iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

samples/landlock: Don't error out if a file path cannot be opened

Browse Source 
Instead of creating a hard error and aborting the sandbox creation,
accept file path not usable in the LL_FS_RO and LL_FS_RW environment
variables but only print a warning.  This makes it easier to test, for
instance with LL_FS_RO="${PATH}:/usr/lib:/lib"

Print that we are going to execute the command in the sandbox before
doing so.

Rename "launch" to "execute", and improve header description.

Reviewed-by: Günther Noack <gnoack@google.com>
Link: https://lore.kernel.org/r/20240307143849.1517218-1-mic@digikod.net
[mic: Improve header description as suggested by Günther]
Signed-off-by: Mickaël Salaün <mic@digikod.net>
This commit is contained in:
Mickaël Salaün 2024-03-07 15:38:49 +01:00
parent 63817febd1
commit a17c60e533
No known key found for this signature in database
GPG Key ID: E5E3D0E88C82F6D2
1 changed files with 8 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
samples/landlock/sandboxer.c
View File

@ -1,7 +1,7 @@
// SPDX-License-Identifier: BSD-3-Clause // SPDX-License-Identifier: BSD-3-Clause
/* /*
* Simple Landlock sandbox manager able to launch a process restricted by a * Simple Landlock sandbox manager able to execute a process restricted by
* user-defined filesystem access control policy. * user-defined file system and network access control policies.
* *
* Copyright © 2017-2020 Mickaël Salaün <mic@digikod.net> * Copyright © 2017-2020 Mickaël Salaün <mic@digikod.net>
* Copyright © 2020 ANSSI * Copyright © 2020 ANSSI
@ -120,9 +120,11 @@ static int populate_ruleset_fs(const char *const env_var, const int ruleset_fd,
if (path_beneath.parent_fd < 0) { if (path_beneath.parent_fd < 0) {
fprintf(stderr, "Failed to open \"%s\": %s\n", fprintf(stderr, "Failed to open \"%s\": %s\n",
path_list[i], strerror(errno)); path_list[i], strerror(errno));
goto out_free_name; continue;
} }
if (fstat(path_beneath.parent_fd, &statbuf)) { if (fstat(path_beneath.parent_fd, &statbuf)) {
fprintf(stderr, "Failed to stat \"%s\": %s\n",
path_list[i], strerror(errno));
close(path_beneath.parent_fd); close(path_beneath.parent_fd);
goto out_free_name; goto out_free_name;
} }
@ -227,7 +229,7 @@ int main(const int argc, char *const argv[], char *const *const envp)
ENV_FS_RO_NAME, ENV_FS_RW_NAME, ENV_TCP_BIND_NAME, ENV_FS_RO_NAME, ENV_FS_RW_NAME, ENV_TCP_BIND_NAME,
ENV_TCP_CONNECT_NAME, argv[0]); ENV_TCP_CONNECT_NAME, argv[0]);
fprintf(stderr, fprintf(stderr,
"Launch a command in a restricted environment.\n\n"); "Execute a command in a restricted environment.\n\n");
fprintf(stderr, fprintf(stderr,
"Environment variables containing paths and ports " "Environment variables containing paths and ports "
"each separated by a colon:\n"); "each separated by a colon:\n");
@ -248,7 +250,7 @@ int main(const int argc, char *const argv[], char *const *const envp)
ENV_TCP_CONNECT_NAME); ENV_TCP_CONNECT_NAME);
fprintf(stderr, fprintf(stderr,
"\nexample:\n" "\nexample:\n"
"%s=\"/bin:/lib:/usr:/proc:/etc:/dev/urandom\" " "%s=\"${PATH}:/lib:/usr:/proc:/etc:/dev/urandom\" "
"%s=\"/dev/null:/dev/full:/dev/zero:/dev/pts:/tmp\" " "%s=\"/dev/null:/dev/full:/dev/zero:/dev/pts:/tmp\" "
"%s=\"9418\" " "%s=\"9418\" "
"%s=\"80:443\" " "%s=\"80:443\" "
@ -383,6 +385,7 @@ int main(const int argc, char *const argv[], char *const *const envp)
cmd_path = argv[1]; cmd_path = argv[1];
cmd_argv = argv + 1; cmd_argv = argv + 1;
fprintf(stderr, "Executing the sandboxed command...\n");
execvpe(cmd_path, cmd_argv, envp); execvpe(cmd_path, cmd_argv, envp);
fprintf(stderr, "Failed to execute \"%s\": %s\n", cmd_path, fprintf(stderr, "Failed to execute \"%s\": %s\n", cmd_path,
strerror(errno)); strerror(errno));