Re: [PATCH v8 11/12] samples/landlock: Add network demo

[PATCH v8 00/12] Network support for Landlock · Konstantin Meskhidze <hidden> · 2022-10-21
[PATCH v8 01/12] landlock: Make ruleset's access masks more generic · Konstantin Meskhidze <hidden> · 2022-10-21
Re: [PATCH v8 01/12] landlock: Make ruleset's access masks more generic · Mickaël Salaün <mic@digikod.net> · 2022-11-17
Re: [PATCH v8 01/12] landlock: Make ruleset's access masks more generic · Konstantin Meskhidze (A) <hidden> · 2022-11-28
Re: [PATCH v8 01/12] landlock: Make ruleset's access masks more generic · Mickaël Salaün <mic@digikod.net> · 2022-11-28
Re: [PATCH v8 01/12] landlock: Make ruleset's access masks more generic · Konstantin Meskhidze (A) <hidden> · 2022-12-02
[PATCH v8 02/12] landlock: Refactor landlock_find_rule/insert_rule · Konstantin Meskhidze <hidden> · 2022-10-21
Re: [PATCH v8 02/12] landlock: Refactor landlock_find_rule/insert_rule · Mickaël Salaün <mic@digikod.net> · 2022-11-17
[PATCH] landlock: Allow filesystem layout changes for domains without such rule type · Mickaël Salaün <mic@digikod.net> · 2022-11-17
Re: [PATCH] landlock: Allow filesystem layout changes for domains without such rule type · Mickaël Salaün <mic@digikod.net> · 2022-11-18
Re: [PATCH] landlock: Allow filesystem layout changes for domains without such rule type · Konstantin Meskhidze (A) <hidden> · 2022-11-28
Re: [PATCH] landlock: Allow filesystem layout changes for domains without such rule type · Mickaël Salaün <mic@digikod.net> · 2022-11-28
Re: [PATCH] landlock: Allow filesystem layout changes for domains without such rule type · Konstantin Meskhidze (A) <hidden> · 2022-12-02
Re: [PATCH] landlock: Allow filesystem layout changes for domains without such rule type · Konstantin Meskhidze (A) <hidden> · 2022-12-24
Re: [PATCH] landlock: Allow filesystem layout changes for domains without such rule type · Mickaël Salaün <mic@digikod.net> · 2022-12-26
Re: [PATCH] landlock: Allow filesystem layout changes for domains without such rule type · Konstantin Meskhidze (A) <hidden> · 2022-12-27
Re: [PATCH] landlock: Allow filesystem layout changes for domains without such rule type · Konstantin Meskhidze (A) <hidden> · 2022-11-28
Re: [PATCH] landlock: Allow filesystem layout changes for domains without such rule type · Mickaël Salaün <mic@digikod.net> · 2022-11-28
Re: [PATCH] landlock: Allow filesystem layout changes for domains without such rule type · Konstantin Meskhidze (A) <hidden> · 2022-12-02
Re: [PATCH v8 02/12] landlock: Refactor landlock_find_rule/insert_rule · Mickaël Salaün <mic@digikod.net> · 2022-11-22
Re: [PATCH v8 02/12] landlock: Refactor landlock_find_rule/insert_rule · Konstantin Meskhidze (A) <hidden> · 2022-11-28
Re: [PATCH v8 02/12] landlock: Refactor landlock_find_rule/insert_rule · Konstantin Meskhidze (A) <hidden> · 2022-11-28
[PATCH v8 03/12] landlock: Refactor merge/inherit_ruleset functions · Konstantin Meskhidze <hidden> · 2022-10-21
Re: [PATCH v8 03/12] landlock: Refactor merge/inherit_ruleset functions · Mickaël Salaün <mic@digikod.net> · 2022-11-17
Re: [PATCH v8 03/12] landlock: Refactor merge/inherit_ruleset functions · Konstantin Meskhidze (A) <hidden> · 2022-11-28
[PATCH v8 04/12] landlock: Move unmask_layers() and init_layer_masks() · Konstantin Meskhidze <hidden> · 2022-10-21
Re: [PATCH v8 04/12] landlock: Move unmask_layers() and init_layer_masks() · Mickaël Salaün <mic@digikod.net> · 2022-11-17
Re: [PATCH v8 04/12] landlock: Move unmask_layers() and init_layer_masks() · Konstantin Meskhidze (A) <hidden> · 2022-11-28
Re: [PATCH v8 04/12] landlock: Move unmask_layers() and init_layer_masks() · Mickaël Salaün <mic@digikod.net> · 2022-11-28
