Received: by 2002:a25:868d:0:0:0:0:0 with SMTP id z13csp1003178ybk; Wed, 13 May 2020 20:11:50 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyGoc7xwInj86wroIc7H1XQcn/P2GthxbL2gEHQuReG0n59rFX/PdM4S3USlYT5Pd15WIF2 X-Received: by 2002:aa7:dc49:: with SMTP id g9mr2099444edu.62.1589425910149; Wed, 13 May 2020 20:11:50 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1589425910; cv=none; d=google.com; s=arc-20160816; b=sYVV0taguHX1rMIz87Y6nGQ/opc/aBJarlPG0BSGtPfBc7aaM+JDtx4sakzTMkn1pI tnNrKuDr6nugxp8vXLBH1ilIdgogLEWwxdnwM+gDH1XlPAT67nxjL/uPvwooYBPMo/Bb 7KBmcuGOYw2XXsgGe1SGtpAiVnd/Y8jhuFvcj+f/JhEgzANq9+cpTfJNhMs85RCKl+JU UvV1EIBSthXIam+NKJt8ANbl1SrW8koTDgPs6NDAB2h8C5t42v85i7YxUDoNicDZ9rJJ bsJVV2Wvu4fprFTbFdsst7hGCowuwAAkAaTWNSyBVduK8rdam1W7hqQ/tEsu59Zovf8f HKDg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:user-agent:references :message-id:in-reply-to:subject:cc:to:from:date; bh=fAcHh6UHUaY7yqZ70l/m2N/2vwRyWyqWy1rJMqeJmJ0=; b=RQH2jEkuvNssKWJ62gvyacSd61nbFOhk6hXDTzULyJVMNLg2WIJItU79bTllQUEJEP LHxUYbeU5iAPJreD1QpGxXLog7dZ59eNAaluJ5Zb5kPAE+XAf0bfR7T+YMP33fkueCGH 0MjUTDx/PzaUXDEbn6nBp+gGSKgwxp0XcpYymcnOUXiSRKtoY2eU/KWnuYllpapt03B6 +/PEv2TOwNfq1k7zzeGq1bToQuG7iVeAtmQB74BWtk2oMqAOj/l7Dmz6YWKkbXnvg5eh sBV48GE5x28vNzuYtCcZ+wRIlTXaEnhC9Xb5fky94VfXmivey29dMeB43Sxrwy3tBX9g gj+w== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id b22si855967eds.109.2020.05.13.20.11.27; Wed, 13 May 2020 20:11:50 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726059AbgENDKF (ORCPT + 99 others); Wed, 13 May 2020 23:10:05 -0400 Received: from namei.org ([65.99.196.166]:58830 "EHLO namei.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725895AbgENDKE (ORCPT ); Wed, 13 May 2020 23:10:04 -0400 Received: from localhost (localhost [127.0.0.1]) by namei.org (8.14.4/8.14.4) with ESMTP id 04E39WDY032357; Thu, 14 May 2020 03:09:32 GMT Date: Thu, 14 May 2020 13:09:32 +1000 (AEST) From: James Morris To: =?ISO-8859-15?Q?Micka=EBl_Sala=FCn?= cc: linux-kernel@vger.kernel.org, Al Viro , Andy Lutomirski , Arnd Bergmann , Casey Schaufler , Jann Horn , Jonathan Corbet , Kees Cook , Michael Kerrisk , =?ISO-8859-15?Q?Micka=EBl_Sala=FCn?= , "Serge E . Hallyn" , Shuah Khan , Vincent Dagonneau , kernel-hardening@lists.openwall.com, linux-api@vger.kernel.org, linux-arch@vger.kernel.org, linux-doc@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-security-module@vger.kernel.org, x86@kernel.org Subject: Re: [PATCH v17 02/10] landlock: Add ruleset and domain management In-Reply-To: <20200511192156.1618284-3-mic@digikod.net> Message-ID: References: <20200511192156.1618284-1-mic@digikod.net> <20200511192156.1618284-3-mic@digikod.net> User-Agent: Alpine 2.21 (LRH 202 2017-01-01) MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="1665246916-408680353-1589425772=:30052" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org This message is in MIME format. The first part should be readable text, while the remaining parts are likely unreadable without MIME-aware tools. --1665246916-408680353-1589425772=:30052 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8BIT On Mon, 11 May 2020, Mickaël Salaün wrote: > + * .. warning:: > + * > + * It is currently not possible to restrict some file-related actions > + * accessible through these syscall families: :manpage:`chdir(2)`, > + * :manpage:`truncate(2)`, :manpage:`stat(2)`, :manpage:`flock(2)`, > + * :manpage:`chmod(2)`, :manpage:`chown(2)`, :manpage:`setxattr(2)`, > + * :manpage:`ioctl(2)`, :manpage:`fcntl(2)`. > + * Future Landlock evolutions will enable to restrict them. I have to wonder how useful Landlock will be without more coverage per the above. It would be helpful if you could outline a threat model for this initial version, so people can get an idea of what kind of useful protection may be gained from it. Are there any distros or other major users who are planning on enabling or at least investigating Landlock? Do you have any examples of a practical application of this scheme? -- James Morris --1665246916-408680353-1589425772=:30052--