Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752699AbdIBNVM (ORCPT ); Sat, 2 Sep 2017 09:21:12 -0400 Received: from smtp-sh2.infomaniak.ch ([128.65.195.6]:42270 "EHLO smtp-sh2.infomaniak.ch" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752401AbdIBNVK (ORCPT ); Sat, 2 Sep 2017 09:21:10 -0400 Subject: Re: [PATCH net-next v7 08/10] bpf: Add a Landlock sandbox example To: Alban Crequy References: <20170821000933.13024-1-mic@digikod.net> <20170821000933.13024-9-mic@digikod.net> Cc: "linux-kernel@vger.kernel.org" , Alexei Starovoitov , Andy Lutomirski , Arnaldo Carvalho de Melo , Casey Schaufler , Daniel Borkmann , David Drysdale , "David S . Miller" , "Eric W . Biederman" , James Morris , Jann Horn , Jonathan Corbet , Matthew Garrett , Michael Kerrisk , Kees Cook , Paul Moore , Sargun Dhillon , "Serge E . Hallyn" , Shuah Khan , Tejun Heo , Thomas Graf , Will Drewry , kernel-hardening@lists.openwall.com, Linux API , LSM , netdev@vger.kernel.org, Michael Schubert , Iago Lopez Galeiras , Alban Crequy From: =?UTF-8?Q?Micka=c3=abl_Sala=c3=bcn?= Message-ID: Date: Sat, 2 Sep 2017 15:19:30 +0200 User-Agent: MIME-Version: 1.0 In-Reply-To: Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="LPEX4SLw9tcG5Ht2Iqlv7baDHGW2TBt3L" X-Antivirus: Dr.Web (R) for Unix mail servers drweb plugin ver.6.0.2.8 X-Antivirus-Code: 0x100000 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 3439 Lines: 85 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --LPEX4SLw9tcG5Ht2Iqlv7baDHGW2TBt3L Content-Type: multipart/mixed; boundary="26EWw87RgULwiglfXrfILK2QjoxDFJ89a"; protected-headers="v1" From: =?UTF-8?Q?Micka=c3=abl_Sala=c3=bcn?= To: Alban Crequy Cc: "linux-kernel@vger.kernel.org" , Alexei Starovoitov , Andy Lutomirski , Arnaldo Carvalho de Melo , Casey Schaufler , Daniel Borkmann , David Drysdale , "David S . Miller" , "Eric W . Biederman" , James Morris , Jann Horn , Jonathan Corbet , Matthew Garrett , Michael Kerrisk , Kees Cook , Paul Moore , Sargun Dhillon , "Serge E . Hallyn" , Shuah Khan , Tejun Heo , Thomas Graf , Will Drewry , kernel-hardening@lists.openwall.com, Linux API , LSM , netdev@vger.kernel.org, Michael Schubert , Iago Lopez Galeiras , Alban Crequy Message-ID: Subject: Re: [PATCH net-next v7 08/10] bpf: Add a Landlock sandbox example References: <20170821000933.13024-1-mic@digikod.net> <20170821000933.13024-9-mic@digikod.net> In-Reply-To: --26EWw87RgULwiglfXrfILK2QjoxDFJ89a Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable On 01/09/2017 12:25, Alban Crequy wrote: > Hi Micka=C3=ABl, >=20 > On 21 August 2017 at 02:09, Micka=C3=ABl Sala=C3=BCn = wrote: >> Add a basic sandbox tool to create a process isolated from some part o= f >> the system. This sandbox create a read-only environment. It is only >> allowed to write to a character device such as a TTY: > ... >> + /* >> + * This check allows the action on the file if it is a directo= ry or a >> + * pipe. Otherwise, a message is printed to the eBPF log. >> + */ >> + if (S_ISCHR(ret) || S_ISFIFO(ret)) >> + return 0; >=20 >=20 > The comment says "directory", but the code checks for "character device= ". >=20 > Thanks! > Alban >=20 Fixed, thanks! --26EWw87RgULwiglfXrfILK2QjoxDFJ89a-- --LPEX4SLw9tcG5Ht2Iqlv7baDHGW2TBt3L Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAEBCgAdFiEEUysCyY8er9Axt7hqIt7+33O9apUFAlmqr+IACgkQIt7+33O9 apU0OwgAm3iR12+mCshM4L1yyw7+OfJ+JWHZbwOQ+LSlqM957nKEZ4x4LedO6v8a 0i6yKQpwuCdGiXC9WAcTACQzNQDAWnL7L0lWOOz7RQZQyoekhf1HVQZpHhRFWcRC 1xi/1j/MWbNJZ1ZXHwaDpbQctz69ylR0zmHhd2hudqYCxg5Jh/H0mZIv+snfXDw9 9QbUzcjB3Bdt35qpshDKn1pB+Pmn7N3g8WBHdVwdgypY9i9pj6g4NI1Rx6QsP2SX s4pH3Xk+wV5FqrxoTPajruQFr+NtUNbM/rO4GN9reaWp826SzAMklz5/jDWwAMXw aZPSIn+8x721bMENZqoE3Zms6IfMQA== =q9o+ -----END PGP SIGNATURE----- --LPEX4SLw9tcG5Ht2Iqlv7baDHGW2TBt3L--