| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20250131163447.1140564-1-mic@digikod.net> Date: Fri, 31 Jan 2025 17:34:44 +0100 From: Mickaël Salaün <mic@...ikod.net> To: Christian Brauner <brauner@...nel.org>, Günther Noack <gnoack@...gle.com> Cc: Mickaël Salaün <mic@...ikod.net>, Charles Zaffery <czaffery@...lox.com>, Daniel Burgener <dburgener@...ux.microsoft.com>, Francis Laniel <flaniel@...ux.microsoft.com>, James Morris <jmorris@...ei.org>, Jann Horn <jannh@...gle.com>, Jeff Xu <jeffxu@...gle.com>, Kees Cook <kees@...nel.org>, Luca Boccassi <luca.boccassi@...il.com>, Mikhail Ivanov <ivanov.mikhail1@...wei-partners.com>, Praveen K Paladugu <prapal@...ux.microsoft.com>, Robert Salvet <robert.salvet@...lox.com>, Shervin Oloumi <enlightened@...gle.com>, Tyler Hicks <code@...icks.com>, linux-kernel@...r.kernel.org, linux-security-module@...r.kernel.org Subject: [RFC PATCH v1 0/3] Expose Landlock domain IDs via pidfd Hi, Landlock enables users to create unprivileged nested security sandboxes (i.e. domains). Each of these domains get a unique ID, which is used to identify and compare different domains. With the audit support, these IDs will be used in logs, but users also need a way to map these IDs to processes and directly read domain IDs of arbitrary tasks. pidfd is a reference to a task that enables users to interact with it and read some of its properties with the PIDFD_GET_INFO IOCTL. This patch series extend this interface with two new properties: PIDFD_INFO_LANDLOCK_LAST_DOMAIN and PIDFD_INFO_LANDLOCK_FIRST_DOMAIN. Being able to read tasks' domain IDs is useful for telemetry, debugging, and tests. It enables users: - to know if a task is well sandboxed; - to know which tasks are part of the same sandbox; - to map Landlock audit logs to running processes. Furthermore, thanks to recvmsg(2)'s SCM_PIDFD, it is also possible to reliably identify a peer's sandbox. This patch series is based on the audit support patch series v5: https://lore.kernel.org/all/20250108154338.1129069-1-mic@digikod.net/ I'll talk about this feature at FOSDEM: https://fosdem.org/2025/schedule/event/fosdem-2025-6071-sandbox-ids-with-landlock/ Regards, Mickaël Salaün (3): landlock: Add landlock_read_domain_id() pidfd: Extend PIDFD_GET_INFO with PIDFD_INFO_LANDLOCK_*_DOMAIN samples/landlock: Print domain ID fs/pidfs.c | 24 +++++++++++- include/linux/landlock.h | 26 +++++++++++++ include/uapi/linux/pidfd.h | 4 ++ samples/landlock/sandboxer.c | 29 +++++++++++++- security/landlock/Makefile | 12 ++++-- security/landlock/domain.c | 2 - security/landlock/domain.h | 8 ++-- security/landlock/ruleset.c | 2 + security/landlock/syscalls.c | 75 ++++++++++++++++++++++++++++++++++++ 9 files changed, 169 insertions(+), 13 deletions(-) create mode 100644 include/linux/landlock.h base-commit: a4b76d5e6800121372b88c85628a7867a5fdc707 -- 2.48.1
Powered by blists - more mailing lists