Re: [RFC PATCH v1 2/9] landlock: Support TCP listen access-control

[RFC PATCH v1 0/9] Support TCP listen access-control · Mikhail Ivanov <hidden> · 2024-07-28
[RFC PATCH v1 3/9] selftests/landlock: Support LANDLOCK_ACCESS_NET_LISTEN_TCP · Mikhail Ivanov <hidden> · 2024-07-28
[RFC PATCH v1 4/9] selftests/landlock: Test listening restriction · Mikhail Ivanov <hidden> · 2024-07-28
[RFC PATCH v1 1/9] landlock: Refactor current_check_access_socket() access right check · Mikhail Ivanov <hidden> · 2024-07-28
[RFC PATCH v1 5/9] selftests/landlock: Test listen on connected socket · Mikhail Ivanov <hidden> · 2024-07-28
Re: [RFC PATCH v1 5/9] selftests/landlock: Test listen on connected socket · Mickaël Salaün <mic@digikod.net> · 2024-08-01
Re: [RFC PATCH v1 5/9] selftests/landlock: Test listen on connected socket · Mikhail Ivanov <hidden> · 2024-08-01
[RFC PATCH v1 2/9] landlock: Support TCP listen access-control · Mikhail Ivanov <hidden> · 2024-07-28
Re: [RFC PATCH v1 2/9] landlock: Support TCP listen access-control · "Günther Noack" <gnoack@google.com> · 2024-07-30
Re: [RFC PATCH v1 2/9] landlock: Support TCP listen access-control · Mikhail Ivanov <hidden> · 2024-07-31
Re: [RFC PATCH v1 2/9] landlock: Support TCP listen access-control · "Günther Noack" <gnoack@google.com> · 2024-08-01
Re: [RFC PATCH v1 2/9] landlock: Support TCP listen access-control · Mikhail Ivanov <hidden> · 2024-08-01
Re: [RFC PATCH v1 2/9] landlock: Support TCP listen access-control · Mickaël Salaün <mic@digikod.net> · 2024-07-31
Re: [RFC PATCH v1 2/9] landlock: Support TCP listen access-control · Mikhail Ivanov <hidden> · 2024-08-01
Re: [RFC PATCH v1 2/9] landlock: Support TCP listen access-control · Mickaël Salaün <mic@digikod.net> · 2024-08-01
Re: [RFC PATCH v1 2/9] landlock: Support TCP listen access-control · Mikhail Ivanov <hidden> · 2024-08-01
Re: [RFC PATCH v1 2/9] landlock: Support TCP listen access-control · Mickaël Salaün <mic@digikod.net> · 2024-08-01
Re: [RFC PATCH v1 2/9] landlock: Support TCP listen access-control · Mikhail Ivanov <hidden> · 2024-08-01
Re: [RFC PATCH v1 2/9] landlock: Support TCP listen access-control · Mickaël Salaün <mic@digikod.net> · 2024-08-01
Re: [RFC PATCH v1 2/9] landlock: Support TCP listen access-control · Mikhail Ivanov <hidden> · 2024-08-01
[RFC PATCH v1 6/9] selftests/landlock: Test listening without explicit bind restriction · Mikhail Ivanov <hidden> · 2024-07-28
[RFC PATCH v1 7/9] selftests/landlock: Test listen on ULP socket without clone method · Mikhail Ivanov <hidden> · 2024-07-28
Re: [RFC PATCH v1 7/9] selftests/landlock: Test listen on ULP socket without clone method · Mickaël Salaün <mic@digikod.net> · 2024-08-01
Re: [RFC PATCH v1 7/9] selftests/landlock: Test listen on ULP socket without clone method · Mikhail Ivanov <hidden> · 2024-08-01
[RFC PATCH v1 8/9] selftests/landlock: Test changing socket backlog with listen(2) · Mikhail Ivanov <hidden> · 2024-07-28
[RFC PATCH v1 9/9] samples/landlock: Support LANDLOCK_ACCESS_NET_LISTEN · Mikhail Ivanov <hidden> · 2024-07-28

From: Mickaël Salaün <mic@digikod.net>
Date: 2024-08-01 16:01:38
Also in: netdev, netfilter-devel

On Thu, Aug 01, 2024 at 06:34:41PM +0300, Mikhail Ivanov wrote:

8/1/2024 5:45 PM, Mickaël Salaün wrote:

quoted

On Thu, Aug 01, 2024 at 10:52:25AM +0300, Mikhail Ivanov wrote:

quoted

7/31/2024 9:30 PM, Mickaël Salaün wrote:

quoted

On Sun, Jul 28, 2024 at 08:25:55AM +0800, Mikhail Ivanov wrote:

quoted

LANDLOCK_ACCESS_NET_BIND_TCP is useful to limit the scope of "bindable"
ports to forbid a malicious sandboxed process to impersonate a legitimate
server process. However, bind(2) might be used by (TCP) clients to set the
source port to a (legitimate) value. Controlling the ports that can be
used for listening would allow (TCP) clients to explicitly bind to ports
that are forbidden for listening.

Such control is implemented with a new LANDLOCK_ACCESS_NET_LISTEN_TCP
access right that restricts listening on undesired ports with listen(2).

It's worth noticing that this access right doesn't affect changing
backlog value using listen(2) on already listening socket.

* Create new LANDLOCK_ACCESS_NET_LISTEN_TCP flag.
* Add hook to socket_listen(), which checks whether the socket is allowed
    to listen on a binded local port.
* Add check_tcp_socket_can_listen() helper, which validates socket
    attributes before the actual access right check.
* Update `struct landlock_net_port_attr` documentation with control of
    binding to ephemeral port with listen(2) description.
* Change ABI version to 6.

Closes: https://github.com/landlock-lsm/linux/issues/15
Signed-off-by: Mikhail Ivanov <redacted>

Thanks for this series!

I cannot apply this patch series though, could you please provide the
base commit?  BTW, this can be automatically put in the cover letter
with the git format-patch's --base argument.

base-commit: 591561c2b47b7e7225e229e844f5de75ce0c09ec

Thanks, the following commit makes this series to not apply.

Sorry, you mean that the series are succesfully applied, right?

Yes, it works with the commit you provided.  I was talking about a next
(logical) commit f4b89d8ce5a8 ("landlock: Various documentation
improvements") which makes your series not apply, but that's OK now.

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help