Re: [RFC v2 00/10] Landlock LSM: Unprivileged sandboxing

From: Pavel Machek
Date: Sat Sep 24 2016 - 03:45:46 EST


On Tue 2016-09-20 19:08:23, Mickaël Salaün wrote:
>
> On 15/09/2016 11:19, Pavel Machek wrote:
> > Hi!
> >
> >> This series is a proof of concept to fill some missing part of seccomp as the
> >> ability to check syscall argument pointers or creating more dynamic security
> >> policies. The goal of this new stackable Linux Security Module (LSM) called
> >> Landlock is to allow any process, including unprivileged ones, to create
> >> powerful security sandboxes comparable to the Seatbelt/XNU Sandbox or the
> >> OpenBSD Pledge. This kind of sandbox help to mitigate the security impact of
> >> bugs or unexpected/malicious behaviors in userland applications.
> >>
> >> The first RFC [1] was focused on extending seccomp while staying at the syscall
> >> level. This brought a working PoC but with some (mitigated) ToCToU race
> >> conditions due to the seccomp ptrace hole (now fixed) and the non-atomic
> >> syscall argument evaluation (hence the LSM hooks).
> >
> > Long and nice description follows. Should it go to Documentation/
> > somewhere?
> >
> > Because some documentation would be useful...
>
> Right, but I was looking for feedback before investing in documentation. :)

Heh. And I was hoping to learn what I'm reviewing. Too bad :-).

Pavel
--
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html

Attachment: signature.asc
Description: Digital signature