From: "Mickaël Salaün" <mic@digikod•net>
To: Andy Lutomirski <luto@amacapital•net>
Cc: LKML <linux-kernel@vger•kernel.org>,
Alexei Starovoitov <ast@kernel•org>,
Arnd Bergmann <arnd@arndb•de>,
Casey Schaufler <casey@schaufler-ca•com>,
Daniel Borkmann <daniel@iogearbox•net>,
Daniel Mack <daniel@zonque•org>,
David Drysdale <drysdale@google•com>,
"David S . Miller" <davem@davemloft•net>,
Elena Reshetova <elena.reshetova@intel•com>,
James Morris <james.l.morris@oracle•com>,
Kees Cook <keescook@chromium•org>, Paul Moore <pmoore@redhat•com>,
Sargun Dhillon <sargun@sargun•me>,
"Serge E . Hallyn" <serge@hallyn•com>,
Will Drewry <wad@chromium•org>,
Kernel Hardening <kernel-hardening@lists•openwall.com>,
Linux API <linux-api@vger•kernel.org>,
LSM List <linux-security-module@vger•kernel.org>,
Network Development <netdev@vger•kernel.org>
Subject: Re: [RFC v2 00/10] Landlock LSM: Unprivileged sandboxing
Date: Thu, 25 Aug 2016 15:57:29 +0200 [thread overview]
Message-ID: <57BEF949.6090808@digikod.net> (raw)
In-Reply-To: <CALCETrW98g_x0US92+Qq8gkN1N+y21rjSXcGBR7nRd1hWU7AgQ@mail.gmail.com>
[-- Attachment #1.1: Type: text/plain, Size: 1810 bytes --]
On 25/08/2016 13:05, Andy Lutomirski wrote:
> On Thu, Aug 25, 2016 at 3:32 AM, Mickaël Salaün <mic@digikod•net> wrote:
>> Hi,
>>
>> This series is a proof of concept to fill some missing part of seccomp as the
>> ability to check syscall argument pointers or creating more dynamic security
>> policies. The goal of this new stackable Linux Security Module (LSM) called
>> Landlock is to allow any process, including unprivileged ones, to create
>> powerful security sandboxes comparable to the Seatbelt/XNU Sandbox or the
>> OpenBSD Pledge. This kind of sandbox help to mitigate the security impact of
>> bugs or unexpected/malicious behaviors in userland applications.
>>
>
> Maybe I'm missing an obvious description, but: do you have a
> description of the eBPF API to landlock? What function do you
> provide, when is it called, what functions can it call, what does the
> fancy new arraymap do, etc?
>
> --Andy
>
The eBPF context is described in "[RFC v2 06/10] landlock: Add LSM hooks".
The provided eBPF functions are described in "[RFC v2 08/10] landlock:
Handle file system comparisons"
(bpf_landlock_cmp_fs_prop_with_struct_file and
bpf_landlock_cmp_fs_beneath_with_struct_file) and "[RFC v2 09/10]
landlock: Handle cgroups" (bpf_landlock_cmp_cgroup_beneath). The
function descriptions are summarized in include/uapi/linux/bpf.h .
This functions can be called by an eBPF program of type
BPF_PROG_TYPE_LANDLOCK_FILE_OPEN, BPF_PROG_TYPE_LANDLOCK_FILE_PERMISSION
and BPF_PROG_TYPE_LANDLOCK_MMAP_FILE as described in "[RFC v2 06/10]
landlock: Add LSM hooks".
I tried to split the commits as much as possible to ease the review. The
"[RFC v2 10/10] samples/landlock: Add sandbox example" may help to see
the whole picture.
Hope this helps,
Mickaël
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 455 bytes --]
next prev parent reply other threads:[~2016-08-25 13:57 UTC|newest]
Thread overview: 66+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-08-25 10:32 [RFC v2 00/10] Landlock LSM: Unprivileged sandboxing Mickaël Salaün
2016-08-25 10:32 ` [RFC v2 01/10] landlock: Add Kconfig Mickaël Salaün
2016-08-25 10:32 ` [RFC v2 02/10] bpf: Move u64_to_ptr() to BPF headers and inline it Mickaël Salaün
2016-08-25 10:32 ` [RFC v2 03/10] bpf,landlock: Add a new arraymap type to deal with (Landlock) handles Mickaël Salaün
2016-08-25 10:32 ` [RFC v2 04/10] seccomp: Split put_seccomp_filter() with put_seccomp() Mickaël Salaün
2016-08-25 10:32 ` [RFC v2 05/10] seccomp: Handle Landlock Mickaël Salaün
2016-08-25 10:32 ` [RFC v2 06/10] landlock: Add LSM hooks Mickaël Salaün
2016-08-30 18:56 ` Andy Lutomirski
2016-08-30 20:10 ` Mickaël Salaün
2016-08-30 20:18 ` Andy Lutomirski
2016-08-30 20:27 ` Mickaël Salaün
2016-08-25 10:32 ` [RFC v2 07/10] landlock: Add errno check Mickaël Salaün
2016-08-25 11:13 ` Andy Lutomirski
2016-08-25 10:32 ` [RFC v2 08/10] landlock: Handle file system comparisons Mickaël Salaün
