[RFC PATCH v1 2/7] samples/landlock: Clarify option parsing behaviour
Mickaël Salaün
mic at digikod.net
Fri Sep 20 13:38:47 UTC 2024
On Mon, Sep 16, 2024 at 02:22:25PM +0200, Matthieu Buffet wrote:
> - Clarify which environment variables are optional, which ones are
> mandatory
> - Clarify the difference between unset variables and empty ones
> - Move the (larger) help message to a helper function
>
> Signed-off-by: Matthieu Buffet <matthieu at buffet.re>
> ---
> samples/landlock/sandboxer.c | 86 ++++++++++++++++++++----------------
> 1 file changed, 48 insertions(+), 38 deletions(-)
>
> diff --git a/samples/landlock/sandboxer.c b/samples/landlock/sandboxer.c
> index a84ae3a15482..08704504dc51 100644
> --- a/samples/landlock/sandboxer.c
> +++ b/samples/landlock/sandboxer.c
> @@ -221,6 +221,53 @@ static int populate_ruleset_net(const char *const env_var, const int ruleset_fd,
>
> #define LANDLOCK_ABI_LAST 5
>
> +static void print_help(const char *prog)
> +{
> + fprintf(stderr,
> + "usage: %s=\"...\" %s=\"...\" [other environment variables] %s "
> + "<cmd> [args]...\n\n",
> + ENV_FS_RO_NAME, ENV_FS_RW_NAME, prog);
> + fprintf(stderr,
> + "Execute a command in a restricted environment.\n\n");
> + fprintf(stderr,
> + "Environment variables containing paths and ports "
> + "can be multi-valued, with a colon delimiter.\n"
> + "\n"
> + "Mandatory settings:\n");
> + fprintf(stderr,
> + "* %s: list of paths allowed to be used in a read-only way.\n",
> + ENV_FS_RO_NAME);
> + fprintf(stderr,
> + "* %s: list of paths allowed to be used in a read-write way.\n",
> + ENV_FS_RW_NAME);
> + fprintf(stderr,
> + "\n"
> + "Optional settings (when not set, their associated access "
> + "check is always allowed) (for lists, an empty string means "
> + "to allow nothing, e.g. %s=\"\"):\n",
> + ENV_TCP_BIND_NAME);
> + fprintf(stderr,
> + "* %s: list of ports allowed to bind (server).\n",
> + ENV_TCP_BIND_NAME);
> + fprintf(stderr,
> + "* %s: list of ports allowed to connect (client).\n",
> + ENV_TCP_CONNECT_NAME);
> + fprintf(stderr,
> + "\n"
> + "Example:\n"
> + "%s=\"${PATH}:/lib:/usr:/proc:/etc:/dev/urandom\" "
> + "%s=\"/dev/null:/dev/full:/dev/zero:/dev/pts:/tmp\" "
> + "%s=\"9418\" "
> + "%s=\"80:443\" "
> + "%s bash -i\n\n",
> + ENV_FS_RO_NAME, ENV_FS_RW_NAME, ENV_TCP_BIND_NAME,
> + ENV_TCP_CONNECT_NAME, prog);
> + fprintf(stderr,
> + "This sandboxer can use Landlock features "
> + "up to ABI version %d.\n",
> + LANDLOCK_ABI_LAST);
> +}
> +
> int main(const int argc, char *const argv[], char *const *const envp)
> {
> const char *cmd_path;
> @@ -237,44 +284,7 @@ int main(const int argc, char *const argv[], char *const *const envp)
> };
>
> if (argc < 2) {
> - fprintf(stderr,
> - "usage: %s=\"...\" %s=\"...\" %s=\"...\" %s=\"...\"%s "
> - "<cmd> [args]...\n\n",
> - ENV_FS_RO_NAME, ENV_FS_RW_NAME, ENV_TCP_BIND_NAME,
> - ENV_TCP_CONNECT_NAME, argv[0]);
> - fprintf(stderr,
> - "Execute a command in a restricted environment.\n\n");
> - fprintf(stderr,
> - "Environment variables containing paths and ports "
> - "each separated by a colon:\n");
> - fprintf(stderr,
> - "* %s: list of paths allowed to be used in a read-only way.\n",
> - ENV_FS_RO_NAME);
> - fprintf(stderr,
> - "* %s: list of paths allowed to be used in a read-write way.\n\n",
> - ENV_FS_RW_NAME);
> - fprintf(stderr,
> - "Environment variables containing ports are optional "
> - "and could be skipped.\n");
> - fprintf(stderr,
> - "* %s: list of ports allowed to bind (server).\n",
> - ENV_TCP_BIND_NAME);
> - fprintf(stderr,
> - "* %s: list of ports allowed to connect (client).\n",
> - ENV_TCP_CONNECT_NAME);
> - fprintf(stderr,
> - "\nexample:\n"
> - "%s=\"${PATH}:/lib:/usr:/proc:/etc:/dev/urandom\" "
> - "%s=\"/dev/null:/dev/full:/dev/zero:/dev/pts:/tmp\" "
> - "%s=\"9418\" "
> - "%s=\"80:443\" "
> - "%s bash -i\n\n",
> - ENV_FS_RO_NAME, ENV_FS_RW_NAME, ENV_TCP_BIND_NAME,
> - ENV_TCP_CONNECT_NAME, argv[0]);
> - fprintf(stderr,
> - "This sandboxer can use Landlock features "
> - "up to ABI version %d.\n",
> - LANDLOCK_ABI_LAST);
> + print_help(argv[0]);
Looks good, please rebase on my "next" branch with the new LL_SCOPED
variable and send it in a new series along with the previous fix:
https://git.kernel.org/pub/scm/linux/kernel/git/mic/linux.git/log/?h=next
> return 1;
> }
>
> --
> 2.39.5
>
>
More information about the Linux-security-module-archive
mailing list