diff options
| author | Tahera Fahimi <fahimitahera@gmail.com> | 2024-09-04 18:14:01 -0600 |
|---|---|---|
| committer | Mickaël Salaün <mic@digikod.net> | 2024-09-16 23:50:51 +0200 |
| commit | 369b48b43a09f995876bb2e88d78845eb2a80212 (patch) | |
| tree | ed29aca259586c4477b5e69e4c0c498780bd7729 /samples/pfsm | |
| parent | 644a728506c794e9e4f5fb9845ed4f7014cf46d9 (diff) | |
| download | linux-369b48b43a09f995876bb2e88d78845eb2a80212.tar.gz linux-369b48b43a09f995876bb2e88d78845eb2a80212.tar.bz2 linux-369b48b43a09f995876bb2e88d78845eb2a80212.zip | |
samples/landlock: Add support for abstract UNIX socket scoping
The sandboxer can receive the character "a" as input from the
environment variable LL_SCOPE to restrict sandboxed processes from
connecting to an abstract UNIX socket created by a process outside of
the sandbox.
Example
=======
Create an abstract UNIX socket to listen with socat(1):
socat abstract-listen:mysocket -
Create a sandboxed shell and pass the character "a" to LL_SCOPED:
LL_FS_RO=/ LL_FS_RW=. LL_SCOPED="a" ./sandboxer /bin/bash
Note that any other form of input (e.g. "a:a", "aa", etc) is not
acceptable.
If the sandboxed process tries to connect to the listening socket, the
connection will fail:
socat - abstract-connect:mysocket
Signed-off-by: Tahera Fahimi <fahimitahera@gmail.com>
Link: https://lore.kernel.org/r/d8af908f00b77415caa3eb0f4de631c3794e4909.1725494372.git.fahimitahera@gmail.com
[mic: Improve commit message, simplify check_ruleset_scope() with
inverted error code and only one scoped change, always unset environment
variable]
Signed-off-by: Mickaël Salaün <mic@digikod.net>
Diffstat (limited to 'samples/pfsm')
0 files changed, 0 insertions, 0 deletions