[PATCH] landlock_restrict_self.2: Fix max number of nested sandboxes

[PATCH] landlock_restrict_self.2: Fix max number of nested sandboxes

[Mickaël Salaün]

This limit was updated and backported with commit 75c542d6c6cc
("landlock: Reduce the maximum number of layers to 16") to all supported
Linux versions.

Cc: Alejandro Colomar <alx@kernel.org>
Cc: Günther Noack <gnoack@google.com>
Signed-off-by: Mickaël Salaün <mic@digikod.net>
---
 man2/landlock_restrict_self.2 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/man2/landlock_restrict_self.2 b/man2/landlock_restrict_self.2
index 43f15c932a83..fb7e48234098 100644
--- a/man2/landlock_restrict_self.2
+++ b/man2/landlock_restrict_self.2
@@ -102,7 +102,7 @@ in its user namespace.
 .TP
 .B E2BIG
 The maximum number of composed rulesets is reached for the calling thread.
-This limit is currently 64.
+This limit is currently 16.
 .SH STANDARDS
 Linux.
 .SH HISTORY
-- 
2.44.0

Re: [PATCH] landlock_restrict_self.2: Fix max number of nested sandboxes

[Günther Noack]

On Tue, Mar 12, 2024 at 04:15:13PM +0100, Mickaël Salaün wrote:
> This limit was updated and backported with commit 75c542d6c6cc
> ("landlock: Reduce the maximum number of layers to 16") to all supported
> Linux versions.
> 
> Cc: Alejandro Colomar <alx@kernel.org>
> Cc: Günther Noack <gnoack@google.com>
> Signed-off-by: Mickaël Salaün <mic@digikod.net>
> ---
>  man2/landlock_restrict_self.2 | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/man2/landlock_restrict_self.2 b/man2/landlock_restrict_self.2
> index 43f15c932a83..fb7e48234098 100644
> --- a/man2/landlock_restrict_self.2
> +++ b/man2/landlock_restrict_self.2
> @@ -102,7 +102,7 @@ in its user namespace.
>  .TP
>  .B E2BIG
>  The maximum number of composed rulesets is reached for the calling thread.
> -This limit is currently 64.
> +This limit is currently 16.
>  .SH STANDARDS
>  Linux.
>  .SH HISTORY
> -- 
> 2.44.0
> 

Signed-off-by: Günther Noack <gnoack@google.com>

Re: [PATCH] landlock_restrict_self.2: Fix max number of nested sandboxes

[Günther Noack]

On Tue, Mar 12, 2024 at 04:15:13PM +0100, Mickaël Salaün wrote:
> This limit was updated and backported with commit 75c542d6c6cc
> ("landlock: Reduce the maximum number of layers to 16") to all supported
> Linux versions.
> 
> Cc: Alejandro Colomar <alx@kernel.org>
> Cc: Günther Noack <gnoack@google.com>
> Signed-off-by: Mickaël Salaün <mic@digikod.net>
> ---
>  man2/landlock_restrict_self.2 | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/man2/landlock_restrict_self.2 b/man2/landlock_restrict_self.2
> index 43f15c932a83..fb7e48234098 100644
> --- a/man2/landlock_restrict_self.2
> +++ b/man2/landlock_restrict_self.2
> @@ -102,7 +102,7 @@ in its user namespace.
>  .TP
>  .B E2BIG
>  The maximum number of composed rulesets is reached for the calling thread.
> -This limit is currently 64.
> +This limit is currently 16.
>  .SH STANDARDS
>  Linux.
>  .SH HISTORY
> -- 
> 2.44.0
> 

Of course, I meant to write:

Reviewed-by: Günther Noack <gnoack@google.com>

(I need a coffee)

Re: [PATCH] landlock_restrict_self.2: Fix max number of nested sandboxes

[Alejandro Colomar]

[-- Attachment #1: Type: text/plain, Size: 1348 bytes --]

Hi Mickaël and Günther!

On Wed, Mar 13, 2024 at 10:12:13AM +0100, Günther Noack wrote:
> On Tue, Mar 12, 2024 at 04:15:13PM +0100, Mickaël Salaün wrote:
> > This limit was updated and backported with commit 75c542d6c6cc
> > ("landlock: Reduce the maximum number of layers to 16") to all supported
> > Linux versions.
> > 
> > Cc: Alejandro Colomar <alx@kernel.org>
> > Cc: Günther Noack <gnoack@google.com>
> > Signed-off-by: Mickaël Salaün <mic@digikod.net>
> > ---
> >  man2/landlock_restrict_self.2 | 2 +-
> >  1 file changed, 1 insertion(+), 1 deletion(-)
> > 
> > diff --git a/man2/landlock_restrict_self.2 b/man2/landlock_restrict_self.2
> > index 43f15c932a83..fb7e48234098 100644
> > --- a/man2/landlock_restrict_self.2
> > +++ b/man2/landlock_restrict_self.2
> > @@ -102,7 +102,7 @@ in its user namespace.
> >  .TP
> >  .B E2BIG
> >  The maximum number of composed rulesets is reached for the calling thread.
> > -This limit is currently 64.
> > +This limit is currently 16.
> >  .SH STANDARDS
> >  Linux.
> >  .SH HISTORY
> > -- 
> > 2.44.0
> > 
> 
> Of course, I meant to write:
> 
> Reviewed-by: Günther Noack <gnoack@google.com>

