[RFC PATCH 0/9] Landlock supervise: a mechanism for interactive permission requests
Jan Kara
jack at suse.cz
Thu Mar 6 21:04:54 UTC 2025
On Tue 04-03-25 01:12:56, Tingmao Wang wrote:
> Alternatives
> ------------
>
> I have looked for existing ways to implement the proposed use cases (at
> least for FS access), and three main approaches stand out to me:
>
> 1. Fanotify: there is already FAM_OPEN_PERM which waits for an allow/deny
> response from a fanotify listener. However, it does not currently have
> the equivalent _PERM for file creation, deletion, rename and linking, and
> it is also not designed for unprivileged, process-scoped use (unlike
> landlock).
As Amir wrote, arbitration of creation / deletion / ... is not a principial
problem for fanotify and we plan to go in that direction anyway for HSM
usecase. However adjusting fanotify permission events for a per-process
scope and for unpriviledged users is a fundamental difference to how
fanotify is designed to work (it watches filesystem objects, not processes
and actions they do) and so I don't think that would be a great fit. Also I
don't see fanotify expanding in the networking area as the concepts are
rather different there :).
Honza
--
Jan Kara <jack at suse.com>
SUSE Labs, CR
More information about the Linux-security-module-archive
mailing list