Commit Diff
Commit:
98c6f8de41647ba565dcbdaccf876277b404161e
Date:
Thu Feb 10 22:29:51 2022
UTC
Message
fix landlock usage
Mickaël Salaün, the landlock author, pointed out the same error on the
got implementation. The assumption that not listed access
capabilities are implicitly denied is completely wrong:
> In a nutshell, the ruleset's handled_access_fs is required for
> backward and forward compatibility (i.e. the kernel and user space may
> not know each other's supported restrictions), hence the need to be
> explicit about the denied-by-default access rights.
--- sandbox.c
+++ sandbox.c
@@ -429,14 +429,20 @@ open_landlock(void)
{
int fd;
- /*
- * These are all the actions that we may want to
- * allow. Anything not specified here is implicitly blocked
- * (e.g. LANDLOCK_ACCESS_FS_EXECUTE.)
- */
struct landlock_ruleset_attr attr = {
- .handled_access_fs = LANDLOCK_ACCESS_FS_READ_FILE |
- LANDLOCK_ACCESS_FS_READ_DIR,
+ .handled_access_fs = LANDLOCK_ACCESS_FS_EXECUTE |
+ LANDLOCK_ACCESS_FS_READ_FILE |
+ LANDLOCK_ACCESS_FS_READ_DIR |
+ LANDLOCK_ACCESS_FS_WRITE_FILE |
+ LANDLOCK_ACCESS_FS_REMOVE_DIR |
+ LANDLOCK_ACCESS_FS_REMOVE_FILE |
+ LANDLOCK_ACCESS_FS_MAKE_CHAR |
+ LANDLOCK_ACCESS_FS_MAKE_DIR |
+ LANDLOCK_ACCESS_FS_MAKE_REG |
+ LANDLOCK_ACCESS_FS_MAKE_SOCK |
+ LANDLOCK_ACCESS_FS_MAKE_FIFO |
+ LANDLOCK_ACCESS_FS_MAKE_BLOCK |
+ LANDLOCK_ACCESS_FS_MAKE_SYM,
};
fd = landlock_create_ruleset(&attr, sizeof(attr), 0);
Omar Polo