[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20240820191436.GD2898@kernel.org>
Date: Tue, 20 Aug 2024 20:14:36 +0100
From: Simon Horman <horms@...nel.org>
To: Tahera Fahimi <fahimitahera@...il.com>
Cc: outreachy@...ts.linux.dev, mic@...ikod.net, gnoack@...gle.com,
paul@...l-moore.com, jmorris@...ei.org, serge@...lyn.com,
linux-security-module@...r.kernel.org, linux-kernel@...r.kernel.org,
bjorn3_gh@...tonmail.com, jannh@...gle.com, netdev@...r.kernel.org
Subject: Re: [PATCH v10 1/6] Landlock: Add abstract UNIX socket connect
restriction
On Mon, Aug 19, 2024 at 10:08:51PM -0600, Tahera Fahimi wrote:
> This patch introduces a new "scoped" attribute to the landlock_ruleset_attr
> that can specify "LANDLOCK_SCOPED_ABSTRACT_UNIX_SOCKET" to scope
> abstract UNIX sockets from connecting to a process outside of
> the same Landlock domain. It implements two hooks, unix_stream_connect
> and unix_may_send to enforce this restriction.
>
> Closes: https://github.com/landlock-lsm/linux/issues/7
> Signed-off-by: Tahera Fahimi <fahimitahera@...il.com>
...
> diff --git a/security/landlock/task.c b/security/landlock/task.c
...
> @@ -108,9 +110,134 @@ static int hook_ptrace_traceme(struct task_struct *const parent)
> return task_ptrace(parent, current);
> }
>
> +/**
> + * domain_is_scoped - Checks if the client domain is scoped in the same
> + * domain as the server.
> + *
> + * @client: IPC sender domain.
> + * @server: IPC receiver domain.
nit: @scope should be documented here.
> + *
> + * Return true if the @client domain is scoped to access the @server,
nit: Kernel doc returns sections start with "Return:" or "Returns:".
It might be worth using that syntax here.
> + * unless the @server is also scoped in the same domain as @client.
> + */
> +static bool domain_is_scoped(const struct landlock_ruleset *const client,
> + const struct landlock_ruleset *const server,
> + access_mask_t scope)
...
Powered by blists - more mailing lists