Cc Tejun and the cgroups ML.
On 27/08/2016 17:10, Mickaël Salaün wrote:
On 27/08/2016 09:40, Andy Lutomirski wrote:
quoted
On Thu, Aug 25, 2016 at 3:32 AM, Mickaël Salaün [off-list ref] wrote:
quoted
# Sandbox example with conditional access control depending on cgroup
$ mkdir /sys/fs/cgroup/sandboxed
$ ls /home
user1
$ LANDLOCK_CGROUPS='/sys/fs/cgroup/sandboxed' \
LANDLOCK_ALLOWED='/bin:/lib:/usr:/tmp:/proc/self/fd/0' \
./sandbox /bin/sh -i
$ ls /home
user1
$ echo $$ > /sys/fs/cgroup/sandboxed/cgroup.procs
$ ls /home
ls: cannot open directory '/home': Permission denied
Something occurs to me that isn't strictly relevant to landlock but
may be relevant to unprivileged cgroups: can you cause trouble by
setting up a nastily-configured cgroup and running a setuid program in
it?
I hope not… But the use of cgroups should not be mandatory for Landlock.
In a previous email:
On 26/08/2016 17:50, Tejun Heo wrote:
I haven't looked in detail but in general I'm not too excited about
layering security mechanism on top of cgroup. Maybe it makes some
sense when security domain coincides with resource domains but at any
rate please keep me in the loop.