[RFC PATCH v2 04/14] landlock: Add unique ID generator
Mickaël Salaün
mic at digikod.net
Wed Nov 13 15:18:31 UTC 2024
On Fri, Oct 25, 2024 at 05:18:06PM +0200, Francis Laniel wrote:
> Hi!
>
> Le mardi 22 octobre 2024, 18:09:59 CEST Mickaël Salaün a écrit :
> > Landlock IDs can be generated to uniquely identify Landlock objects.
> > For now, only Landlock domains get an ID at creation time.
> >
> > These IDs have important properties:
> > * They are unique during the lifetime of the running system thanks to
> > the 64-bit values: at worse, 2^60 - 2*2^32 useful IDs.
> > * They are always greater than 2^32 and must then be stored in 64-bit
> > integer types.
> > * The initial ID (at boot time) is randomly picked between 2^32 and
> > 2^33, which limits collisions in logs between different boots.
> > * IDs are sequential, which enables users to order them.
> > * IDs may not be consecutive but increase with a random 2^4 step, which
> > limits side channels.
> >
> > Such IDs can be exposed to unprivileged processes, even if it is not the
> > case with this audit patch series. The domain IDs will be useful for
> > user space to identify sandboxes and get their properties.
> >
> > Cc: Günther Noack <gnoack at google.com>
> > Cc: Paul Moore <paul at paul-moore.com>
> > Signed-off-by: Mickaël Salaün <mic at digikod.net>
> > Link: https://lore.kernel.org/r/20241022161009.982584-5-mic@digikod.net
> > ---
> > diff --git a/security/landlock/id.h b/security/landlock/id.h
> > new file mode 100644
> > index 000000000000..689ba7607472
> > --- /dev/null
> > +++ b/security/landlock/id.h
> > @@ -0,0 +1,25 @@
> > +/* SPDX-License-Identifier: GPL-2.0-only */
> > +/*
> > + * Landlock LSM - Unique identification number generator
> > + *
> > + * Copyright © 2024 Microsoft Corporation
> > + */
> > +
> > +#ifndef _SECURITY_LANDLOCK_ID_H
> > +#define _SECURITY_LANDLOCK_ID_H
> > +
> > +#ifdef CONFIG_AUDIT
> > +
> > +void __init landlock_init_id(void);
> > +
> > +u64 landlock_get_id(size_t number_of_ids);
> > +
> > +#else /* CONFIG_AUDIT */
> > +
> > +static inline void __init landlock_init_id(void)
> > +{
> > +}
>
> Should the function have the same signature than when CONFIG_AUDIT is set?
The API is the same, only the static inline changes, which is what we
need to do in a header file.
More information about the Linux-security-module-archive
mailing list