Patch and tag applied.  Thank you both!

> 
> (I need a coffee)

Have a lovely day!  (and a coffe :)

Alex

-- 
<https://www.alejandro-colomar.es/>

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

Re: [PATCH] landlock_restrict_self.2: Fix max number of nested sandboxes

[Alejandro Colomar]

[-- Attachment #1: Type: text/plain, Size: 627 bytes --]

Hi Günther, Mickaël,

On Thu, Mar 14, 2024 at 05:08:02PM +0100, Alejandro Colomar wrote:
> > >  .TP
> > >  .B E2BIG
> > >  The maximum number of composed rulesets is reached for the calling thread.
> > > -This limit is currently 64.
> > > +This limit is currently 16.

BTW, do you think this limit change is something relevant for HISTORY?
Or should we maybe not document the limit?  Or maybe should the kernel
provide a macro to name that limit (and thus let a user grep it in their
headers to learn their specific value)?  Or maybe a combination?

Cheers,
Alex


-- 
<https://www.alejandro-colomar.es/>

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

Re: [PATCH] landlock_restrict_self.2: Fix max number of nested sandboxes

[Günther Noack]

On Thu, Mar 14, 2024 at 05:11:00PM +0100, Alejandro Colomar wrote:
> Hi Günther, Mickaël,
> 
> On Thu, Mar 14, 2024 at 05:08:02PM +0100, Alejandro Colomar wrote:
> > > >  .TP
> > > >  .B E2BIG
> > > >  The maximum number of composed rulesets is reached for the calling thread.
> > > > -This limit is currently 64.
> > > > +This limit is currently 16.
> 
> BTW, do you think this limit change is something relevant for HISTORY?
> Or should we maybe not document the limit?  Or maybe should the kernel
> provide a macro to name that limit (and thus let a user grep it in their
> headers to learn their specific value)?  Or maybe a combination?

I doubt that anyone has run into that limit in real life yet (but I'd be happy
to learn about it if they did).

I think the most important reason why this limit is mentionworthy is because
landlock_restrict_self() can fail when a process is trying to stack the N+1th
Landlock policy on top.  For programs that don't know all of their parent
processes in detail, they anyway can't make assumptions about how many policies
can still be stacked.  So whether the limit is 64 or 16, it does not make much
of a difference for the code that people have to write.

—Günther

Re: [PATCH] landlock_restrict_self.2: Fix max number of nested sandboxes

[Alejandro Colomar]

[-- Attachment #1: Type: text/plain, Size: 1433 bytes --]

On Thu, Mar 14, 2024 at 05:49:07PM +0100, Günther Noack wrote:
> On Thu, Mar 14, 2024 at 05:11:00PM +0100, Alejandro Colomar wrote:
> > Hi Günther, Mickaël,
> > 
> > On Thu, Mar 14, 2024 at 05:08:02PM +0100, Alejandro Colomar wrote:
> > > > >  .TP
> > > > >  .B E2BIG
> > > > >  The maximum number of composed rulesets is reached for the calling thread.
> > > > > -This limit is currently 64.
> > > > > +This limit is currently 16.
> > 
> > BTW, do you think this limit change is something relevant for HISTORY?
> > Or should we maybe not document the limit?  Or maybe should the kernel
> > provide a macro to name that limit (and thus let a user grep it in their
> > headers to learn their specific value)?  Or maybe a combination?
> 
> I doubt that anyone has run into that limit in real life yet (but I'd be happy
> to learn about it if they did).
> 
> I think the most important reason why this limit is mentionworthy is because
> landlock_restrict_self() can fail when a process is trying to stack the N+1th
> Landlock policy on top.  For programs that don't know all of their parent
> processes in detail, they anyway can't make assumptions about how many policies
> can still be stacked.  So whether the limit is 64 or 16, it does not make much
> of a difference for the code that people have to write.

Hmmm, thanks!

Cheers,
Alex

> —Günther

-- 
<https://www.alejandro-colomar.es/>

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]