Received: by 10.223.185.116 with SMTP id b49csp4366175wrg;
        Tue, 6 Mar 2018 14:35:33 -0800 (PST)
X-Google-Smtp-Source: AG47ELtujmjQXpZsf6Zjt4udI2o//m68djXwWVzAtuMz1S/Jq9SbtvoHwov7cRhDh6I7LRlFkpKK
X-Received: by 10.98.97.198 with SMTP id v189mr20591276pfb.110.1520375733243;
        Tue, 06 Mar 2018 14:35:33 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1520375733; cv=none;
        d=google.com; s=arc-20160816;
        b=feIEHw99hoRsIujNeQ437xywRwjWcyK3o4euRbmBMRuJU+e2pTK4UkcpNZQ7FQDyWZ
         vqqP+ch4BV5/aameqa/Z0R3ItgUG6z/gXS5Pnmxvit04Q43ivv03PViPUKRWb+cQ4oCM
         eo/p10SKQoS2YIhC4wlv9IcVjKjTfsO5K8qGUrOlWko4OYpTCz2+Q2NA13gfS5Bf+VUo
         vsPTlijkHCLEzIFWNZXz5JcyXcUxK/DR4eSykqdTH3NZfpMZDoc7TZPnBDVs3F85tKl+
         LtKOHC9mLn3Ks/EDzgoo9kruqVBbHr6J0V1QopExqmLkgI2sMy8l7DcToMa4uFFfB7oa
         hq7w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding:cc:to:subject
         :message-id:date:from:references:in-reply-to:mime-version
         :dkim-signature:arc-authentication-results;
        bh=TMyDSF2HoxscHxPCWeApT7MrAdszuBcTNWt/NM0iel0=;
        b=LhKuEybdQV+YL2hgljOA1jqgP9eyvt7b1DEoHOR14XcemOiL0N5eIzsgJrwLmYu0ek
         HJgxdjVZatN4YB1oHf6DSrkePtKzSCU7SGcYXGLJzIRmIKHonJhFeGEy8ISyUIhGNLsp
         gCHt/PQurv1zVRFabk+RJZrMlgEI9QwbLp2TbDX9dMvauSej6qbClbXTU7HyB3vDm3aH
         J8GCoCvBoOkf9KsMNt43pJIX+X8msgkCaCPNAEyeoMiycnFIi/esibgS9abuOZwGtLmZ
         fGLawpCpWgrnT4kdqNTQymJ79MEqbndY8SE+dC53KN1QjhghItMN2kG3JENyRpl3UGTU
         1eJA==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@amacapital-net.20150623.gappssmtp.com header.s=20150623 header.b=Ts9+hnyK;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id x8si10514399pgq.477.2018.03.06.14.35.18;
        Tue, 06 Mar 2018 14:35:33 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@amacapital-net.20150623.gappssmtp.com header.s=20150623 header.b=Ts9+hnyK;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1754228AbeCFWdl (ORCPT <rfc822;chaneybenjamini@gmail.com>
        + 99 others); Tue, 6 Mar 2018 17:33:41 -0500
Received: from mail-io0-f194.google.com ([209.85.223.194]:36910 "EHLO
        mail-io0-f194.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1753978AbeCFWdi (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 6 Mar 2018 17:33:38 -0500
Received: by mail-io0-f194.google.com with SMTP id d71so792313iog.4
        for <linux-kernel@vger.kernel.org>; Tue, 06 Mar 2018 14:33:38 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=amacapital-net.20150623.gappssmtp.com; s=20150623;
        h=mime-version:in-reply-to:references:from:date:message-id:subject:to
         :cc:content-transfer-encoding;
        bh=TMyDSF2HoxscHxPCWeApT7MrAdszuBcTNWt/NM0iel0=;
        b=Ts9+hnyKNmPUaNCyHvofqVDCQooJl0iR4DQGDUgXc8FI/Lvpl0zw7a+InTUTABMr8M
         DBd1wOxPSpDUpPdRlYxEIfDwXbXuV4Akqv4inbZzwRCkPGSOZvfqMS3fEwdYQjymFlgF
         SPi/GVFIJA1CR/GxSoc7quvqTVLMmXdstp4UDec1yXZz04E3hiBdGNO4glyVQk6LAZsN
         2Dfaq53K5pOZ7m9yMPnB6jJO+P3igSufzAd5850HkQFy+/jOrteQiJjAigPqLYql9t7E
