Socket type control - Githubissues

l0kod commented 5 months ago

Being able to restrict any kind of socket would definitely be useful for a sandbox.

We could add a new handled_access_socket field to the landlock_ruleset struct, which would contain LANDLOCK_ACCESS_SOCKET_* flags. If this field is set, users could add a new type of rule:

struct landlock_socket_attr {
     __u64 allowed_access;
     int domain; // see socket(2)
     int type; // see socket(2)
}

The allowed_access field could contain:

LANDLOCK_ACCESS_SOCKET_CREATE to control socket creation with socket(2) or,
LANDLOCK_ACCESS_SOCKET_LISTEN to control listen(2) or,
LANDLOCK_ACCESS_SOCKET_ACCEPT to control accept(2) could make sense but we need to align with #15
...

See thread: https://lore.kernel.org/all/b8a2045a-e7e8-d141-7c01-bf47874c7930@digikod.net/

Related to #15

Cc @BoardzMaster

gnoack commented 3 months ago

Just a note on the side, I think this bug would be very useful, because there is a whole bouquet of socket types and associated network protocols which are permitted by default right now. Restricting the call to socket(2) would make it very simple to deny access to the bulk of these protocols for many common use cases.

gnoack commented 2 months ago

https://lore.kernel.org/all/20240408093927.1759381-1-ivanov.mikhail1@huawei-partners.com/

BoardzMaster commented 2 months ago

Hi everyone. Thanks to @sm1ling-knight for this patch!!

BoardzMaster commented 1 month ago

Hi everyone. https://lore.kernel.org/all/20240524093015.2402952-1-ivanov.mikhail1@huawei-partners.com/

landlock-lsm / linux

Socket type control #6