Re: [PATCH v8 8/9] samples/landlock: Extend sample tool to support... | linux-security-module

[PATCH v8 0/9] landlock: truncate support · Günther Noack <hidden> · 2022-10-01
[PATCH v8 1/9] security: Create file_truncate hook from path_truncate hook · Günther Noack <hidden> · 2022-10-01
Re: [PATCH v8 1/9] security: Create file_truncate hook from path_truncate hook · Mickaël Salaün <mic@digikod.net> · 2022-10-05
Re: [PATCH v8 1/9] security: Create file_truncate hook from path_truncate hook · Günther Noack <hidden> · 2022-10-08
Re: [PATCH v8 1/9] security: Create file_truncate hook from path_truncate hook · Paul Moore <paul@paul-moore.com> · 2022-10-06
[PATCH v8 2/9] selftests/landlock: Locally define __maybe_unused · Günther Noack <hidden> · 2022-10-01
Re: [PATCH v8 2/9] selftests/landlock: Locally define __maybe_unused · Mickaël Salaün <mic@digikod.net> · 2022-10-05
Re: [PATCH v8 2/9] selftests/landlock: Locally define __maybe_unused · Günther Noack <hidden> · 2022-10-08
[PATCH v8 3/9] landlock: Refactor check_access_path_dual() into is_access_to_paths_allowed() · Günther Noack <hidden> · 2022-10-01
Re: [PATCH v8 3/9] landlock: Refactor check_access_path_dual() into is_access_to_paths_allowed() · Mickaël Salaün <mic@digikod.net> · 2022-10-05
Re: [PATCH v8 3/9] landlock: Refactor check_access_path_dual() into is_access_to_paths_allowed() · Günther Noack <hidden> · 2022-10-08
[PATCH v8 4/9] landlock: Support file truncation · Günther Noack <hidden> · 2022-10-01
Re: [PATCH v8 4/9] landlock: Support file truncation · Nathan Chancellor <nathan@kernel.org> · 2022-10-04
Re: [PATCH v8 4/9] landlock: Support file truncation · Mickaël Salaün <mic@digikod.net> · 2022-10-05
Re: [PATCH v8 4/9] landlock: Support file truncation · Günther Noack <hidden> · 2022-10-06
Re: [PATCH v8 4/9] landlock: Support file truncation · Mickaël Salaün <mic@digikod.net> · 2022-10-05
Re: [PATCH v8 4/9] landlock: Support file truncation · Günther Noack <hidden> · 2022-10-08
[PATCH v8 5/9] selftests/landlock: Selftests for file truncation support · Günther Noack <hidden> · 2022-10-01
[PATCH v8 7/9] selftests/landlock: Test FD passing from a Landlock-restricted to an unrestricted process · Günther Noack <hidden> · 2022-10-01
Re: [PATCH v8 7/9] selftests/landlock: Test FD passing from a Landlock-restricted to an unrestricted process · Mickaël Salaün <mic@digikod.net> · 2022-10-05
Re: [PATCH v8 7/9] selftests/landlock: Test FD passing from a Landlock-restricted to an unrestricted process · Günther Noack <hidden> · 2022-10-08
[PATCH v8 6/9] selftests/landlock: Test open() and ftruncate() in multiple scenarios · Günther Noack <hidden> · 2022-10-01
Re: [PATCH v8 6/9] selftests/landlock: Test open() and ftruncate() in multiple scenarios · Mickaël Salaün <mic@digikod.net> · 2022-10-05
[PATCH v8 8/9] samples/landlock: Extend sample tool to support LANDLOCK_ACCESS_FS_TRUNCATE · Günther Noack <hidden> · 2022-10-01
Re: [PATCH v8 8/9] samples/landlock: Extend sample tool to support LANDLOCK_ACCESS_FS_TRUNCATE · Mickaël Salaün <mic@digikod.net> · 2022-10-05
Re: [PATCH v8 8/9] samples/landlock: Extend sample tool to support LANDLOCK_ACCESS_FS_TRUNCATE · Günther Noack <hidden> · 2022-10-08
[PATCH v8 9/9] landlock: Document Landlock's file truncation support · Günther Noack <hidden> · 2022-10-01
Re: [PATCH v8 9/9] landlock: Document Landlock's file truncation support · Mickaël Salaün <mic@digikod.net> · 2022-10-05
Re: [PATCH v8 9/9] landlock: Document Landlock's file truncation support · Günther Noack <hidden> · 2022-10-08
Re: [PATCH v8 0/9] landlock: truncate support · Mickaël Salaün <mic@digikod.net> · 2022-10-05
Re: [PATCH v8 0/9] landlock: truncate support · Günther Noack <hidden> · 2022-10-08

