Received: by 2002:ab2:6309:0:b0:1fb:d597:ff75 with SMTP id s9csp1035320lqt; Fri, 7 Jun 2024 06:26:18 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCVt99X7W6eRkGXeQ5UBZLZjMm7rhFBeXI3/kRbXCMLBeRx0J6DoP2+uXLsntU8zJ+mVzXl3wR5dUCWGB85rsXq8y4uB5jTqGnsh1Hf+YQ== X-Google-Smtp-Source: AGHT+IEwugk+X3f5dW/yB+7CjnrpOZ5KCJkWAtoNyce2KNJtpF/Ze8MIDnQoRmjC60LcYrcQ6h1s X-Received: by 2002:a50:c181:0:b0:57c:5ec9:f5d9 with SMTP id 4fb4d7f45d1cf-57c5eca001emr1343116a12.31.1717766778278; Fri, 07 Jun 2024 06:26:18 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1717766778; cv=pass; d=google.com; s=arc-20160816; b=BLf6Kn14kaGo++oxr6l6Lrli8B+QHPjVOD3Mji8EEimoehgw9rTTVWO1HtVJpjweOF AuszP9fxb5Swzuex5nxSyCgs6hAsP4rYSyd3fh+49VPj0C16D9FhNzmHSWvAh3qbb/qJ KxLdR4supEZ+Pds9DTs3WpGkm2LAKcW9aADkO5cituxnN67ZOJ8GWliZ9UvDywnLrWKN RmLP4xEBS44+pPm476uj89a3CFKNKgwaCXqyrfbFHKVLsdZLi7iR37K9n4KPFDQ2c6uV 6BoHASxREXu5MmBvtGkcOnJDJBrKsWfShomxFfer+xcImGoeDPDsG4iaQmENB2YSSoE9 4m8Q== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=in-reply-to:content-disposition:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:message-id:subject:cc :to:from:date:dkim-signature; bh=n71A7cX3TozsXpZsbXCxm4QUKgBjZqjxSxqPuRC+zjU=; fh=Ad+sHGYPVvbXZtys5FY5wGUS46DACuDTNHH7LmmhAz8=; b=PD4GeqDOJ2e0/d3Z5Su2TLn+r8F0np/q02cTm4oykulFUQUBhCor39u1ar2oTeClE9 5QYSdVxG4niyUyF90QBObLMUOKwcmXGK0RYqIP07Zk6SVfPu+Thd0XuriXVUBANFDqCG VBxqSyQMZgDcFKZIFV1fP55iOpOfbDwQblqsLXrMS/bQhA2MuIRzOrtES1Q4l4ge3FLk EpFsovNncGAAoJDS5BRcE1AiwRQluS/GVh5jZGVxhiZYuBKXf1lsxkzKGK2d+uB/8QR4 lHB6xUbmSRLxg2aD468laQXtW+AcKTtqHDwXlUIM7Vpimlxry+sakQfxFmvyMln06LF5 67pg==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=JDztUcvS; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-206135-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-206135-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [147.75.80.249]) by mx.google.com with ESMTPS id 4fb4d7f45d1cf-57aae28e117si1885626a12.672.2024.06.07.06.26.18 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 07 Jun 2024 06:26:18 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-206135-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) client-ip=147.75.80.249; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=JDztUcvS; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-206135-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-206135-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by am.mirrors.kernel.org (Postfix) with ESMTPS id D8F491F25788 for ; Fri, 7 Jun 2024 13:26:17 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id C2A20194C8D; Fri, 7 Jun 2024 13:24:16 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="JDztUcvS" Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id DE76C15DBC1; Fri, 7 Jun 2024 13:24:15 