Make it possible to create composable libraries of Landlock rules

[gnoack]

Users should be able to group their own libraries of commonly used rules that are used together

idea:

package llopts

import ...

var SharedLibraries = landlock.GroupRules(
    landlock.RODirs("/usr/lib", "/lib"),
    landlock.RWDirs(os.Getenv("TMPDIR")),
)

// Looking a bit into the future here with Network rules...
var DNSClient = landlock.GroupRules(
    landlock.ROFiles("/etc/hosts"),
    landlock.DialTCP(53),
    landlock.DialUDP(53),
)

(This is just an example -- the details of these rules are not really fleshed out)

[gnoack]

Such a GroupRules meta-rule requires a bit of refactoring... I have been considering the following options:

Option A - fully compatible

Make the PathOpt struct be able to compose itself, e.g.

type PathOpt struct {
  // all the existing fields
  more []PathOpt
}

and extend all its methods accordingly.

• It does not extend nicely to networking if that patch goes in.
• Cannot have llopts.DNS() with a DialTCP() feature -- but it is desirable that the grouping spans both FS rules and Network rules

Option B

Inheritance hierarchy

• Opt (interface)
  • PathOpt (interface)
  • RealPathOpt
  • CompositePathOpt
  • NetOpt (interface)
  • RealNetOpt
  • CompositeNetOpt

=> also no composition across FS and net rules...

Option C - turn types to runtime errors

Rule is the interface for options

type PathOpt = Rule  // for backwards compatibility

func (c *Config) RestrictPaths([]Rule) error
func RWDirs(...) FSRule

Note: RWDirs and friends do not return the actual Rule type, but their returned type is implementing that interface.

Slight API breakage, but probably OK to do for most use cases. The two use cases on Github do something like

var opts []landlock.PathOpt
// repeatedly
opts = append(opts, landlock.RWDirs(...))
landlock.V2.RestrictPaths(opts...)

That would continue to work because people tend to not spell out the return type of RWDirs and friends, and it is compatible with the landlock.Rule (a.k.a. PathOpt) interface.

Known API breakages:

• RWDirs and friends return a different type now, not landlock.PathOpt.
• landlock.PathOpt is not a struct any more and can't be instantiated with landlock.PathOpt{} (It's more of a theoretical concern I think, I don't see why anyone might want to do that.)

Considerations:

• When networking is introduced, RestrictPaths() and RestrictNet() will both use the same argument type Rule -- the error checking for the type of rule will need to happen at runtime. (But there is anyway already some error checking happening for wrong rules, e.g. rules with rights specified which are not handled in the ruleset -- so clients already have to deal with such cases anyway.)

[gnoack]

I am strongly leaning towards C, but will let it sink a little bit before committing.

[gnoack]

Work is happening on the options branch https://github.com/landlock-lsm/go-landlock/commits/options