Re: [PATCH v8 8/9] samples/landlock: Extend sample tool to support LANDLOCK_ACCESS_FS_TRUNCATE

From: Mickaël Salaün <mic@digikod.net>
Date: 2022-10-05 18:57:37
Also in: linux-fsdevel

On 01/10/2022 17:49, Günther Noack wrote:

quoted hunk ↗ jump to hunk

Update the sandboxer sample to restrict truncate actions. This is
automatically enabled by default if the running kernel supports
LANDLOCK_ACCESS_FS_TRUNCATE, except for the paths listed in the
LL_FS_RW environment variable.

Signed-off-by: Günther Noack <redacted>
---
  samples/landlock/sandboxer.c | 23 ++++++++++++++---------
  1 file changed, 14 insertions(+), 9 deletions(-)

diff --git a/samples/landlock/sandboxer.c b/samples/landlock/sandboxer.c
index 3e404e51ec64..771b6b10d519 100644
--- a/samples/landlock/sandboxer.c
+++ b/samples/landlock/sandboxer.c

@@ -76,7 +76,8 @@ static int parse_path(char *env_path, const char ***const path_list)
  #define ACCESS_FILE ( \
  	LANDLOCK_ACCESS_FS_EXECUTE | \
  	LANDLOCK_ACCESS_FS_WRITE_FILE | \
-	LANDLOCK_ACCESS_FS_READ_FILE)
+	LANDLOCK_ACCESS_FS_READ_FILE | \
+	LANDLOCK_ACCESS_FS_TRUNCATE)
  
  /* clang-format on */

@@ -160,10 +161,8 @@ static int populate_ruleset(const char *const env_var, const int ruleset_fd,
  	LANDLOCK_ACCESS_FS_MAKE_FIFO | \
  	LANDLOCK_ACCESS_FS_MAKE_BLOCK | \
  	LANDLOCK_ACCESS_FS_MAKE_SYM | \
-	LANDLOCK_ACCESS_FS_REFER)
-
-#define ACCESS_ABI_2 ( \
-	LANDLOCK_ACCESS_FS_REFER)
+	LANDLOCK_ACCESS_FS_REFER | \
+	LANDLOCK_ACCESS_FS_TRUNCATE)
  
  /* clang-format on */

@@ -226,11 +225,17 @@ int main(const int argc, char *const argv[], char *const *const envp)
  		return 1;
  	}
  	/* Best-effort security. */
-	if (abi < 2) {
-		ruleset_attr.handled_access_fs &= ~ACCESS_ABI_2;
-		access_fs_ro &= ~ACCESS_ABI_2;
-		access_fs_rw &= ~ACCESS_ABI_2;

You can now base your patches on the current Linus' master branch, these 
three commits are now merged: 
https://git.kernel.org/mic/c/2fff00c81d4c37a037cf704d2d219fbcb45aea3c

The (inlined) documentation also needs to be updated according to this 
commit to align with the double backtick convention.

+	switch (abi) {
+	case 1:
+		/* Removes LANDLOCK_ACCESS_FS_REFER for ABI < 2 */
+		ruleset_attr.handled_access_fs &= ~LANDLOCK_ACCESS_FS_REFER;
+		__attribute__((fallthrough));
+	case 2:
+		/* Removes LANDLOCK_ACCESS_FS_TRUNCATE for ABI < 3 */
+		ruleset_attr.handled_access_fs &= ~LANDLOCK_ACCESS_FS_TRUNCATE;
  	}
+	access_fs_ro &= ruleset_attr.handled_access_fs;
+	access_fs_rw &= ruleset_attr.handled_access_fs;
  
  	ruleset_fd =
  		landlock_create_ruleset(&ruleset_attr, sizeof(ruleset_attr), 0);

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help