netblue30 / firejail

Linux namespaces and seccomp-bpf sandbox
https://firejail.wordpress.com
GNU General Public License v2.0
5.8k stars 567 forks source link

landlock: Leftover from #5315 #5354

Open rusty-snake opened 2 years ago

rusty-snake commented 2 years ago

cc @kmk3 @ChrysoliteAzalea

kmk3 commented 2 years ago

@rusty-snake

Thanks for making a checklist.

To be clear, I still think that reverting #5315 now and letting @ChrysoliteAzalea resubmit it afterwards is the way to go, especially considering the amount of discussions and issues raised.

@ChrysoliteAzalea

In which case, I'd say to feel free to only make the changes that you feel confident in making before resubmitting and to leave the rest for after resubmitting, as we might end up discussing them on the pull request anyway.

kmk3 commented 1 year ago

@netblue30 on Feb 16:

Landlock support.

I'll start by re-merging #5315 from @ChrysoliteAzalea. Probably there will be some small changes. A Linux kernel 5.13 or newer will be detected at run time. Disable the feature and print a warning if the kernel is older.

I had created a landlock_v2 branch and fixed most of the issues in the original PR. It's from a few months back, so it would have to be rebased.

Agreed on the runtime check; I didn't get around to adding it, so we could use your version of it.

The idea would be to rebase the landlock_v2 branch and then open it as a PR. Then after reviewing it with @ChrysoliteAzalea and merging it, we could add the runtime check and other improvements.

Thoughts?

glitsj16 commented 1 year ago

Adding a reminder about Fix spacing & typo in Landlock section of README.md. Might not be needed anymore depending on how #5315 is re-merged.