Linux cgroups development
 help / color / mirror / Atom feed
From: "Mickaël Salaün" <mic@digikod.net>
To: "Mickaël Salaün" <mic@digikod.net>,
	"Andy Lutomirski" <luto@amacapital.net>
Cc: "linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
	Alexei Starovoitov <ast@kernel.org>,
	Arnd Bergmann <arnd@arndb.de>,
	Casey Schaufler <casey@schaufler-ca.com>,
	Daniel Borkmann <daniel@iogearbox.net>,
	Daniel Mack <daniel@zonque.org>,
	David Drysdale <drysdale@google.com>,
	"David S . Miller" <davem@davemloft.net>,
	Elena Reshetova <elena.reshetova@intel.com>,
	James Morris <james.l.morris@oracle.com>,
	Kees Cook <keescook@chromium.org>, Paul Moore <pmoore@redhat.com>,
	Sargun Dhillon <sargun@sargun.me>,
	"Serge E . Hallyn" <serge@hallyn.com>,
	Will Drewry <wad@chromium.org>,
	Kernel Hardening <kernel-hardening@lists.openwall.com>,
	Linux API <linux-api@vger.kernel.org>,
	LSM List <linux-security-module@vger.kernel.org>,
	Network Development <netdev@vger.kernel.org>
Subject: Re: [RFC v2 00/10] Landlock LSM: Unprivileged sandboxing (cgroup delegation)
Date: Sat, 27 Aug 2016 17:21:39 +0200	[thread overview]
Message-ID: <57C1B003.1030608@digikod.net> (raw)
In-Reply-To: <57C1AD75.8070304@digikod.net>


[-- Attachment #1.1: Type: text/plain, Size: 1324 bytes --]

Cc Tejun and the cgroups ML.

On 27/08/2016 17:10, Mickaël Salaün wrote:
> On 27/08/2016 09:40, Andy Lutomirski wrote:
>> On Thu, Aug 25, 2016 at 3:32 AM, Mickaël Salaün <mic@digikod.net> wrote:
>>>
>>> # Sandbox example with conditional access control depending on cgroup
>>>
>>>   $ mkdir /sys/fs/cgroup/sandboxed
>>>   $ ls /home
>>>   user1
>>>   $ LANDLOCK_CGROUPS='/sys/fs/cgroup/sandboxed' \
>>>       LANDLOCK_ALLOWED='/bin:/lib:/usr:/tmp:/proc/self/fd/0' \
>>>       ./sandbox /bin/sh -i
>>>   $ ls /home
>>>   user1
>>>   $ echo $$ > /sys/fs/cgroup/sandboxed/cgroup.procs
>>>   $ ls /home
>>>   ls: cannot open directory '/home': Permission denied
>>>
>>
>> Something occurs to me that isn't strictly relevant to landlock but
>> may be relevant to unprivileged cgroups: can you cause trouble by
>> setting up a nastily-configured cgroup and running a setuid program in
>> it?
>>
> 
> I hope not… But the use of cgroups should not be mandatory for Landlock.
> 

In a previous email:

On 26/08/2016 17:50, Tejun Heo wrote:
> I haven't looked in detail but in general I'm not too excited about
> layering security mechanism on top of cgroup.  Maybe it makes some
> sense when security domain coincides with resource domains but at any
> rate please keep me in the loop.



[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 455 bytes --]

      parent reply	other threads:[~2016-08-27 15:21 UTC|newest]

