[PATCH v3 0/5] Landlock: IOCTL support
Mickaël Salaün
mic at digikod.net
Fri Aug 18 13:39:19 UTC 2023
On Mon, Aug 14, 2023 at 07:28:11PM +0200, Günther Noack wrote:
> Hello!
>
> These patches add simple ioctl(2) support to Landlock.
>
[...]
> How we arrived at the list of always-permitted IOCTL commands
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>
> To decide which IOCTL commands should be blanket-permitted I went through the
> list of IOCTL commands mentioned in fs/ioctl.c and looked at them individually
> to understand what they are about. The following list is my conclusion from
> that.
>
> We should always allow the following IOCTL commands:
>
> * FIOCLEX, FIONCLEX - these work on the file descriptor and manipulate the
> close-on-exec flag
> * FIONBIO, FIOASYNC - these work on the struct file and enable nonblocking-IO
> and async flags
> * FIONREAD - get the number of bytes available for reading (the implementation
> is defined per file type)
I think we should treat FIOQSIZE like FIONREAD, i.e. check for
LANDLOCK_ACCESS_FS_READ_FILE as explain in my previous message.
Tests should then rely on something else.
[...]
> Changes
> ~~~~~~~
>
> V3:
> * always permit the IOCTL commands FIOCLEX, FIONCLEX, FIONBIO, FIOASYNC and
> FIONREAD, independent of LANDLOCK_ACCESS_FS_IOCTL
> * increment ABI version in the same commit where the feature is introduced
> * testing changes
> * use FIOQSIZE instead of TTY IOCTL commands
> (FIOQSIZE works with regular files, directories and memfds)
> * run the memfd test with both Landlock enabled and disabled
> * add a test for the always-permitted IOCTL commands
More information about the Linux-security-module-archive
mailing list