[PATCH] tomoyo: fallback to realpath if symlink's pathname does not exist
Tetsuo Handa
penguin-kernel at I-love.SAKURA.ne.jp
Wed Sep 25 13:57:08 UTC 2024
On 2024/09/25 21:49, Alfred Agrell wrote:
> Hello
>
> The environment in which I discovered this issue is a homemade sandboxing
> solution that chroots to an empty directory, and uses seccomp-bpf SIGSYS
> to forward filesystem operations to the sandbox manager process. The exec
> target is a statically linked binary specifically designed for said sandbox.
>
> I don't expect that exec of arbitrary programs will work (most of them have
> .interp = /lib64/ld-linux-x86-64.so.2, which doesn't exist either), but I
> do expect that this specific program works.
I see.
>
> I don't know enough about the kernel to say anything about that patch;
> if you say it works, I'll trust that. Thanks.
I confirmed that this change makes your example program work.
I applied this change as
https://sourceforge.net/p/tomoyo/tomoyo.git/ci/ada1986d07976d60bed5017aa38b7f7cf27883f7/ .
Please request for backport after this change is applied to linux.git tree.
Thank you for reporting this bug.
More information about the Linux-security-module-archive
mailing list