Re: [PATCH v8 04/12] landlock: Move unmask_layers() and init_layer_masks() · Konstantin Meskhidze (A) <hidden> · 2022-12-02
[PATCH v8 05/12] landlock: Refactor unmask_layers() and init_layer_masks() · Konstantin Meskhidze <hidden> · 2022-10-21
Re: [PATCH v8 05/12] landlock: Refactor unmask_layers() and init_layer_masks() · Mickaël Salaün <mic@digikod.net> · 2022-11-17
Re: [PATCH v8 05/12] landlock: Refactor unmask_layers() and init_layer_masks() · Konstantin Meskhidze (A) <hidden> · 2022-11-28
[PATCH v8 07/12] landlock: Add network rules support · Konstantin Meskhidze <hidden> · 2022-10-21
Re: [PATCH v8 07/12] landlock: Add network rules support · Mickaël Salaün <mic@digikod.net> · 2022-11-17
Re: [PATCH v8 07/12] landlock: Add network rules support · Konstantin Meskhidze (A) <hidden> · 2022-11-28
Re: [PATCH v8 07/12] landlock: Add network rules support · Mickaël Salaün <mic@digikod.net> · 2022-11-28
Re: [PATCH v8 07/12] landlock: Add network rules support · Konstantin Meskhidze (A) <hidden> · 2022-12-02
Re: [PATCH v8 07/12] landlock: Add network rules support · Konstantin Meskhidze (A) <hidden> · 2023-01-03
Re: [PATCH v8 07/12] landlock: Add network rules support · Konstantin Meskhidze (A) <hidden> · 2023-01-04
Re: [PATCH v8 07/12] landlock: Add network rules support · Mickaël Salaün <mic@digikod.net> · 2023-01-06
Re: [PATCH v8 07/12] landlock: Add network rules support · Konstantin Meskhidze (A) <hidden> · 2023-01-09
Re: [PATCH v8 07/12] landlock: Add network rules support · Dan Carpenter <hidden> · 2023-01-09
Re: [PATCH v8 07/12] landlock: Add network rules support · Konstantin Meskhidze (A) <hidden> · 2023-01-09
Re: [PATCH v8 07/12] landlock: Add network rules support · Dan Carpenter <hidden> · 2023-01-09
Re: [PATCH v8 07/12] landlock: Add network rules support · Konstantin Meskhidze (A) <hidden> · 2023-01-09
Re: [PATCH v8 07/12] landlock: Add network rules support · Dan Carpenter <hidden> · 2023-01-09
Re: [PATCH v8 07/12] landlock: Add network rules support · Konstantin Meskhidze (A) <hidden> · 2023-01-09
[PATCH v8 06/12] landlock: Refactor landlock_add_rule() syscall · Konstantin Meskhidze <hidden> · 2022-10-21
Re: [PATCH v8 06/12] landlock: Refactor landlock_add_rule() syscall · Mickaël Salaün <mic@digikod.net> · 2022-11-17
Re: [PATCH v8 06/12] landlock: Refactor landlock_add_rule() syscall · Konstantin Meskhidze (A) <hidden> · 2022-11-28
[PATCH v8 09/12] selftests/landlock: Share enforce_ruleset() · Konstantin Meskhidze <hidden> · 2022-10-21
Re: [PATCH v8 09/12] selftests/landlock: Share enforce_ruleset() · Mickaël Salaün <mic@digikod.net> · 2022-11-17
Re: [PATCH v8 09/12] selftests/landlock: Share enforce_ruleset() · Konstantin Meskhidze (A) <hidden> · 2022-11-28
[PATCH v8 10/12] selftests/landlock: Add 10 new test suites dedicated to network · Konstantin Meskhidze <hidden> · 2022-10-21
Re: [PATCH v8 10/12] selftests/landlock: Add 10 new test suites dedicated to network · Mickaël Salaün <mic@digikod.net> · 2023-01-09
Re: [PATCH v8 10/12] selftests/landlock: Add 10 new test suites dedicated to network · Konstantin Meskhidze (A) <hidden> · 2023-01-10
Re: [PATCH v8 10/12] selftests/landlock: Add 10 new test suites dedicated to network · Mickaël Salaün <mic@digikod.net> · 2023-01-10
Re: [PATCH v8 10/12] selftests/landlock: Add 10 new test suites dedicated to network · Konstantin Meskhidze (A) <hidden> · 2023-01-11
[PATCH v8 08/12] landlock: Implement TCP network hooks · Konstantin Meskhidze <hidden> · 2022-10-21
Re: [PATCH v8 08/12] landlock: Implement TCP network hooks · Mickaël Salaün <mic@digikod.net> · 2022-11-17
Re: [PATCH v8 08/12] landlock: Implement TCP network hooks · Konstantin Meskhidze (A) <hidden> · 2022-11-28
