Received: by 10.223.185.116 with SMTP id b49csp4361243wrg; Tue, 6 Mar 2018 14:29:37 -0800 (PST) X-Google-Smtp-Source: AG47ELunCugRnAL4kfnEViqCCxBMEzAMlPcjaOHEaVFzWDtZii8ZNKZDxvJ5O3fjIKXOEQvTcf5X X-Received: by 10.99.115.73 with SMTP id d9mr16883243pgn.354.1520375377665; Tue, 06 Mar 2018 14:29:37 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1520375377; cv=none; d=google.com; s=arc-20160816; b=QBVT8rFinoZCpWlk2BNXLYlZpfsGarqHRNmeY2GfKLvF6j5Hh2SEpVJSRa0PI1Z6wt o1JwTiVs3UcMRPFLYEC9aw6RHuaiHSpEWOIxGRu5SOr7P6VTGDluquV8MXeBrnfyDeTW dRH9P9VeVY2jLLLG5+B4OIcnsZTu1SqJ/IUA7duP3bBKRQEL3D+aZQweFhRvMF2oMC1z NapWgqhYNyA61sC9x4pyevh4feLPiLlqQWIi/JpvC/f8OpBr3Ni9COx0C9N7miwBWctA YhN/QnLOfbZTuZ6gVATmTK/ZAe9tGViPquEMqsONkMGJeS23eXWjjCkveoRsy4+/G83J Z8mg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject:arc-authentication-results; bh=EFpcSxiH8cNGKd9v8KWwqmvgjplFw8SU+c0nzu5jzpE=; b=0pkua+7DYUNqDUjf/Kz8+y2+S1SLlWq0+LXAjdbIQyc+OSUxpCngdXK0a2THFVb6kd fddWXXwn6MM31p90Fvz5ozmzbJ5J4w5WbDV3w2SHjKGcgwjlUGPsr3S2/mIQlUJMHv26 Mcb1gf+vUH9xJw5LvVskLUGQs1UJHUBTDZt/TaBxqKKBBS1pbNudnOKRP9bfc8Fl+t+7 B05B9C6IYaEfhWm9KxTiQRGWXjrba7U4/fzMGiK/YaAajxjHCsbpb4lrmSYfaPM6o2+K Goq0it/AZ5tKi1ZlzlfScn9BW9ESb310fr9Bhn/gfD2tUFL3ep6LSyS18H4cJueS5TgV V3YQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 61-v6si11970682plq.737.2018.03.06.14.29.22; Tue, 06 Mar 2018 14:29:37 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754166AbeCFW0z (ORCPT + 99 others); Tue, 6 Mar 2018 17:26:55 -0500 Received: from smtp-sh.infomaniak.ch ([128.65.195.4]:49847 "EHLO smtp-sh.infomaniak.ch" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753805AbeCFW0x (ORCPT ); Tue, 6 Mar 2018 17:26:53 -0500 Received: from smtp5.infomaniak.ch (smtp5.infomaniak.ch [83.166.132.18]) by smtp-sh.infomaniak.ch (8.14.5/8.14.5) with ESMTP id w26MPiP7025229 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 6 Mar 2018 23:25:46 +0100 Received: from ns3096276.ip-94-23-54.eu (ns3096276.ip-94-23-54.eu [94.23.54.103]) (authenticated bits=0) by smtp5.infomaniak.ch (8.14.5/8.14.5) with ESMTP id w26MPeMY059696 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO); Tue, 6 Mar 2018 23:25:40 +0100 Subject: Re: [PATCH bpf-next v8 00/11] Landlock LSM: Toward unprivileged sandboxing To: Andy Lutomirski Cc: LKML , Alexei Starovoitov , Arnaldo Carvalho de Melo , Casey Schaufler , Daniel Borkmann , David Drysdale , "David S . Miller" , "Eric W . Biederman" , James Morris , Jann Horn , Jonathan Corbet , Michael Kerrisk , Kees Cook , Paul Moore , Sargun Dhillon , "Serge E . Hallyn" , Shuah Khan , Tejun Heo , Thomas Graf , Tycho Andersen , Will Drewry , Kernel Hardening , Linux API , LSM List , Network Development References: <20180227004121.3633-1-mic@digikod.net> <2e06621c-08e9-dc12-9b6e-9c09d5d8f458@digikod.net> From: =?UTF-8?Q?Micka=c3=abl_Sala=c3=bcn?= Message-ID: Date: Tue, 6 Mar 2018 23:25:31 +0100 User-Agent: MIME-Version: 1.0 In-Reply-To: Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="PvZReyUi33n28IxqiwHX1q5FTHMFGG1i5" X-Antivirus: Dr.Web (R) for Unix mail servers drweb plugin ver.6.0.2.8 X-Antivirus-Code: 0x100000 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --PvZReyUi33n28IxqiwHX1q5FTHMFGG1i5 Content-Type: multipart/mixed; boundary="sEcIHHJqCS6B4cMrH9dqyVOUmWwcXc4Pq"; protected-headers="v1" From: =?UTF-8?Q?Micka=c3=abl_Sala=c3=bcn?= To: Andy Lutomirski Cc: LKML , Alexei Starovoitov , Arnaldo Carvalho de Melo , Casey Schaufler , Daniel Borkmann , David Drysdale , "David S . Miller" , "Eric W . Biederman" , James Morris , Jann Horn , Jonathan Corbet , Michael Kerrisk , Kees Cook , Paul Moore , Sargun Dhillon , "Serge E . Hallyn" , Shuah Khan , Tejun Heo , Thomas Graf , Tycho Andersen , Will Drewry , Kernel Hardening , Linux API , LSM List , Network Development Message-ID: Subject: Re: [PATCH bpf-next v8 00/11] Landlock LSM: Toward unprivileged sandboxing References: <20180227004121.3633-1-mic@digikod.net> <2e06621c-08e9-dc12-9b6e-9c09d5d8f458@digikod.net> In-Reply-To: --sEcIHHJqCS6B4cMrH9dqyVOUmWwcXc4Pq Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: quoted-printable On 28/02/2018 00:09, Andy Lutomirski wrote: > On Tue, Feb 27, 2018 at 10:03 PM, Micka=C3=ABl Sala=C3=BCn wrote: >> >> On 27/02/2018 05:36, Andy Lutomirski wrote: >>> On Tue, Feb 27, 2018 at 12:41 AM, Micka=C3=ABl Sala=C3=BCn wrote: >>>> Hi, >>>> >=20 >>>> >>>> ## Why use the seccomp(2) syscall? >>>> >>>> Landlock use the same semantic as seccomp to apply access rule >>>> restrictions. It add a new layer of security for the current process= >>>> which is inherited by its children. It makes sense to use an unique >>>> access-restricting syscall (that should be allowed by seccomp filter= s) >>>> which can only drop privileges. Moreover, a Landlock rule could come= >>>> from outside a process (e.g. passed through a UNIX socket). It is t= hen >>>> useful to differentiate the creation/load of Landlock eBPF programs = via >>>> bpf(2), from rule enforcement via seccomp(2). >>> >>> This seems like a weak argument to me. Sure, this is a bit different= >>> from seccomp(), and maybe shoving it into the seccomp() multiplexer i= s >>> awkward, but surely the bpf() multiplexer is even less applicable. >> >> I think using the seccomp syscall is fine, and everyone agreed on it. >> >=20 > Ah, sorry, I completely misread what you wrote. My apologies. You > can disregard most of my email. >=20 >> >>> >>> Also, looking forward, I think you're going to want a bunch of the >>> stuff that's under consideration as new seccomp features. Tycho is >>> working on a "user notifier" feature for seccomp where, in addition t= o >>> accepting, rejecting, or kicking to ptrace, you can send a message to= >>> the creator of the filter and wait for a reply. I think that Landloc= k >>> will want exactly the same feature. >> >> I don't think why this may be useful at all her. Landlock does not >> filter at the syscall level but handles kernel object and actions as >> does an LSM. That is the whole purpose of Landlock. >=20 > Suppose I'm writing a container manager. I want to run "mount" in the > container, but I don't want to allow moun() in general and I want to > emulate certain mount() actions. I can write a filter that catches > mount using seccomp and calls out to the container manager for help. > This isn't theoretical -- Tycho wants *exactly* this use case to be > supported. Well, I think this use case should be handled with something like LD_PRELOAD and a helper library. FYI, I did something like this: https://github.com/stemjail/stemshim Otherwise, we should think about enabling a process to (dynamically) extend/patch the vDSO (similar to LD_PRELOAD but at the syscall level and works with static binaries) for a subset of processes (the same way seccomp filters are inherited). It may be more powerful and flexible than extending the kernel/seccomp to patch (buggy?) userland. >=20 > But using seccomp for this is indeed annoying. It would be nice to > use Landlock's ability to filter based on the filesystem type, for > example. So Tycho could write a Landlock rule like: >=20 > bool filter_mount(...) > { > if (path needs emulation) > call_user_notifier(); > } >=20 > And it should work. >=20 > This means that, if both seccomp user notifiers and Landlock make it > upstream, then there should probably be a way to have a user notifier > bound to a seccomp filter and a set of landlock filters. >=20 Using seccomp filters and Landlock programs may be powerful. However, for this use case, I think a *post-syscall* vDSO-like (which could get some data returned by a Landlock program) may be much more flexible (with less kernel code). What is needed here is a way to know the kernel semantic (Landlock) and a way to patch userland without patching its code (vDSO-like). --sEcIHHJqCS6B4cMrH9dqyVOUmWwcXc4Pq-- --PvZReyUi33n28IxqiwHX1q5FTHMFGG1i5 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAEBCgAdFiEEUysCyY8er9Axt7hqIt7+33O9apUFAlqfFVsACgkQIt7+33O9 apXBpgf+IexCxH4mYe+h7ZXCYbbX2SNVuELlcdHdOc0/nWAtQp1iE60Q5cerYFzd 2GyIc2aNTXQo8bxcvUIubzGPmvIiDkuAB5FvaDsjgkC/02YisW6N9QegxMx7duD6 QtHTiW8LqIektN1IkNstUXn6M796ToUjMMrJo+Mh/hyUV488wepbsPNvRQwTD9g8 sbvC1CVnQQtjqPNkgqaI1uA4n3hRB75a+9JH8tRu/Z7CP9EiTpqVuJhx02R7jO8P k2aMZXLNbdO3p14nk67gL/TMhLIIPLEcVWICjmDexGMY+o3ehARIYV+KqEXVbzO4 rgQ9zEHUngRX4523Yf46CtEZUgn+3A== =i3OW -----END PGP SIGNATURE----- --PvZReyUi33n28IxqiwHX1q5FTHMFGG1i5--