We should be able to control access to file metadata (e.g. chmod, chgrp, setxattr, getxattr, utime). Some path-based LSM hooks enable to control a subset of these modifications, but we should provide users a safe and simple way to group these accesses, like with the following access rights:
LANDLOCK_ACCESS_FS_READ_METADATA: read any file/dir metadata;
LANDLOCK_ACCESS_FS_WRITE_SAFE_METADATA: change file times, user xattr;
LANDLOCK_ACCESS_FS_WRITE_UNSAFE_METADATA: interpreted by the kernel, mostly xattr/chmod/chown that could change non-Landlock DAC or MAC, which could be considered as a policy bypass, or other various xattr that might be interpreted by filesystems. This should be denied most of the time.
We should be able to control access to file metadata (e.g.
chmod
,chgrp
,setxattr
,getxattr
,utime
). Some path-based LSM hooks enable to control a subset of these modifications, but we should provide users a safe and simple way to group these accesses, like with the following access rights:LANDLOCK_ACCESS_FS_READ_METADATA
: read any file/dir metadata;LANDLOCK_ACCESS_FS_WRITE_SAFE_METADATA
: change file times, user xattr;LANDLOCK_ACCESS_FS_WRITE_UNSAFE_METADATA
: interpreted by the kernel, mostly xattr/chmod/chown that could change non-Landlock DAC or MAC, which could be considered as a policy bypass, or other various xattr that might be interpreted by filesystems. This should be denied most of the time.This work depends on #9.
See https://lore.kernel.org/all/Ywpw66EYRDTQIyTx@nuc/