2016-08-25 11:12 ` Andy Lutomirski
2016-08-25 14:10 ` Mickaël Salaün
2016-08-26 14:57 ` Andy Lutomirski
2016-08-27 13:45 ` Mickaël Salaün
2016-08-25 10:32 ` [RFC v2 09/10] landlock: Handle cgroups Mickaël Salaün
2016-08-25 11:09 ` Andy Lutomirski
2016-08-25 14:44 ` Mickaël Salaün
2016-08-26 12:55 ` Tejun Heo
2016-08-26 14:20 ` Andy Lutomirski
2016-08-26 15:50 ` Tejun Heo
2016-08-26 2:14 ` Alexei Starovoitov
2016-08-26 15:10 ` Mickaël Salaün
2016-08-26 23:05 ` Alexei Starovoitov
[not found] ` <20160826230539.GA26683-+o4/htvd0TDFYCXBM6kdu7fOX0fSgVTm@public.gmane.org>
2016-08-27 7:30 ` Andy Lutomirski
2016-08-27 18:11 ` Alexei Starovoitov
[not found] ` <20160827181153.GB38754-+o4/htvd0TDFYCXBM6kdu7fOX0fSgVTm@public.gmane.org>
2016-08-28 8:14 ` Andy Lutomirski
2016-08-27 14:06 ` [RFC v2 09/10] landlock: Handle cgroups (performance) Mickaël Salaün
[not found] ` <57C19E6E.6040908-WFhQfpSGs3bR7s880joybQ@public.gmane.org>
2016-08-27 18:06 ` Alexei Starovoitov
2016-08-27 19:35 ` Mickaël Salaün
[not found] ` <57C1EB72.2050703-WFhQfpSGs3bR7s880joybQ@public.gmane.org>
2016-08-27 20:43 ` Alexei Starovoitov
2016-08-27 21:14 ` Mickaël Salaün
2016-08-28 8:13 ` Andy Lutomirski
2016-08-28 9:42 ` Mickaël Salaün
2016-08-30 18:55 ` Andy Lutomirski
2016-08-30 20:20 ` Mickaël Salaün
[not found] ` <57C5EAA3.5090901-WFhQfpSGs3bR7s880joybQ@public.gmane.org>
2016-08-30 20:23 ` Andy Lutomirski
2016-08-30 20:33 ` Mickaël Salaün
[not found] ` <57C5ED9B.3040303-WFhQfpSGs3bR7s880joybQ@public.gmane.org>
2016-08-30 20:55 ` Alexei Starovoitov
[not found] ` <20160830205552.GB71063-+o4/htvd0TDFYCXBM6kdu7fOX0fSgVTm@public.gmane.org>
2016-08-30 21:45 ` Andy Lutomirski
2016-08-31 1:36 ` Alexei Starovoitov
[not found] ` <20160831013605.GB75654-+o4/htvd0TDFYCXBM6kdu7fOX0fSgVTm@public.gmane.org>
2016-08-31 3:29 ` Andy Lutomirski
2016-08-27 14:19 ` [RFC v2 09/10] landlock: Handle cgroups (netfilter match) Mickaël Salaün
[not found] ` <57C1A159.3040905-WFhQfpSGs3bR7s880joybQ@public.gmane.org>
2016-08-27 18:32 ` Alexei Starovoitov
2016-08-27 14:34 ` [RFC v2 09/10] landlock: Handle cgroups (program types) Mickaël Salaün
2016-08-27 18:19 ` Alexei Starovoitov
2016-08-27 19:55 ` Mickaël Salaün
[not found] ` <57C1F015.1000301-WFhQfpSGs3bR7s880joybQ@public.gmane.org>
2016-08-27 20:56 ` Alexei Starovoitov
2016-08-27 21:18 ` Mickaël Salaün
2016-08-25 10:32 ` [RFC v2 10/10] samples/landlock: Add sandbox example Mickaël Salaün
2016-08-25 11:05 ` [RFC v2 00/10] Landlock LSM: Unprivileged sandboxing Andy Lutomirski
2016-08-25 13:57 ` Mickaël Salaün [this message]
2016-08-27 7:40 ` Andy Lutomirski
2016-08-27 15:10 ` Mickaël Salaün
2016-08-27 15:21 ` [RFC v2 00/10] Landlock LSM: Unprivileged sandboxing (cgroup delegation) Mickaël Salaün
2016-08-30 16:06 ` [RFC v2 00/10] Landlock LSM: Unprivileged sandboxing Andy Lutomirski
2016-08-30 19:51 ` Mickaël Salaün
2016-08-30 19:55 ` Andy Lutomirski
2016-09-15 9:19 ` Pavel Machek
2016-09-20 17:08 ` Mickaël Salaün
[not found] ` <57E16D07.4050301-WFhQfpSGs3bR7s880joybQ@public.gmane.org>
2016-09-24 7:45 ` Pavel Machek
2016-10-03 22:56 ` Kees Cook
2016-10-05 20:30 ` Mickaël Salaün
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=57BEF949.6090808@digikod.net \
--to=mic@digikod$(echo .)net \
--cc=arnd@arndb$(echo .)de \
--cc=ast@kernel$(echo .)org \
--cc=casey@schaufler-ca$(echo .)com \
--cc=daniel@iogearbox$(echo .)net \
--cc=daniel@zonque$(echo .)org \
--cc=davem@davemloft$(echo .)net \
--cc=drysdale@google$(echo .)com \
--cc=elena.reshetova@intel$(echo .)com \
--cc=james.l.morris@oracle$(echo .)com \
--cc=keescook@chromium$(echo .)org \
--cc=kernel-hardening@lists$(echo .)openwall.com \
--cc=linux-api@vger$(echo .)kernel.org \
--cc=linux-kernel@vger$(echo .)kernel.org \
--cc=linux-security-module@vger$(echo .)kernel.org \
--cc=luto@amacapital$(echo .)net \
--cc=netdev@vger$(echo .)kernel.org \
--cc=pmoore@redhat$(echo .)com \
--cc=sargun@sargun$(echo .)me \
--cc=serge@hallyn$(echo .)com \
--cc=wad@chromium$(echo .)org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox