On 18/05/2023 22:44, Shervin Oloumi wrote:
Sorry for the delay on this. I think there is a fundamental issue here that needs to be resolved first, and that is the limitation of the kernel that only one LSM's hook function can be called through the procfs attribute interface. This is a blocker for us (and I imagine for others), since implementing any LandLock attribute API would block the existing SELinux hook function, which is used to surface domain information. `ps` also uses it to display domain information when you pass `-Z`. Please note, this is independent of which path and filename we use for LandLock. Even when the "domain" file is placed under a different directory, for example `/proc/[pid]/attr/landlock/domain` the kernel only calls the Landlock hook function for any interaction with any files under attr (the kernel always calls only the hook function for the first loaded LSM in the kernel config). So if anyone in this thread has any information on whether there is work on progress for addressing this issue, that would be helpful.
This seems to be an LSM stacking issue. Do the LSM syscalls also have this issue? This should be part of tests.
