Thread (66 messages) 66 messages, 6 authors, 2016-10-05

Re: [RFC v2 00/10] Landlock LSM: Unprivileged sandboxing (cgroup delegation)

From: Mickaël Salaün <mic@digikod.net>
Date: 2016-08-27 15:22:47
Also in: cgroups, linux-api, lkml

Cc Tejun and the cgroups ML.

On 27/08/2016 17:10, Mickaël Salaün wrote:
On 27/08/2016 09:40, Andy Lutomirski wrote:
quoted
On Thu, Aug 25, 2016 at 3:32 AM, Mickaël Salaün [off-list ref] wrote:
quoted
# Sandbox example with conditional access control depending on cgroup

  $ mkdir /sys/fs/cgroup/sandboxed
  $ ls /home
  user1
  $ LANDLOCK_CGROUPS='/sys/fs/cgroup/sandboxed' \
      LANDLOCK_ALLOWED='/bin:/lib:/usr:/tmp:/proc/self/fd/0' \
      ./sandbox /bin/sh -i
  $ ls /home
  user1
  $ echo $$ > /sys/fs/cgroup/sandboxed/cgroup.procs
  $ ls /home
  ls: cannot open directory '/home': Permission denied
Something occurs to me that isn't strictly relevant to landlock but
may be relevant to unprivileged cgroups: can you cause trouble by
setting up a nastily-configured cgroup and running a setuid program in
it?
I hope not… But the use of cgroups should not be mandatory for Landlock.
In a previous email:

On 26/08/2016 17:50, Tejun Heo wrote:
I haven't looked in detail but in general I'm not too excited about
layering security mechanism on top of cgroup.  Maybe it makes some
sense when security domain coincides with resource domains but at any
rate please keep me in the loop.
  

Attachments

Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help