File presence can be inferred

[gnoack]

From within a Landlock sandbox, it is still possible to infer the presence of files whose name can be guessed by the sandboxed process, even when all file system rights are denied on the affected directory.

Example:

gnoack:/tmp/xxx$ ls
foobar.txt
gnoack:/tmp/xxx$ landlock-restrict -rofiles /proc /usr /bin /etc/ -- /bin/cat foobar.txt
cat: foobar.txt: Permission denied
gnoack:/tmp/xxx$ landlock-restrict -rofiles /proc /usr /bin /etc/ -- /bin/cat nonexistent.txt
cat: nonexistent.txt: No such file or directory
gnoack:/tmp/xxx$ landlock-restrict -rofiles /proc /usr /bin /etc/ -- /bin/ls
ls: cannot open directory '.': Permission denied

Whether this is a bug or intended is up for interpretation.
(But we should probably at least document it more clearly.)

[RazeLighter777]

I think this is a bug, not in the code/implementation but in the documentation. If something isn't documented well, it's a bug :)

A future access right for path walk restrictions could allow users to control this behavior.

But I'd be hesitant to change it as is without a new access right, as it could be considered userspace breakage.

[rusty-snake]

I think this is a bug, not in the code/implementation but in the documentation. If something isn't documented well, it's a bug

https://docs.kernel.org/userspace-api/landlock.html

Warning

It is currently not possible to restrict some file-related actions accessible through these syscall families: chdir(2), stat(2), flock(2), chmod(2), chown(2), setxattr(2), utime(2), fcntl(2), access(2). Future Landlock evolutions will enable to restrict them.

[rusty-snake]

Related #9 and #11

[rusty-snake]

it is still possible to infer the presence of files whose name can be guessed by the sandboxed process

Not only existence. Metadata like owner, permissions, xattrs, a/mtime, ... can be read and some can be written.

[l0kod]

See discussion: https://lore.kernel.org/all/20260108.ahyiez5eeQua@digikod.net/

it is still possible to infer the presence of files whose name can be guessed by the sandboxed process

Not only existence. Metadata like owner, permissions, xattrs, a/mtime, ... can be read and some can be written.

Absolutely, and this is indeed part of the documentation, but it could probably be improved. Landlock rulesets explicitly handle access rights, there is none for path walk, and this is documented too. I'd like the documentation to not list all non-implemented things, but instead point to the GitHub issues/project and maintain the moving TODOs in these issues. The documentation could extend the warning paragraph, highlighting the fact that non-handled access rights are not restricted...

#9 is the right way to fix it, I have some preliminary work but it's not simple.

Please note that the inability to restrict path inference is also a limitation of other LSMs such as AppArmor and Tomoyo (I'm not sure if this is part of their documentation though), because of path-based hooks limitations.

[l0kod]

It is also important to balance these limitations wrt the ability to control access to data.