[PATCH v1] landlock: Fix file reparenting without explicit LANDLOCK_ACCESS_FS_REFER

Mickaël Salaün mic at digikod.net
Wed Aug 31 17:17:39 UTC 2022


On 30/08/2022 20:25, Günther Noack wrote:
> On Fri, Aug 26, 2022 at 10:39:56AM -0400, Paul Moore wrote:
>> On Thu, Aug 25, 2022 at 6:27 PM Mickaël Salaün <mic at digikod.net> wrote:
>>> This patch fixes the (absolute) rule access rights, which now always
>>> forbid LANDLOCK_ACCESS_FS_REFER except when it is explicitely allowed
>>> when creating a rule. Making all domain handle LANDLOCK_ACCESS_FS_REFER
>>> was may initial approach but there is two downsides:
>>> - it makes the code more complex because we still want to check that a
>>> rule allowing LANDLOCK_ACCESS_FS_REFER is legitimate according to the
>>> ruleset's handled access rights (i.e. ABI v1 != ABI v2);
>>> - it would not allow to identify if the user created a ruleset
>>> explicitely handling LANDLOCK_ACCESS_FS_REFER or not, which will be an
>>> issue to audit Landlock (not really possible right now but soon ;) ).
>>
>> I like this explanation much better!
> 
> +1 I agree.
> 
> Phrasing wise, I'd also recommend to put the summary first, for example:
> 
> This patch fixes a mis-handling of the refer right when multiple
> rulesets are layered. The expected behaviour was that an additional
> ruleset can only restrict the set of permitted operations, but in this
> particular case, it was possible to re-gain the "refer" right.
> 
> Does that sound like a reasonable summary?

Hmm, it's not exactly to regain the "refer" right because there is no 
issue when it is handled by the ruleset/layer.

I pushed this patch with some rephrasing in -next Monday: 
https://git.kernel.org/pub/scm/linux/kernel/git/mic/linux.git/commit/?h=next&id=7e4c602a992a7cb635ae0c87f5ec2e49136f620c
I can still improve the description though. I plan to send it to Linus 
very soon.



More information about the Linux-security-module-archive mailing list