#
a17c60e5 |
|
07-Mar-2024 |
Mickaël Salaün <mic@digikod.net> |
samples/landlock: Don't error out if a file path cannot be opened Instead of creating a hard error and aborting the sandbox creation, accept file path not usable in the LL_FS_RO and LL_FS_RW environment variables but only print a warning. This makes it easier to test, for instance with LL_FS_RO="${PATH}:/usr/lib:/lib" Print that we are going to execute the command in the sandbox before doing so. Rename "launch" to "execute", and improve header description. Reviewed-by: Günther Noack <gnoack@google.com> Link: https://lore.kernel.org/r/20240307143849.1517218-1-mic@digikod.net [mic: Improve header description as suggested by Günther] Signed-off-by: Mickaël Salaün <mic@digikod.net>
|
#
5e990dce |
|
25-Oct-2023 |
Konstantin Meskhidze <konstantin.meskhidze@huawei.com> |
samples/landlock: Support TCP restrictions Add TCP restrictions to the sandboxer demo. It's possible to allow a sandboxer to bind/connect to a list of specified ports restricting network actions to the rest of them. This is controlled with the new LL_TCP_BIND and LL_TCP_CONNECT environment variables. Rename ENV_PATH_TOKEN to ENV_DELIMITER. Signed-off-by: Konstantin Meskhidze <konstantin.meskhidze@huawei.com> Link: https://lore.kernel.org/r/20231026014751.414649-12-konstantin.meskhidze@huawei.com [mic: Extend commit message] Signed-off-by: Mickaël Salaün <mic@digikod.net>
|
#
f6e53fb2 |
|
07-Nov-2022 |
Günther Noack <gnoack3000@gmail.com> |
samples/landlock: Document best-effort approach for LANDLOCK_ACCESS_FS_REFER Add a comment to clarify how to handle best-effort backwards compatibility for LANDLOCK_ACCESS_FS_REFER. The "refer" access is special because these operations are always forbidden in ABI 1, unlike most other operations, which are permitted when using Landlock ABI levels where they are not supported yet. Signed-off-by: Günther Noack <gnoack3000@gmail.com> Link: https://lore.kernel.org/r/20221107181651.4555-1-gnoack3000@gmail.com Signed-off-by: Mickaël Salaün <mic@digikod.net>
|
#
faeb9197 |
|
18-Oct-2022 |
Günther Noack <gnoack3000@gmail.com> |
samples/landlock: Extend sample tool to support LANDLOCK_ACCESS_FS_TRUNCATE Update the sandboxer sample to restrict truncate actions. This is automatically enabled by default if the running kernel supports LANDLOCK_ACCESS_FS_TRUNCATE, except for the paths listed in the LL_FS_RW environment variable. Signed-off-by: Günther Noack <gnoack3000@gmail.com> Link: https://lore.kernel.org/r/20221018182216.301684-11-gnoack3000@gmail.com Signed-off-by: Mickaël Salaün <mic@digikod.net>
|
#
903cfe8a |
|
23-Sep-2022 |
Mickaël Salaün <mic@digikod.net> |
samples/landlock: Print hints about ABI versions Extend the help with the latest Landlock ABI version supported by the sandboxer. Inform users about the sandboxer or the kernel not being up-to-date. Make the version check code easier to update and harder to misuse. Cc: Paul Moore <paul@paul-moore.com> Signed-off-by: Mickaël Salaün <mic@digikod.net> Reviewed-by: Günther Noack <gnoack3000@gmail.com> Link: https://lore.kernel.org/r/20220923154207.3311629-2-mic@digikod.net
|
#
76b902f8 |
|
06-May-2022 |
Mickaël Salaün <mic@digikod.net> |
samples/landlock: Add support for file reparenting Add LANDLOCK_ACCESS_FS_REFER to the "roughly write" access rights and leverage the Landlock ABI version to only try to enforce it if it is supported by the running kernel. Reviewed-by: Paul Moore <paul@paul-moore.com> Signed-off-by: Mickaël Salaün <mic@digikod.net> Link: https://lore.kernel.org/r/20220506161102.525323-10-mic@digikod.net
|
#
81709f3d |
|
06-May-2022 |
Mickaël Salaün <mic@digikod.net> |
samples/landlock: Format with clang-format Let's follow a consistent and documented coding style. Everything may not be to our liking but it is better than tacit knowledge. Moreover, this will help maintain style consistency between different developers. This contains only whitespace changes. Automatically formatted with: clang-format-14 -i samples/landlock/*.[ch] Link: https://lore.kernel.org/r/20220506160513.523257-8-mic@digikod.net Cc: stable@vger.kernel.org Signed-off-by: Mickaël Salaün <mic@digikod.net>
|
#
9805a722 |
|
06-May-2022 |
Mickaël Salaün <mic@digikod.net> |
samples/landlock: Add clang-format exceptions In preparation to a following commit, add clang-format on and clang-format off stanzas around constant definitions. This enables to keep aligned values, which is much more readable than packed definitions. Link: https://lore.kernel.org/r/20220506160513.523257-7-mic@digikod.net Cc: stable@vger.kernel.org Signed-off-by: Mickaël Salaün <mic@digikod.net>
|
#
66b513b7 |
|
28-Apr-2021 |
Tom Rix <trix@redhat.com> |
samples/landlock: Fix path_list memory leak Clang static analysis reports this error sandboxer.c:134:8: warning: Potential leak of memory pointed to by 'path_list' ret = 0; ^ path_list is allocated in parse_path() but never freed. Signed-off-by: Tom Rix <trix@redhat.com> Link: https://lore.kernel.org/r/20210428213852.2874324-1-trix@redhat.com Cc: stable@vger.kernel.org Signed-off-by: Mickaël Salaün <mic@linux.microsoft.com>
|
#
ba84b0bf |
|
22-Apr-2021 |
Mickaël Salaün <mic@linux.microsoft.com> |
samples/landlock: Add a sandbox manager example Add a basic sandbox tool to launch a command which can only access a list of file hierarchies in a read-only or read-write way. Cc: James Morris <jmorris@namei.org> Cc: Serge E. Hallyn <serge@hallyn.com> Signed-off-by: Mickaël Salaün <mic@linux.microsoft.com> Reviewed-by: Jann Horn <jannh@google.com> Reviewed-by: Kees Cook <keescook@chromium.org> Link: https://lore.kernel.org/r/20210422154123.13086-12-mic@digikod.net Signed-off-by: James Morris <jamorris@linux.microsoft.com>
|