         JNGrmnXfIVLbyLrj1LC/J/hDak0oyuuynwZSCuTpp2yXRn2rp56m0npbgNXnJ6GPg7rX
         pNmA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:in-reply-to:references:from:date
         :message-id:subject:to:cc:content-transfer-encoding;
        bh=TMyDSF2HoxscHxPCWeApT7MrAdszuBcTNWt/NM0iel0=;
        b=Wf/N56wH3xE7u5GMhfOuZOnhuHMBaSWktHX30scwk0GQsOpK20YlLuujrIMPkF9/Em
         ZbAJZqIFvS71INNMmytKJGYib2X/IOyZndUBapxk/XqXGhBeG0Lfkd5MtL8+tF//Ae//
         MmZV1UUqdAUuw0UYJM2iuAFsqHJSLsZQR3HxvUrxPntY8OFgAZaZssutXEWkcxoWTZAb
         UVj2trGcKGDl61ZZzF/p6tycC9uB6UNOdcDvC/N41s46Q6pYHsRCqwGWMVEk+Lq+VFJF
         GaJi4+sL0aOCEfHiRgbKn1gqO/tbWljYfiSEfRi1kCjSVQjJmkBK3Vtl/4jk4K8hr8RE
         ds5A==
X-Gm-Message-State: AElRT7G+UlHQJPb4CqBJYKtjBKN9trBXejIQT5nFyo8W8czeqpaHbuDh
        lcHT7D4OqCypcwrPRLuIKnfRxIt66ublf5+bZSnb8w==
X-Received: by 10.107.40.73 with SMTP id o70mr23014391ioo.6.1520375617819;
 Tue, 06 Mar 2018 14:33:37 -0800 (PST)
MIME-Version: 1.0
Received: by 10.2.137.101 with HTTP; Tue, 6 Mar 2018 14:33:17 -0800 (PST)
In-Reply-To: <a70b41ee-78cb-52cc-152c-ac5e43b7e45c@digikod.net>
References: <20180227004121.3633-1-mic@digikod.net> <CALCETrV3OZb70o83uOG437PubwBwaUJ6SKQucq_7g1BuBOmxzg@mail.gmail.com>
 <2e06621c-08e9-dc12-9b6e-9c09d5d8f458@digikod.net> <CALCETrWnJ7WkkfiymyahQd7YqO0KXP4mG1pRMq7fp8LG8Bwtcw@mail.gmail.com>
 <a70b41ee-78cb-52cc-152c-ac5e43b7e45c@digikod.net>
From:   Andy Lutomirski <luto@amacapital.net>
Date:   Tue, 6 Mar 2018 22:33:17 +0000
Message-ID: <CALCETrUQYp0ta4tLgUWJ79pZVwp3WRY7cp-XaPcn1WyTc=wZyg@mail.gmail.com>
Subject: Re: [PATCH bpf-next v8 00/11] Landlock LSM: Toward unprivileged sandboxing
To:     =?UTF-8?B?TWlja2HDq2wgU2FsYcO8bg==?= <mic@digikod.net>
Cc:     LKML <linux-kernel@vger.kernel.org>,
        Alexei Starovoitov <ast@kernel.org>,
        Arnaldo Carvalho de Melo <acme@kernel.org>,
        Casey Schaufler <casey@schaufler-ca.com>,
        Daniel Borkmann <daniel@iogearbox.net>,
        David Drysdale <drysdale@google.com>,
        "David S . Miller" <davem@davemloft.net>,
        "Eric W . Biederman" <ebiederm@xmission.com>,
        James Morris <james.l.morris@oracle.com>,
        Jann Horn <jann@thejh.net>, Jonathan Corbet <corbet@lwn.net>,
        Michael Kerrisk <mtk.manpages@gmail.com>,
        Kees Cook <keescook@chromium.org>,
        Paul Moore <paul@paul-moore.com>,
        Sargun Dhillon <sargun@sargun.me>,
        "Serge E . Hallyn" <serge@hallyn.com>,
        Shuah Khan <shuah@kernel.org>, Tejun Heo <tj@kernel.org>,
        Thomas Graf <tgraf@suug.ch>, Tycho Andersen <tycho@tycho.ws>,
        Will Drewry <wad@chromium.org>,
        Kernel Hardening <kernel-hardening@lists.openwall.com>,
        Linux API <linux-api@vger.kernel.org>,
        LSM List <linux-security-module@vger.kernel.org>,
        Network Development <netdev@vger.kernel.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Tue, Mar 6, 2018 at 10:25 PM, Micka=C3=ABl Sala=C3=BCn <mic@digikod.net>=
 wrote:
>
>
> On 28/02/2018 00:09, Andy Lutomirski wrote:
