| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20250131.baePeenoo2ik@digikod.net> Date: Fri, 31 Jan 2025 18:35:49 +0100 From: Mickaël Salaün <mic@...ikod.net> To: Christian Brauner <brauner@...nel.org>, Günther Noack <gnoack@...gle.com> Cc: Charles Zaffery <czaffery@...lox.com>, Daniel Burgener <dburgener@...ux.microsoft.com>, Francis Laniel <flaniel@...ux.microsoft.com>, James Morris <jmorris@...ei.org>, Jann Horn <jannh@...gle.com>, Jeff Xu <jeffxu@...gle.com>, Kees Cook <kees@...nel.org>, Luca Boccassi <luca.boccassi@...il.com>, Mikhail Ivanov <ivanov.mikhail1@...wei-partners.com>, Praveen K Paladugu <prapal@...ux.microsoft.com>, Robert Salvet <robert.salvet@...lox.com>, Shervin Oloumi <enlightened@...gle.com>, Tyler Hicks <code@...icks.com>, linux-kernel@...r.kernel.org, linux-security-module@...r.kernel.org, linux-fsdevel@...r.kernel.org, containers@...ts.linux.dev Subject: Re: [RFC PATCH v1 0/3] Expose Landlock domain IDs via pidfd On Fri, Jan 31, 2025 at 05:34:44PM +0100, Mickaël Salaün wrote: > Hi, > > Landlock enables users to create unprivileged nested security sandboxes > (i.e. domains). Each of these domains get a unique ID, which is used to > identify and compare different domains. With the audit support, these > IDs will be used in logs, but users also need a way to map these IDs to > processes and directly read domain IDs of arbitrary tasks. > > pidfd is a reference to a task that enables users to interact with it > and read some of its properties with the PIDFD_GET_INFO IOCTL. This > patch series extend this interface with two new properties: > PIDFD_INFO_LANDLOCK_LAST_DOMAIN and PIDFD_INFO_LANDLOCK_FIRST_DOMAIN. > > Being able to read tasks' domain IDs is useful for telemetry, debugging, and > tests. It enables users: > - to know if a task is well sandboxed; > - to know which tasks are part of the same sandbox; > - to map Landlock audit logs to running processes. > > Furthermore, thanks to recvmsg(2)'s SCM_PIDFD, it is also possible to reliably > identify a peer's sandbox. > > This patch series is based on the audit support patch series v5: > https://lore.kernel.org/all/20250108154338.1129069-1-mic@digikod.net/ That was the v4, here is the v5: https://lore.kernel.org/all/20250131163059.1139617-1-mic@digikod.net/ > > I'll talk about this feature at FOSDEM: > https://fosdem.org/2025/schedule/event/fosdem-2025-6071-sandbox-ids-with-landlock/ > > Regards, > > Mickaël Salaün (3): > landlock: Add landlock_read_domain_id() > pidfd: Extend PIDFD_GET_INFO with PIDFD_INFO_LANDLOCK_*_DOMAIN > samples/landlock: Print domain ID > > fs/pidfs.c | 24 +++++++++++- > include/linux/landlock.h | 26 +++++++++++++ > include/uapi/linux/pidfd.h | 4 ++ > samples/landlock/sandboxer.c | 29 +++++++++++++- > security/landlock/Makefile | 12 ++++-- > security/landlock/domain.c | 2 - > security/landlock/domain.h | 8 ++-- > security/landlock/ruleset.c | 2 + > security/landlock/syscalls.c | 75 ++++++++++++++++++++++++++++++++++++ > 9 files changed, 169 insertions(+), 13 deletions(-) > create mode 100644 include/linux/landlock.h > > > base-commit: a4b76d5e6800121372b88c85628a7867a5fdc707 > -- > 2.48.1 > >
Powered by blists - more mailing lists