1. 13 May, 2024 2 commits
    • Günther Noack's avatar
      landlock: Add IOCTL access right for character and block devices · b25f7415
      Günther Noack authored
      Introduces the LANDLOCK_ACCESS_FS_IOCTL_DEV right
      and increments the Landlock ABI version to 5.
      
      This access right applies to device-custom IOCTL commands
      when they are invoked on block or character device files.
      
      Like the truncate right, this right is associated with a file
      descriptor at the time of open(2), and gets respected even when the
      file descriptor is used outside of the thread which it was originally
      opened in.
      
      Therefore, a newly enabled Landlock policy does not apply to file
      descriptors which are already open.
      
      If the LANDLOCK_ACCESS_FS_IOCTL_DEV right is handled, only a small
      number of safe IOCTL commands will be permitted on newly opened device
      files.  These include FIOCLEX, FIONCLEX, FIONBIO and FIOASYNC, as well
      as other IOCTL commands for regular files which are implemented in
      fs/ioctl.c.
      
      Noteworthy scenarios which require special attention:
      
      TTY devices are often passed into a process from the parent process,
      and so a newly enabled Landlock policy does not retroactively apply to
      them automatically.  In the past, TTY devices have often supported
      IOCTL commands like TIOCSTI and some TIOCLINUX subcommands, which were
      letting callers control the TTY input buffer (and simulate
      keypresses).  This should be restricted to CAP_SYS_ADMIN programs on
      modern kernels though.
      
      Known limitations:
      
      The LANDLOCK_ACCESS_FS_IOCTL_DEV access right is a coarse-grained
      control over IOCTL commands.
      
      Landlock users may use path-based restrictions in combination with
      their knowledge about the file system layout to control what IOCTLs
      can be done.
      
      Cc: Paul Moore <paul@paul-moore.com>
      Cc: Christian Brauner <brauner@kernel.org>
      Cc: Arnd Bergmann <arnd@arndb.de>
      Signed-off-by: default avatarGünther Noack <gnoack@google.com>
      Link: https://lore.kernel.org/r/20240419161122.2023765-2-gnoack@google.comSigned-off-by: default avatarMickaël Salaün <mic@digikod.net>
      b25f7415
    • Ivanov Mikhail's avatar
      samples/landlock: Fix incorrect free in populate_ruleset_net · 42212936
      Ivanov Mikhail authored
      Pointer env_port_name changes after strsep(). Memory allocated via
      strdup() will not be freed if landlock_add_rule() returns non-zero value.
      
      Fixes: 5e990dce ("samples/landlock: Support TCP restrictions")
      Signed-off-by: default avatarIvanov Mikhail <ivanov.mikhail1@huawei-partners.com>
      Reviewed-by: default avatarKonstantin Meskhidze <konstantin.meskhidze@huawei.com>
      Link: https://lore.kernel.org/r/20240326095625.3576164-1-ivanov.mikhail1@huawei-partners.comSigned-off-by: default avatarMickaël Salaün <mic@digikod.net>
      42212936
  2. 12 May, 2024 5 commits
  3. 11 May, 2024 10 commits
  4. 10 May, 2024 20 commits
  5. 09 May, 2024 3 commits