[PATCH v1 1/2] Landlock: Add signal control
Jann Horn
jannh at google.com
Mon Jul 22 12:45:35 UTC 2024
On Fri, Jul 5, 2024 at 11:22 PM Tahera Fahimi <fahimitahera at gmail.com> wrote:
> Currently, a sandbox process is not restricted to send a signal
> (e.g. SIGKILL) to a process outside of the sandbox environment.
> Ability to sending a signal for a sandboxed process should be
> scoped the same way abstract unix sockets are scoped.
>
> The same way as abstract unix socket, we extend "scoped" field
> in a ruleset with "LANDLOCK_SCOPED_SIGNAL" to specify that a ruleset
> will deny sending any signal from within a sandbox process to its
> parent(i.e. any parent sandbox or non-sandboxed procsses).
>
> Signed-off-by: Tahera Fahimi <fahimitahera at gmail.com>
[...]
> +static int hook_file_send_sigiotask(struct task_struct *tsk,
> + struct fown_struct *fown, int signum)
> +{
> + const struct task_struct *result =
> + get_pid_task(fown->pid, fown->pid_type);
get_pid_task() returns a refcounted reference; you'll have to call
put_task_struct(result) to drop this reference at the end of the
function.
> + const struct landlock_ruleset *const dom =
> + landlock_get_task_domain(result);
> + if (signal_is_scoped(dom, tsk))
> + return 0;
> + return EPERM;
> +}
More information about the Linux-security-module-archive
mailing list