mirror of https://github.com/omar-polo/gmid.git
fix landlock usage
Mickaël Salaün, the landlock author, pointed out the same error on the got implementation. The assumption that not listed access capabilities are implicitly denied is completely wrong: > In a nutshell, the ruleset's handled_access_fs is required for > backward and forward compatibility (i.e. the kernel and user space may > not know each other's supported restrictions), hence the need to be > explicit about the denied-by-default access rights.
This commit is contained in:
parent
be88c5d657
commit
98c6f8de41
20
sandbox.c
20
sandbox.c
|
@ -429,14 +429,20 @@ open_landlock(void)
|
|||
{
|
||||
int fd;
|
||||
|
||||
/*
|
||||
* These are all the actions that we may want to
|
||||
* allow. Anything not specified here is implicitly blocked
|
||||
* (e.g. LANDLOCK_ACCESS_FS_EXECUTE.)
|
||||
*/
|
||||
struct landlock_ruleset_attr attr = {
|
||||
.handled_access_fs = LANDLOCK_ACCESS_FS_READ_FILE |
|
||||
LANDLOCK_ACCESS_FS_READ_DIR,
|
||||
.handled_access_fs = LANDLOCK_ACCESS_FS_EXECUTE |
|
||||
LANDLOCK_ACCESS_FS_READ_FILE |
|
||||
LANDLOCK_ACCESS_FS_READ_DIR |
|
||||
LANDLOCK_ACCESS_FS_WRITE_FILE |
|
||||
LANDLOCK_ACCESS_FS_REMOVE_DIR |
|
||||
LANDLOCK_ACCESS_FS_REMOVE_FILE |
|
||||
LANDLOCK_ACCESS_FS_MAKE_CHAR |
|
||||
LANDLOCK_ACCESS_FS_MAKE_DIR |
|
||||
LANDLOCK_ACCESS_FS_MAKE_REG |
|
||||
LANDLOCK_ACCESS_FS_MAKE_SOCK |
|
||||
LANDLOCK_ACCESS_FS_MAKE_FIFO |
|
||||
LANDLOCK_ACCESS_FS_MAKE_BLOCK |
|
||||
LANDLOCK_ACCESS_FS_MAKE_SYM,
|
||||
};
|
||||
|
||||
fd = landlock_create_ruleset(&attr, sizeof(attr), 0);
|
||||
|
|
Loading…
Reference in New Issue