From 98c6f8de41647ba565dcbdaccf876277b404161e Mon Sep 17 00:00:00 2001 From: Omar Polo Date: Thu, 10 Feb 2022 22:29:51 +0000 Subject: [PATCH] fix landlock usage MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Mickaël Salaün, the landlock author, pointed out the same error on the got implementation. The assumption that not listed access capabilities are implicitly denied is completely wrong: > In a nutshell, the ruleset's handled_access_fs is required for > backward and forward compatibility (i.e. the kernel and user space may > not know each other's supported restrictions), hence the need to be > explicit about the denied-by-default access rights. --- sandbox.c | 20 +++++++++++++------- 1 file changed, 13 insertions(+), 7 deletions(-) diff --git a/sandbox.c b/sandbox.c index a561d88..43f210d 100644 --- a/sandbox.c +++ b/sandbox.c @@ -429,14 +429,20 @@ open_landlock(void) { int fd; - /* - * These are all the actions that we may want to - * allow. Anything not specified here is implicitly blocked - * (e.g. LANDLOCK_ACCESS_FS_EXECUTE.) - */ struct landlock_ruleset_attr attr = { - .handled_access_fs = LANDLOCK_ACCESS_FS_READ_FILE | - LANDLOCK_ACCESS_FS_READ_DIR, + .handled_access_fs = LANDLOCK_ACCESS_FS_EXECUTE | + LANDLOCK_ACCESS_FS_READ_FILE | + LANDLOCK_ACCESS_FS_READ_DIR | + LANDLOCK_ACCESS_FS_WRITE_FILE | + LANDLOCK_ACCESS_FS_REMOVE_DIR | + LANDLOCK_ACCESS_FS_REMOVE_FILE | + LANDLOCK_ACCESS_FS_MAKE_CHAR | + LANDLOCK_ACCESS_FS_MAKE_DIR | + LANDLOCK_ACCESS_FS_MAKE_REG | + LANDLOCK_ACCESS_FS_MAKE_SOCK | + LANDLOCK_ACCESS_FS_MAKE_FIFO | + LANDLOCK_ACCESS_FS_MAKE_BLOCK | + LANDLOCK_ACCESS_FS_MAKE_SYM, }; fd = landlock_create_ruleset(&attr, sizeof(attr), 0);