forked from torvalds/linux
-
Notifications
You must be signed in to change notification settings - Fork 10
Open
Description
Maybe I missed something and there's a better way, but it seems like you can't create an empty ruleset or restrict to an empty one to deny all (further) access.
Doesn't works with an fd of 0 and not aware of a magic value for fd which could instead work:
landlock_restrict_self(0, 0) = -1 EBADFD (File descriptor in bad state)
And creating an empty ruleset:
landlock_create_ruleset({handled_access_fs=0, handled_access_net=0, scoped=0}, 24, 0) = -1 ENOMSG (No message of desired type)
landlock_create_ruleset(NULL, 0, 0) = -1 EFAULT (Bad address)
(strace output, tested on Linux 6.12.31)
By the way at least 2 cases where an empty ruleset can make sense:
- Programs which only processes base/inherited accesses (environment variables, arguments, stdin/stdout/stderr, passed fds, …). Filters inside of pipelines or as child process being probably the most sensitive of those.
- Programs which are done configuring & setting up and shouldn't access further files (rather typical of long-lived user & system programs like dæmons)
Reactions are currently unavailable
Metadata
Metadata
Assignees
Labels
No labels