[PATCH v7 4/4] documentation/landlock: Adding scoping mechanism documentation
Mickaël Salaün
mic at digikod.net
Fri Jul 26 08:04:40 UTC 2024
On Wed, Jul 17, 2024 at 10:15:22PM -0600, Tahera Fahimi wrote:
> - Defining ABI version 6 that supports IPC restriction.
> - Adding "scoped" to the "Access rights".
> - In current limitation, unnamed sockets are specified as
> sockets that are not restricted.
>
> Signed-off-by: Tahera Fahimi <fahimitahera at gmail.com>
> ---
> Documentation/userspace-api/landlock.rst | 23 ++++++++++++++++++++---
> 1 file changed, 20 insertions(+), 3 deletions(-)
>
> diff --git a/Documentation/userspace-api/landlock.rst b/Documentation/userspace-api/landlock.rst
> index 07b63aec56fa..61b91cc03560 100644
> --- a/Documentation/userspace-api/landlock.rst
> +++ b/Documentation/userspace-api/landlock.rst
> @@ -8,7 +8,7 @@ Landlock: unprivileged access control
> =====================================
>
> :Author: Mickaël Salaün
> -:Date: April 2024
> +:Date: July 2024
>
> The goal of Landlock is to enable to restrict ambient rights (e.g. global
> filesystem or network access) for a set of processes. Because Landlock
> @@ -306,6 +306,16 @@ To be allowed to use :manpage:`ptrace(2)` and related syscalls on a target
> process, a sandboxed process should have a subset of the target process rules,
> which means the tracee must be in a sub-domain of the tracer.
>
> +IPC Scoping
> +-----------
> +
> +Similar to Ptrace, a sandboxed process should not be able to access the resources
> +(like abstract unix sockets, or signals) outside of the sandbox domain. For example,
> +a sandboxed process should not be able to :manpage:`connect(2)` to a non-sandboxed
> +process through abstract unix sockets (:manpage:`unix(7)`). This restriction is
> +applicable by optionally specifying ``LANDLOCK_SCOPED_ABSTRACT_UNIX_SOCKET`` in
> +the ruleset.
> +
> Truncating files
> ----------------
>
> @@ -404,7 +414,7 @@ Access rights
> -------------
>
> .. kernel-doc:: include/uapi/linux/landlock.h
> - :identifiers: fs_access net_access
> + :identifiers: fs_access net_access scoped
If you look at the generated documentation, you'll see that the `Scope
flags` links are broken, and the related section is missing. This is
because it should not be "scoped" but "scope" here.
With `make htmldocs` you'll also see that there are formating issues in
this (missing) section.
More information about the Linux-security-module-archive
mailing list