Commits
- Commit:
faa3086db292eb93914697ff2f78785fd8793af1
- From:
- Omar Polo <op@omarpolo.com>
- Date:
fmt
- Commit:
dc607f079dc09cab9843a918024c3771f5214f05
- From:
- Omar Polo <op@omarpolo.com>
- Date:
support landlock ABI v2 and v3
Add the right #ifdef for backward-compatibility and block REFER and
TRUNCATE as well, otherwise they're silently and implicitly allowed.
The funny part is that LANDLOCK_ACCESS_FS_TRUNCATE doesn't even need
write permissions.
ok thomas
- Commit:
3530f6ee16aaaddef48c026e2dab926bd7f2ef36
- From:
- Omar Polo <op@omarpolo.com>
- Date:
remove needless newline escaping
- Commit:
49541807dc224979ed6ac6cb35636f35f41d1f71
- From:
- Omar Polo <op@omarpolo.com>
- Date:
don't include linux/prctl.h
On some libc implementations (at least musl) linux/prctl.h conflicts
with sys/prctl.h as they both define the same structs.
Fixes the build on alpine linux; reported by omni on IRC, thanks!
ok thomas
- Commit:
a75b210eed1d491d23b0cfef8ac3a51607bf2c19
- From:
- Omar Polo <op@omarpolo.com>
- Date:
dropping unused includes
- Commit:
9cefc4c1a6b51bc17dbf315d7b79a1da8a8dc846
- From:
- Omar Polo <op@omarpolo.com>
- Date:
fix landlock usage: handled_access_fs must list all actions
The ruleset's handled_access_fs has to list all the defined actions
because otherwise missing ones are implicitly permitted. Thus, the
previous version ended up allowing "almost everything" except reading
files.
Original diff from Mickaël Salaün, thanks!
ok thomas
- Commit:
5e997b01390a9de2b9cefa7c44375da470e447c6
- From:
- Omar Polo <op@omarpolo.com>
- Date:
s/ENOTSUP/EOPNOTSUPP/
linux defines these errors to the same values, but the landlock doc uses
`EOPNOTSUPP' consistently. Spotted initially by brynet@ and reminded by
Mickaël Salaün, thanks!
ok thomas
- Commit:
97799ccd4b67a81f97039305d4fdd66588da9962
- From:
- Thomas Adam <thomas@xteddy.org>
- Date:
portable: add support for landlock
landlock is a new set of linux APIs that is conceptually similar to
unveil(2): the idea is to restrict what a process can do on a
specified part of the filesystem. There are some differences in the
behaviour: the major one being that the landlock ruleset is inherited
across execve(2).
This just restricts the libexec helpers by completely revoking ANY
filesystem access; after all they are the biggest attack surface. got
send/fetch/clone *may* end up spawning ssh(1), so at the moment is not
possible to landlock the main process.
From Omar Polo.