>> On Tue, Feb 27, 2018 at 10:03 PM, Micka=C3=ABl Sala=C3=BCn <mic@digikod.=
net> wrote:
>>>
>>> On 27/02/2018 05:36, Andy Lutomirski wrote:
>>>> On Tue, Feb 27, 2018 at 12:41 AM, Micka=C3=ABl Sala=C3=BCn <mic@digiko=
d.net> wrote:
>>>>> Hi,
>>>>>
>>
>>>>>
>>>>> ## Why use the seccomp(2) syscall?
>>>>>
>>>>> Landlock use the same semantic as seccomp to apply access rule
>>>>> restrictions. It add a new layer of security for the current process
>>>>> which is inherited by its children. It makes sense to use an unique
>>>>> access-restricting syscall (that should be allowed by seccomp filters=
)
>>>>> which can only drop privileges. Moreover, a Landlock rule could come
>>>>> from outside a process (e.g.  passed through a UNIX socket). It is th=
en
>>>>> useful to differentiate the creation/load of Landlock eBPF programs v=
ia
>>>>> bpf(2), from rule enforcement via seccomp(2).
>>>>
>>>> This seems like a weak argument to me.  Sure, this is a bit different
>>>> from seccomp(), and maybe shoving it into the seccomp() multiplexer is
>>>> awkward, but surely the bpf() multiplexer is even less applicable.
>>>
>>> I think using the seccomp syscall is fine, and everyone agreed on it.
>>>
>>
>> Ah, sorry, I completely misread what you wrote.  My apologies.  You
>> can disregard most of my email.
>>
>>>
>>>>
>>>> Also, looking forward, I think you're going to want a bunch of the
>>>> stuff that's under consideration as new seccomp features.  Tycho is
>>>> working on a "user notifier" feature for seccomp where, in addition to
>>>> accepting, rejecting, or kicking to ptrace, you can send a message to
>>>> the creator of the filter and wait for a reply.  I think that Landlock
>>>> will want exactly the same feature.
>>>
>>> I don't think why this may be useful at all her. Landlock does not
>>> filter at the syscall level but handles kernel object and actions as
>>> does an LSM. That is the whole purpose of Landlock.
>>
>> Suppose I'm writing a container manager.  I want to run "mount" in the
>> container, but I don't want to allow moun() in general and I want to
>> emulate certain mount() actions.  I can write a filter that catches
>> mount using seccomp and calls out to the container manager for help.
>> This isn't theoretical -- Tycho wants *exactly* this use case to be
>> supported.
>
> Well, I think this use case should be handled with something like
> LD_PRELOAD and a helper library. FYI, I did something like this:
> https://github.com/stemjail/stemshim

I doubt that will work for containers.  Containers that use user
namespaces and, for example, setuid programs aren't going to honor
LD_PRELOAD.

>
> Otherwise, we should think about enabling a process to (dynamically)
> extend/patch the vDSO (similar to LD_PRELOAD but at the syscall level
> and works with static binaries) for a subset of processes (the same way
> seccomp filters are inherited). It may be more powerful and flexible
> than extending the kernel/seccomp to patch (buggy?) userland.

Egads!