On Mon, Aug 14, 2023 at 07:28:11PM +0200, Günther Noack wrote: > Hello! > > These patches add simple ioctl(2) support to Landlock. > [...] > How we arrived at the list of always-permitted IOCTL commands > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > > To decide which IOCTL commands should be blanket-permitted I went through the > list of IOCTL commands mentioned in fs/ioctl.c and looked at them individually > to understand what they are about. The following list is my conclusion from > that. > > We should always allow the following IOCTL commands: > > * FIOCLEX, FIONCLEX - these work on the file descriptor and manipulate the > close-on-exec flag > * FIONBIO, FIOASYNC - these work on the struct file and enable nonblocking-IO > and async flags > * FIONREAD - get the number of bytes available for reading (the implementation > is defined per file type) I think we should treat FIOQSIZE like FIONREAD, i.e. check for LANDLOCK_ACCESS_FS_READ_FILE as explain in my previous message. Tests should then rely on something else. [...] > Changes > ~~~~~~~ > > V3: > * always permit the IOCTL commands FIOCLEX, FIONCLEX, FIONBIO, FIOASYNC and > FIONREAD, independent of LANDLOCK_ACCESS_FS_IOCTL > * increment ABI version in the same commit where the feature is introduced > * testing changes > * use FIOQSIZE instead of TTY IOCTL commands > (FIOQSIZE works with regular files, directories and memfds) > * run the memfd test with both Landlock enabled and disabled > * add a test for the always-permitted IOCTL commands
