Hi Guenther! On Fri, Jan 24, 2025 at 04:59:29PM +0100, G??nther Noack wrote: > Hi! > > This is an attempt to clarify the kernel documentation for Landlock's IPC > scoping support before I send the same wording to the man page list in troff > format. > > (Adding Alejandro and the man-page list to get an early review on wording and > clarity.) Sorry for not replying before. I had fever last week. :) > On Fri, Jan 24, 2025 at 03:44:45PM +0000, G??nther Noack wrote: > > -IPC scoping does not support exceptions, so if a domain is scoped, no rules can > > -be added to allow access to resources or processes outside of the scope. > > +interactions between sandboxes. Therefore, at ruleset creation time, each > > +Landlock domain can restrict the scope for certain operations, so that these > > +operations can only reach out to processes within the same Landlock domain or in > > +a nested Landlock domain (the "scope"). > > + > > +The operations which can be scoped are: > > + > > +``LANDLOCK_SCOPE_SIGNAL`` > > + When set, Do we need to say when set? I'd say that's redundant (of course if you don't set a flag, its effects don't apply). > > this limits the sending of signals to target processes which run > > + within the same or a nested Landlock domain. > > + > > +``LANDLOCK_SCOPE_ABSTRACT_UNIX_SOCKET`` > > + When set, this limits the set of abstract :manpage:`unix(7)` sockets we can > > + :manpage:`connect(2)` to to socket addresses which were created by a process > > + in the same or a nested Landlock domain. > > + > > + A :manpage:`send(2)` on a non-connected datagram socket is treated like an > > + implicit :manpage:`connect(2)` and will be blocked when the remote end does I think *if* would be more appropriate than *when* here. > > + not stem from the same or a nested Landlock domain. This could be read such that send(2) is replaced by connect(2) on a non-connected datagram socket. But you want to say that a connect(2) is implicitly executed before the actual send(2) (which is still executed, if connect(2) succeeds). How about this wording? If send(2) is used on a non-connected datagram socket, an implicit connect(2) is executed first, and will be blocked when the remote end does not .... Have a lovely day! Alex > > + A :manpage:`send(2)` on a socket which was previously connected will work. > > + This works for both datagram and stream sockets. > > + > > +IPC scoping does not support exceptions via :manpage:`landlock_add_rule(2)`. > > +If an operation is scoped within a domain, no rules can be added to allow access > > +to resources or processes outside of the scope. > > > > Truncating files > > ---------------- > > -- > > 2.48.1.262.g85cc9f2d1e-goog > > > > ???G??nther -- <https://www.alejandro-colomar.es/>
Attachment:
signature.asc
Description: PGP signature