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717766656; cv=none; b=f65E3s9GdLPLYDIydw+eiXPRUQ4/pFXJHpT5FSySjtBouf6Sd05JdxZ9Hkzfh9JJYElw25vbPGFeLOiJ1oODgQXbnRb4JpMZOiBhbOLNtcWL2vraU//JCAdGhUXBWUVDGYVxRdLSgEg/bdBNeObJEMiB4wIiVqQVTACLcOX9Pgs= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717766656; c=relaxed/simple; bh=wVF9xY3bR+1qDUnVkTJXj/DMwKOX5LwldEXjp0TYtDo=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=fwF05p6O6cXdC4Q+fQmbfJJHNVnaESXBTMp1jGbxkKF92Fh8FFnn1wQileXXlPSpBdZHh+DWenfOFBaE2ES/VrGieF0FNxkCpg/bHuk7uU8GFGsgM6l1dPcmrPQATUQuQyNwszQm7k0e0fkKRi+hsF0zFGrBBeibA8aLzyC1djc= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=JDztUcvS; arc=none smtp.client-ip=10.30.226.201 Received: by smtp.kernel.org (Postfix) with ESMTPSA id 0ADDBC2BBFC; Fri, 7 Jun 2024 13:24:12 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1717766655; bh=wVF9xY3bR+1qDUnVkTJXj/DMwKOX5LwldEXjp0TYtDo=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=JDztUcvSqeBno6dD439/MkH/PgooBhSCcTZVjiYHpsFpWmfNeoX2scsNssDX6HIkG l2jMRQPa1pF3q7LZR+x7IzKWkHX8xcAyATahzkvIpG6yu+9K7x1hyBSV0PsOyQP0q2 UB9R008nUoymwDMzHbO81sqMz4Yyge07nFWVSrsjqZ0dycGf3lcMCweZIzzcf+WnHr 9s7rmcuZTGAJ5fgIcekeRw4RGq/Iiyba5tczELg4rQxmMd3F6GpFeLp140ZD7M1fTj OLuE+ny06naCEXdldvseigo3p5l8be7lINsbl/n7wUVf18vNcULlYs3LvTOwMOcpAA MrIoJktBF7/Gw== Date: Fri, 7 Jun 2024 14:24:10 +0100 From: Simon Horman To: Tahera Fahimi Cc: =?utf-8?Q?Micka=C3=ABl_Sala=C3=BCn?= , =?utf-8?Q?G=C3=BCnther?= Noack , linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org, Paul Moore , James Morris , "Serge E. Hallyn" , =?utf-8?B?QmrDtnJu?= Roy Baron , Jann Horn , "netdev@vger.kernel.org" , outreachy@lists.linux.dev Subject: Re: [PATCH v3] landlock: Add abstract unix socket connect restriction Message-ID: <20240607132410.GC27689@kernel.org> References: Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: On Wed, Jun 05, 2024 at 10:36:11PM -0600, Tahera Fahimi wrote: > Abstract unix sockets are used for local inter-process communications > without on a filesystem. Currently a sandboxed process can connect to a > socket outside of the sandboxed environment, since landlock has no > restriction for connecting to a unix socket in the abstract namespace. > Access to such sockets for a sandboxed process should be scoped the same > way ptrace is limited. > > Because of compatibility reasons and since landlock should be flexible, > we extend the user space interface by adding a new "scoped" field. This > field optionally contains a "LANDLOCK_SCOPED_ABSTRACT_UNIX_SOCKET" to > specify that the ruleset will deny any connection from within the > sandbox to its parents(i.e. any parent sandbox or non-sandbox processes) > > Closes: https://github.com/landlock-lsm/linux/issues/7 > > Signed-off-by: Tahera Fahimi ... > diff --git a/include/uapi/linux/landlock.h b/include/uapi/linux/landlock.h > index 68625e728f43..1641aeb9eeaa 100644 > --- a/include/uapi/linux/landlock.h > +++ b/include/uapi/linux/landlock.h > @@ -37,6 +37,12 @@ struct landlock_ruleset_attr { > * rule explicitly allow them. > */ > __u64 handled_access_net; > + /** > + * scoped: Bitmask of actions (cf. `Scope access flags`_) nit: s/scoped: /@scoped: / Flagged by ./scripts/kernel-doc -none > + * that is handled by this ruleset and should be permitted > + * by default if no rule explicitly deny them. > + */ > + __u64 scoped; > }; > > /* ...