Re: [PATCH v8 8/9] samples/landlock: Extend sample tool to support LANDLOCK_ACCESS_FS_TRUNCATE

Günther Noack <gnoack3000@xxxxxxxxx> · Sat, 8 Oct 2022 10:47:29 +0200

On Wed, Oct 05, 2022 at 08:57:23PM +0200, Mickaël Salaün wrote:
> 
> On 01/10/2022 17:49, Günther Noack wrote:
> > Update the sandboxer sample to restrict truncate actions. This is
> > automatically enabled by default if the running kernel supports
> > LANDLOCK_ACCESS_FS_TRUNCATE, except for the paths listed in the
> > LL_FS_RW environment variable.
> > 
> > Signed-off-by: Günther Noack <gnoack3000@xxxxxxxxx>
> > ---
> >   samples/landlock/sandboxer.c | 23 ++++++++++++++---------
> >   1 file changed, 14 insertions(+), 9 deletions(-)
> > 
> > diff --git a/samples/landlock/sandboxer.c b/samples/landlock/sandboxer.c
> > index 3e404e51ec64..771b6b10d519 100644
> > --- a/samples/landlock/sandboxer.c
> > +++ b/samples/landlock/sandboxer.c
> > @@ -76,7 +76,8 @@ static int parse_path(char *env_path, const char ***const path_list)
> >   #define ACCESS_FILE ( \
> >   	LANDLOCK_ACCESS_FS_EXECUTE | \
> >   	LANDLOCK_ACCESS_FS_WRITE_FILE | \
> > -	LANDLOCK_ACCESS_FS_READ_FILE)
> > +	LANDLOCK_ACCESS_FS_READ_FILE | \
> > +	LANDLOCK_ACCESS_FS_TRUNCATE)
> >   /* clang-format on */
> > @@ -160,10 +161,8 @@ static int populate_ruleset(const char *const env_var, const int ruleset_fd,
> >   	LANDLOCK_ACCESS_FS_MAKE_FIFO | \
> >   	LANDLOCK_ACCESS_FS_MAKE_BLOCK | \
> >   	LANDLOCK_ACCESS_FS_MAKE_SYM | \
> > -	LANDLOCK_ACCESS_FS_REFER)
> > -
> > -#define ACCESS_ABI_2 ( \
> > -	LANDLOCK_ACCESS_FS_REFER)
> > +	LANDLOCK_ACCESS_FS_REFER | \
> > +	LANDLOCK_ACCESS_FS_TRUNCATE)
> >   /* clang-format on */
> > @@ -226,11 +225,17 @@ int main(const int argc, char *const argv[], char *const *const envp)
> >   		return 1;
> >   	}
> >   	/* Best-effort security. */
> > -	if (abi < 2) {
> > -		ruleset_attr.handled_access_fs &= ~ACCESS_ABI_2;
> > -		access_fs_ro &= ~ACCESS_ABI_2;
> > -		access_fs_rw &= ~ACCESS_ABI_2;
> 
> You can now base your patches on the current Linus' master branch, these
> three commits are now merged:
> https://git.kernel.org/mic/c/2fff00c81d4c37a037cf704d2d219fbcb45aea3c

Thanks, rebased.

> The (inlined) documentation also needs to be updated according to this
> commit to align with the double backtick convention.

There were no occurrences of the double backtick in the sample tool, I
assume this is OK?

> > +	switch (abi) {
> > +	case 1:
> > +		/* Removes LANDLOCK_ACCESS_FS_REFER for ABI < 2 */
> > +		ruleset_attr.handled_access_fs &= ~LANDLOCK_ACCESS_FS_REFER;
> > +		__attribute__((fallthrough));
> > +	case 2:
> > +		/* Removes LANDLOCK_ACCESS_FS_TRUNCATE for ABI < 3 */
> > +		ruleset_attr.handled_access_fs &= ~LANDLOCK_ACCESS_FS_TRUNCATE;
> >   	}
> > +	access_fs_ro &= ruleset_attr.handled_access_fs;
> > +	access_fs_rw &= ruleset_attr.handled_access_fs;
> >   	ruleset_fd =
> >   		landlock_create_ruleset(&ruleset_attr, sizeof(ruleset_attr), 0);

-- 