict_self();
[...]
const Crazytrace ct(io.get_executor(), ::dup(dev.native_handler()),
nodecontainer);
io.run();
```

3. Lockland introduces scoped access control starting with ABI 6. To
avoid getting warnings from the compiler (and linter), I need to know
whether the struct landlock_ruleset_attr has scoped access control or
not when programming. Since I only want to support the case where this
is true, I would like to check the ABI version at compile time and
generate a more meaningful error. How can I check the ABI version at
compile time? Is there a macro for this?
Currently, I am using a check to see if the compiler can compile the
struct with `scoped`. [5] However, I don't think this is very elegant.

I hope it's okay for me, as a landlocked newbie, to ask questions like
this here. In any case, I would really appreciate any answers!

Best regards,
Marek Küthe

[1] https://docs.kernel.org/userspace-api/landlock.html
[2]
https://codeberg.org/mark22k/crazytrace/src/commit/c9b3a0e51fadece1228f1f92522dccf0115df84d/meson.build#L101
[3]
https://codeberg.org/mark22k/crazytrace/src/commit/c9b3a0e51fadece1228f1f92522dccf0115df84d/src/landlock.hpp#L14
[4]
https://codeberg.org/mark22k/crazytrace/src/commit/c9b3a0e51fadece1228f1f92522dccf0115df84d/src/main.cpp#L163
[5]
https://codeberg.org/mark22k/crazytrace/src/commit/2580137d0d57b7261bd0e22e11853e9e75c2c2a7/meson.build#L122

-- 
Marek Küthe
m.k@mk16.de
er/ihm he/him

[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 833 bytes --]