Commit Diff
Commit:
98c6f8de41647ba565dcbdaccf876277b404161e
From:
Omar Polo <op@omarpolo.com>
Date:
Thu Feb 10 22:29:51 2022 UTC
Message
fix landlock usage Mickaël Salaün, the landlock author, pointed out the same error on the got implementation. The assumption that not listed access capabilities are implicitly denied is completely wrong: > In a nutshell, the ruleset's handled_access_fs is required for > backward and forward compatibility (i.e. the kernel and user space may > not know each other's supported restrictions), hence the need to be > explicit about the denied-by-default access rights.
commit - be88c5d657e2a2e0a2a9f6d75910e5f08ec5e755
commit + 98c6f8de41647ba565dcbdaccf876277b404161e
blob - a561d88b26a8dd02e222ed1160e7aacb5b5f76e6
blob + 43f210de4b18322649f4363523377f93519c5dd2
--- sandbox.c
+++ sandbox.c
@@ -429,14 +429,20 @@ open_landlock(void)
{
int fd;
- /*
- * These are all the actions that we may want to
- * allow. Anything not specified here is implicitly blocked
- * (e.g. LANDLOCK_ACCESS_FS_EXECUTE.)
- */
struct landlock_ruleset_attr attr = {
- .handled_access_fs = LANDLOCK_ACCESS_FS_READ_FILE |
- LANDLOCK_ACCESS_FS_READ_DIR,
+ .handled_access_fs = LANDLOCK_ACCESS_FS_EXECUTE |
+ LANDLOCK_ACCESS_FS_READ_FILE |
+ LANDLOCK_ACCESS_FS_READ_DIR |
+ LANDLOCK_ACCESS_FS_WRITE_FILE |
+ LANDLOCK_ACCESS_FS_REMOVE_DIR |
+ LANDLOCK_ACCESS_FS_REMOVE_FILE |
+ LANDLOCK_ACCESS_FS_MAKE_CHAR |
+ LANDLOCK_ACCESS_FS_MAKE_DIR |
+ LANDLOCK_ACCESS_FS_MAKE_REG |
+ LANDLOCK_ACCESS_FS_MAKE_SOCK |
+ LANDLOCK_ACCESS_FS_MAKE_FIFO |
+ LANDLOCK_ACCESS_FS_MAKE_BLOCK |
+ LANDLOCK_ACCESS_FS_MAKE_SYM,
};
fd = landlock_create_ruleset(&attr, sizeof(attr), 0);
Omar Polo