Re: [PATCH v8 08/12] landlock: Implement TCP network hooks · Mickaël Salaün <mic@digikod.net> · 2022-11-28
Re: [PATCH v8 08/12] landlock: Implement TCP network hooks · Konstantin Meskhidze (A) <hidden> · 2022-12-02
Re: [PATCH v8 08/12] landlock: Implement TCP network hooks · Mickaël Salaün <mic@digikod.net> · 2022-12-02
Re: [PATCH v8 08/12] landlock: Implement TCP network hooks · Konstantin Meskhidze (A) <hidden> · 2022-12-05
Re: [PATCH v8 08/12] landlock: Implement TCP network hooks · Mickaël Salaün <mic@digikod.net> · 2022-12-05
Re: [PATCH v8 08/12] landlock: Implement TCP network hooks · Konstantin Meskhidze (A) <hidden> · 2023-01-05
Re: [PATCH v8 08/12] landlock: Implement TCP network hooks · Mickaël Salaün <mic@digikod.net> · 2023-01-06
Re: [PATCH v8 08/12] landlock: Implement TCP network hooks · Konstantin Meskhidze (A) <hidden> · 2023-01-09
Re: [PATCH v8 08/12] landlock: Implement TCP network hooks · Mickaël Salaün <mic@digikod.net> · 2023-01-09
Re: [PATCH v8 08/12] landlock: Implement TCP network hooks · Konstantin Meskhidze (A) <hidden> · 2023-01-10
Re: [PATCH v8 08/12] landlock: Implement TCP network hooks · Mickaël Salaün <mic@digikod.net> · 2023-01-10
Re: [PATCH v8 08/12] landlock: Implement TCP network hooks · Konstantin Meskhidze (A) <hidden> · 2023-01-11
[PATCH v8 11/12] samples/landlock: Add network demo · Konstantin Meskhidze <hidden> · 2022-10-21
Re: [PATCH v8 11/12] samples/landlock: Add network demo · Mickaël Salaün <mic@digikod.net> · 2022-11-16
Re: [PATCH v8 11/12] samples/landlock: Add network demo · Konstantin Meskhidze (A) <hidden> · 2022-11-28
Re: [PATCH v8 11/12] samples/landlock: Add network demo · Mickaël Salaün <mic@digikod.net> · 2022-11-28
Re: [PATCH v8 11/12] samples/landlock: Add network demo · Konstantin Meskhidze (A) <hidden> · 2022-12-02
Re: [PATCH v8 11/12] samples/landlock: Add network demo · Konstantin Meskhidze (A) <hidden> · 2023-01-05
Re: [PATCH v8 11/12] samples/landlock: Add network demo · Mickaël Salaün <mic@digikod.net> · 2023-01-06
Re: [PATCH v8 11/12] samples/landlock: Add network demo · Konstantin Meskhidze (A) <hidden> · 2023-01-09
[PATCH v8 12/12] landlock: Document Landlock's network support · Konstantin Meskhidze <hidden> · 2022-10-21
Re: [PATCH v8 12/12] landlock: Document Landlock's network support · Mickaël Salaün <mic@digikod.net> · 2022-11-17
Re: [PATCH v8 12/12] landlock: Document Landlock's network support · Konstantin Meskhidze (A) <hidden> · 2022-11-28
Re: [PATCH v8 12/12] landlock: Document Landlock's network support · Mickaël Salaün <mic@digikod.net> · 2022-11-28
Re: [PATCH v8 12/12] landlock: Document Landlock's network support · Konstantin Meskhidze (A) <hidden> · 2022-12-02

From: Konstantin Meskhidze (A) <hidden>
Date: 2022-12-02 02:48:59
Also in: netdev, netfilter-devel


11/28/2022 11:26 PM, Mickaël Salaün пишет:

On 28/11/2022 03:49, Konstantin Meskhidze (A) wrote:

quoted


11/16/2022 5:25 PM, Mickaël Salaün пишет:

quoted

On 21/10/2022 17:26, Konstantin Meskhidze wrote:

quoted

This commit adds network demo. It's possible to allow a sandboxer to
bind/connect to a list of particular ports restricting network
actions to the rest of ports.

Signed-off-by: Konstantin Meskhidze <redacted>
---

[...]

quoted

+		access_net_tcp &= ~LANDLOCK_ACCESS_NET_BIND_TCP;
+	}
+	/* Removes connect access attribute if not supported by a user. */
+	env_port_name = getenv(ENV_TCP_CONNECT_NAME);
+	if (!env_port_name) {
+		access_net_tcp &= ~LANDLOCK_ACCESS_NET_CONNECT_TCP;
+	}
+	ruleset_attr.handled_access_net &= access_net_tcp;

There is no need for access_net_tcp.

    Do you mean to delete this var?

Yes

   Got it.

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help