Thread overview: 27+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <1472121165-29071-1-git-send-email-mic@digikod.net>
     [not found] ` <1472121165-29071-10-git-send-email-mic@digikod.net>
     [not found]   ` <CALCETrVqfTaY4gfwNdwynBqWwYh6xsGHaqdoA3uc_jHogbkA-A@mail.gmail.com>
2016-08-25 14:44     ` [RFC v2 09/10] landlock: Handle cgroups Mickaël Salaün
2016-08-26 12:55       ` Tejun Heo
2016-08-26 14:20       ` Andy Lutomirski
2016-08-26 15:50         ` Tejun Heo
     [not found]   ` <20160826021432.GA8291@ast-mbp.thefacebook.com>
2016-08-26 15:10     ` Mickaël Salaün
2016-08-26 23:05       ` Alexei Starovoitov
     [not found]         ` <20160826230539.GA26683-+o4/htvd0TDFYCXBM6kdu7fOX0fSgVTm@public.gmane.org>
2016-08-27  7:30           ` Andy Lutomirski
2016-08-27 18:11             ` Alexei Starovoitov
     [not found]               ` <20160827181153.GB38754-+o4/htvd0TDFYCXBM6kdu7fOX0fSgVTm@public.gmane.org>
2016-08-28  8:14                 ` Andy Lutomirski
2016-08-27 14:06         ` [RFC v2 09/10] landlock: Handle cgroups (performance) Mickaël Salaün
     [not found]           ` <57C19E6E.6040908-WFhQfpSGs3bR7s880joybQ@public.gmane.org>
2016-08-27 18:06             ` Alexei Starovoitov
2016-08-27 19:35               ` Mickaël Salaün
     [not found]                 ` <57C1EB72.2050703-WFhQfpSGs3bR7s880joybQ@public.gmane.org>
2016-08-27 20:43                   ` Alexei Starovoitov
2016-08-27 21:14                     ` Mickaël Salaün
2016-08-28  8:13                       ` Andy Lutomirski
2016-08-28  9:42                         ` Mickaël Salaün
2016-08-30 18:55                           ` Andy Lutomirski
2016-08-30 20:20                             ` Mickaël Salaün
     [not found]                               ` <57C5EAA3.5090901-WFhQfpSGs3bR7s880joybQ@public.gmane.org>
2016-08-30 20:23                                 ` Andy Lutomirski
2016-08-30 20:33                                   ` Mickaël Salaün
     [not found]                                     ` <57C5ED9B.3040303-WFhQfpSGs3bR7s880joybQ@public.gmane.org>
2016-08-30 20:55                                       ` Alexei Starovoitov
     [not found]                                         ` <20160830205552.GB71063-+o4/htvd0TDFYCXBM6kdu7fOX0fSgVTm@public.gmane.org>
2016-08-30 21:45                                           ` Andy Lutomirski
2016-08-31  1:36                                             ` Alexei Starovoitov
     [not found]                                               ` <20160831013605.GB75654-+o4/htvd0TDFYCXBM6kdu7fOX0fSgVTm@public.gmane.org>
2016-08-31  3:29                                                 ` Andy Lutomirski
2016-08-27 14:19         ` [RFC v2 09/10] landlock: Handle cgroups (netfilter match) Mickaël Salaün
     [not found]           ` <57C1A159.3040905-WFhQfpSGs3bR7s880joybQ@public.gmane.org>
2016-08-27 18:32             ` Alexei Starovoitov
     [not found] ` <CALCETrWhzk4ukY7-Ynr5Hb9wHGTpcHUe2TvkVRxgvoU0-esDAA@mail.gmail.com>
     [not found]   ` <57C1AD75.8070304@digikod.net>
2016-08-27 15:21     ` Mickaël Salaün [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=57C1B003.1030608@digikod.net \
    --to=mic@digikod.net \
    --cc=arnd@arndb.de \
    --cc=ast@kernel.org \
    --cc=casey@schaufler-ca.com \
    --cc=daniel@iogearbox.net \
    --cc=daniel@zonque.org \
    --cc=davem@davemloft.net \
    --cc=drysdale@google.com \
    --cc=elena.reshetova@intel.com \
    --cc=james.l.morris@oracle.com \
    --cc=keescook@chromium.org \
    --cc=kernel-hardening@lists.openwall.com \
    --cc=linux-api@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-security-module@vger.kernel.org \
    --cc=luto@amacapital.net \
    --cc=netdev@vger.kernel.org \
    --cc=pmoore@redhat.com \
    --cc=sargun@sargun.me \
    --cc=serge@hallyn.com \
    --cc=wad@chromium.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox